Legacy systems, looming threats

            As small to mid-sized (SMB) manufacturers continue using legacy systems, cyber-attack risks increase.
            Aging and non-updated operating systems as well as industrial control systems without modern security
            controls leave known cyber exploits vulnerable, creating a significant operational and financial risk. Threat
            actors, primarily ROI-driven cybercriminals, exploit these dated systems’ vulnerabilities with the specific
            goal of financial gain through ransom payment as manufacturers scramble to get impacted systems back
            online. Deloitte reports that 34 of the 39 most popular IoT exploits took advantage of vulnerabilities that
            had been present for over three years.

            A  recent  World  Economic  Forum  survey  highlights  an  125%  annual  increase  in  the  global  cost  of
            cyberattacks  in  the  manufacturing  industry,  with  ransomware  playing  a  role  in  71%  of  incidents.  As
            attacks  grow  in  frequency  and  sophistication,  the  financial  and  operational  stakes  continue  to  rise.
            Beyond immediate ransom payments, manufacturers face costly downtime, supply chain disruptions,
            regulatory fines, and reputational damage that can have long-term consequences.

            For SMB manufacturers operating on tight margins, these attacks can be devastating, halting production
            and eroding customer trust. The reliance on IoT-connected devices has increased the risk, as outdated
            security  protocols  leave  critical  infrastructure  exposed.  Without  proactive  security  measures,
            manufacturers  risk  attack  by  cybercriminals  that  have  been  successful  in  extorting  ransoms  in  the
            manufacturing sector.



            Smaller size, not lower risk

            While many small and medium-sized businesses think that they are too small for cyberattacks, reality
            and data say otherwise. Taking advantage of a false sense of security, smaller companies often put off
            implementing cybersecurity controls due to limitation of resources missing crucial steps like encryption
            and data file backup. As a result, the manufacturing industry lags behind other sectors in cyber maturity.
            Implementing best practices for safeguarding is crucial for manufacturers.



            The importance of maintaining good cybersecurity hygiene

            For manufacturers, regular cybersecurity training is crucial and should be an ongoing initiative and a top
            organizational priority. Despite this, a Deloitte report found that only 29% of manufacturing companies
            surveyed  have  implemented  appropriate  control  measures  to  mitigate  cyber  risk.  Common  threats,
            including malware, phishing emails, credential theft, and ransomware attacks, continue to burden the
            manufacturing industry, emphasizing the need for established training programs.

            Incorporating  interactive  exercises,  real-world  scenarios,  and  periodic  simulated  attacks  to  assess
            employee responses ensures that training remains effective and engaging. To build a cyber-resilient
            culture,  manufacturers  must  address  employees’  reluctance  to  report  suspicious  activity  for  fear  of
            repercussions. As such, businesses should maintain cybersecurity hygiene, establishing clear guidelines








                                                                                                            222