Cybersecurity for Manufacturers

Cybersecurity for Manufacturers - TechSolve

Fabricating Undue Risk – Why American Manufacturers Need Specialized Cybersecurity Risk Management

As far as illicit businesses go, cybercrime is arguably both the fastest growing and the most profitable out there.  In fact, 2025 is projected to be a record-setting year for cybercrime, to the tune of over $10.5 trillion in damages worldwide.  If this wasn’t concerning enough, manufacturers are now the most targeted industry for cyberattacks – three years running according to IBM’s X-Force Threat Intelligence Index. This isn’t just an IT issue; cybersecurity for manufacturers is a business-critical risk that every manufacturer must address. 

With that said, you can defend against cyber threats with a robust cybersecurity risk management strategy. To break it all down, we sat down with Steve Gillock, TechSolve’s Director of Cybersecurity and Operational Excellence. On the cybersecurity side, Steve leads a team of cybersecurity analysts specializing in helping clients ensure that their digital infrastructure is safe and secure through compliance to a framework.  

When we asked Steve to help set the stage for our discussion by introducing how cybersecurity in manufacturing is unique, he had this to share: 

“At a high level, there’s nothing inherently different about how cybercrime plays out in manufacturing compared to any other business. From an attacker’s perspective, it’s all about finding a vulnerable path into a company’s digital assets, and then leveraging those assets to extract tangible gain.  The problems lie in the scale of manufacturing businesses and the potential dollar figures involved.”

Driving this point home, Steve gave us some surprising statistics on manufacturing cybercrime:

  • 45% of incidents involved malware attacks
  • 17% of incidents involved ransomware attacks
  • 36% of incidents involved credential harvesting and data theft
  • 39% of incidents were email phishing attacks

“These stats show just how mundane the attacks on manufacturers really are.  People associate phishing emails and stealing passwords with breaking into someone’s personal bank account, not with shutting down an entire large manufacturing organization and holding the whole company at ransom.  What is different – and that is to say, very different – is how we need to protect and insulate manufacturing infrastructure from these threats so that they can stand up to the sheer volume and frequency of attacks they receive.” 

Breaking Down Cybersecurity Risk Management, with a Manufacturing Twist

So how do manufacturers protect themselves? Steve breaks it down into three core concepts: 

  • Cybersecurity – this blanket term refers to the professional discipline of protecting digital systems from criminal and ulterior actions that will ultimately cause increased risk or direct harm to the organization.
  • Cybersecurity Risks – specific vulnerabilities that can be exploited by cybercriminals which must be individually identified, assessed, and rectified. 
  • Cybersecurity Risk Management – bringing the above two terms together, cybersecurity risk management is the ongoing technical practice of continually finding and fixing cybersecurity risks. This is accomplished by applying cybersecurity tools, instruments, processes, and procedures effectively so that attacks do not result in harm to the business.

With these points addressed, Steve shared what makes cybersecurity in manufacturing so complex is the sheer number of unique systems and interconnected networks involved. 

“What makes manufacturing such a challenging frontier is more a matter of the little details, and just how many of them there are to deal with. In our history, I can say that I’ve never seen two identical clients. Every business and their IT systems are different, which means that their cybersecurity risk factors are all unique and all vulnerable to varying degrees.  Making things worse, manufacturers live within a larger digital ecosystem of supplier networks and cloud software platforms, meaning each of these outside elements is a potential path into the business.  So, proper cybersecurity risk management for a manufacturer is an around-the-clock, every-direction-at-once defense built on a combination of tools and people keeping the business safe.” 

The Hidden Threat: Inside-Out Cybersecurity Risks

Most cybersecurity discussions focus on outside-in threats-hackers breaking in from external networks But manufacturers also face inside-out threats, which originate within their own facilities. 

“When we think of manufacturers, we recognize that they have large physical sites, lots of employees, many vendors coming and going, and a whole host of individual technology systems on their equipment, all of which could be a source of an attack from inside of the business. Inside-out attacks look to exploit vulnerability inside of the business and move data out, and this brings a whole other layer into the conversation.”

Examples of inside-out include: 

  • employees removing sensitive data from their workstation via USB drives
  • visiting supplier taking unauthorized photography of confidential data
  • third-party service providers introducing malware on process control systems

In addition, there are many types of internal threats that are not malicious in nature but can result in costly damages all the same, such as an employee unknowingly emailing confidential information to an unauthorized recipient. 

Building Towards World-Class Cybersecurity in Industrial Manufacturing 

While the thought of addressing outside-in and inside-out risks may be daunting, robust cybersecurity risk management is achievable for every manufacturer regardless of size and technological know-how.  Better yet, TechSolve has first-hand evidence that even manufacturers that have not started their cybersecurity journey yet can achieve world-class levels of digital resilience – we know this because we’ve made it happen. 

Through a combination of industry best practices, proprietary processes, and a deep understanding of manufacturing operations, our cybersecurity consulting services equip manufacturers to proactively manage risk and protect their digital assets for manufacturers of all types and sizes and industries. Whether you’re navigating compliance requirements or strengthening your overall security posture, as Steve puts it, the most important step to take on the journey to cybersecurity is the first one:

“Whenever we’re in front of our clients, if they haven’t started addressing cybersecurity risks, we always implore them to start just as soon as possible. Cybersecurity is a real business imperative facing manufacturers. For DoD suppliers specifically, they may not be able to keep their contracts or get new contracts if they do not meet specific requirements.  Beyond that, every manufacturer out there has a need to protect their digital assets and intellectual property against malicious intent.”

Before we let Steve get back to work, we asked a final question: how do manufacturers know if they are at risk of cybersecurity issues to begin with? 

“If you have digital information that could be used against you, you’re at risk – and that’s every business that I know of.  I’m not saying the ways of pen and paper were better, but they were a lot easier to protect!”  

Posted in
TechSolve Logo Icon Square

The TechSolve Team

For more than 40 years, TechSolve has been a trusted partner for manufacturers in Southwest Ohio and beyond. We are committed to making a lasting impact on the manufacturing industry by enabling companies to achieve operational excellence, increase productivity, and stay ahead of the competition. Our success is measured by the success of our clients.

Share This