Skip to main content

Perspectives Home / INDUSTRY INSIGHTS

Manufacturers Aren’t Just Talking About Modernizing OT Security Anymore. They’re Doing It.

An industry advisor weighs in on the progress and pitfalls of digital transformation in the sector.

An archery target with a dart colored in gradient hitting the bulls-eye center.

Cybercriminals have figured out a basic truth of manufacturing: Unplanned downtime is expensive, and manufacturers will pay big to get back up and running.

It took a major consumer goods manufacturer six weeks to normalize operations at a cost of nearly $600 million after an attack in August 2023.

Unfortunately, it’s a story I hear all too often, and one that is earning manufacturing the dubious honor of being the industry that is most targeted by cyberattacks.

And these attacks aren’t just more prevalent in manufacturing, they cause more damage. The likelihood of a cyberattack shutting down business-critical systems in manufacturing is 44% (compared to 19% in other industries), prompting manufacturers to shell out more than double the industry average in ransom payments. Post-payout, those same companies regain control only to spend even more money to ensure it doesn’t happen again.

“The trendlines all tell the same story: The manufacturing industry is the most targeted by ransomware,” Tim Chase, program director at the Global Resilience Foundation, told Splunk in June 2023. “A manufacturing company, one working against just-in-time deliveries, is very constrained on their ability to withstand downtime and so their likelihood of paying out a ransom is higher than other verticals.”

The days of manufacturers quietly cleaning up after cyberattacks are over, and shareholders and lawmakers are paying attention.

A tipping point in OT security

Manufacturers have long believed that a simple environment, with minimal corporate IT connection, was all the security they needed. And in many ways, this approach made sense at the time. Operational technology (OT) is mission-focused on keeping the production line safe, up and efficient. By keeping OT and industry control systems (ICS) systems autonomous, offline and outside the purview of IT, manufacturers believed they could secure both the carpeted (IT) and concrete (OT) environments.

Then digital transformations on the production line changed everything.

Over the last decade, as manufacturers digitized and integrated OT and ICS systems, they unwittingly let down their guards. Tools that were previously offline and isolated are suddenly supercharged by connections with enterprise IT and a growing pool of external networks.

And even then, the percentage of manufacturers using OT security tools hovered in the single digits.

At first, technology obscurity, air gapped environments and divergence from traditional IT provided a thin veneer of security to systems riddled with potential risks.

Now, interdependent hybrid, on-premises and multicloud technology stacks are becoming the norm. And while these new methodologies increase operational flexibility, they demand deeper and broader data sets to provide insights and faster response times from assets and systems pushed further to the edge.

This push is finally shattering that veneer of security to expose OT and ICS systems ripe with risky access points and dark corners. As one manufacturing CIO lamented to me, “As I deploy more and more technology, it’s less safe. It's actually becoming less resilient.”

Manufacturers who feel the same watch nervously as governments double down on cybersecurity legislation. Directives, including NIS2 in the European Union and new SEC rules in the U.S., threaten to personally hold individual leaders responsible for mismanaged cyberattacks.

All of a sudden, manufacturers who have long relied on obscurity, siloed segmentations and air gapped methodologies are racing to build real, resilient defenses in a transformed manufacturing environment.

From carpet to concrete: How manufacturers are building digital resilience

In pursuit of resilient operations, manufacturers are extending unified visibility operations — the kind previously reserved for corporate IT — onto the factory floor. They're adopting new tools and processes to better identify risks, deploy critical resources, and gain the insights needed to launch defensive pivots and flexible recoveries.

This concept of unified visibility flies in the face of traditional OT security management, but it’s the foundation for digital resilience. Future-focused manufacturers are using sensors and other IoT to collect data from factory operations and provide visibility across the enterprise.

While OT visibility is a major achievement, some manufacturers are taking futureproofing to the next level with centralized IT/OT security operations centers (SOCs). Across offices, inside factories, on premises and in the cloud, IT/OT SOCs unify teams and amplify collective efforts against cyberattacks. Rather than grapple with underused, poorly connected data, teams can more efficiently detect, investigate and respond to threats, with features like automated investigations and risk-based alerting at their disposal.

And that unified approach unlocks all kinds of efficiencies beyond security. Environmental, social and governance (ESG) commitments are easier to prioritize and prove. Comprehensive insights and standardized workflows can prevent or minimize outages. Greater collaboration across silos can mean faster — and more streamlined — time to market.

While most attacks originate in IT, they don’t stay there. It's time for all manufacturing leaders to connect and leverage IT and OT in a unified fight for more secure, efficient operations, from the boardroom to the production line, and everywhere in between.

Related content

DECEMBER 8, 2023

Improving Global Cyber Defense Starts With Trust

Read more Perspectives by Splunk

OCTOBER 6, 2023 • 22 minute watch

Subtle Ransomware Tactics, More Regulation on the Horizon for Security Leaders

Today’s security leaders are facing technical challenges, including a shift to specified, “surgical” ransomware tactics. But as the CISO’s role moves into the spotlight, business-level concerns — like effectively communicating with the board — rise to the top of the priority list.

AUGUST 17, 2023 • 3 minute read

The Security Detail Download: Cyber Threats to the Manufacturing Sector

The manufacturing industry is critical for many economies, and holds plenty of sensitive data — making it a key target for cyber attacks. Tim Chase, Program Director at the Global Resilience Federation, joins the podcast to discuss the threats he’s seeing.

AUGUST 8, 2023 • 5 minute read

Why Shared Storytelling Is Key for a Strong Cybersecurity Community

How a single-day event inspired a group of infosec pros to write about their experiences.

Get more perspectives from security, IT and engineering leaders delivered straight to your inbox.