Cybersecurity in the Manufacturing Sector: how to defend your company from cyber attacks
Cyber Security in the Manufacturing Sector: the scenario
The manufacturing sector is increasingly becoming a target for cybercriminals. According to the latest Clusit Report, the manufacturing sector has seen its share of total recorded incidents rise from 6% in 2024 to 8% in the first half of 2025, moving from seventh to fourth place in the ranking. In this case, in just one semester the sector has reached 90% of the total incidents recorded throughout the whole of 2024.
Specifically, the report highlights that at a global level, in the first half of 2025 alone the number of attacks has already matched the total number recorded in the entire year 2024 (213 versus 236), confirming a significant percentage increase.
Cybercrime remains the primary form of attack, accounting for 94% of cases, with financial gain as the dominant motive.
More specifically, Ransomware attacks have declined significantly, mainly due to the spread of Zero-Day attacks. On the other hand, the most concerning figure is the 20% increase (almost triple) in the number of attacks exploiting known and unpatched vulnerabilities.
The Convergence of IT Security and OT Security
One of the challenges the manufacturing sector must deal with is the convergence between IT security and OT security.
OT technology refers to the systems and devices used to control production processes and physical operations within factories. These may include devices such as sensors, automation systems, and industrial machinery.
IT technology encompasses traditional computer systems used for data management, communication, and administrative operations within the company.
The increase in interconnectivity resulting from the Industry 4.0 paradigm has led to a rise in the number of intelligent machines that process and communicate a vast amount of data.
Each machine is connected to the network via IoT sensors, providing a potential entry point for intrusion into the company’s IT system.
The interconnection between these two worlds, if managed insecurely, can create significant vulnerabilities.
For instance, a targeted IT attack could serve as a gateway to compromise OT systems, jeopardizing production and employee safety.
To mitigate these risks, SMEs should adopt the following measures:
- Network segmentation: Virtually separating different parts of our corporate network to ensure that an attack on one part cannot compromise the entire network. This means that even if one area of the network is compromised, other areas remain protected.
- Access control implementation: limiting access to OT and IT systems only to authorized personnel can reduce the risk of compromise by unauthorized individuals. Implementing multi-factor authentication and enforcing least privilege, i.e., restricting employee access only to resources and information necessary for their job, can help ensure that only individuals with the appropriate level of authorization can access critical systems.
- Continuous monitoring: implementing continuous monitoring systems for OT and IT networks and devices allows companies to promptly detect any anomalies or suspicious activities. Early detection can help limit damage and take corrective measures quickly.
- Regular updates and patching: Keeping OT and IT systems up-to-date with the latest security patches is crucial to protect SMEs from known vulnerabilities and attack methods. Patches fix security flaws in software and devices, making it harder for cybercriminals to exploit them for malicious purposes.
The interconnection between OT and IT systems in the manufacturing sector offers opportunities for efficiency and innovation but also presents significant cyber security challenges.
SMEs must adopt a proactive strategy to protect their systems and data by implementing robust security measures such as network segmentation, access control, continuous monitoring, and regular updates.
Only through a holistic approach to cyber security can SMEs effectively protect their operations and ensure business continuity in today’s increasingly complex digital landscape.
Compliance with NIS2 and OT Cybersecurity
With the entry into force of the NIS2 Directive, security requirements traditionally applied to IT environments are extended to and formally recognized for OT environments as well, establishing at a regulatory level the convergence between these two domains.
By requiring the adoption of an enterprise-wide risk management approach, the NIS2 Directive compels organizations to dismantle operational silos and to treat the security of networks and information systems (IT) and that of industrial control systems (OT) as a single risk domain.
A SIEM helps monitor and document activities to ensure compliance with security standards and the requirements imposed by NIS2:
It generates detailed reports that simplify audit procedures and demonstrate regulatory compliance.
It identifies and documents security gaps, enabling organizations to take corrective actions.
It facilitates incident management and the implementation of remediation activities to restore operational continuity.
It reduces the mean time to detect anomalies in the OT network.
This represents a major opportunity to rethink the corporate approach to cybersecurity and to reduce the existing gap between IT and OT network security.
Defining an integrated strategy at the governance and management level is a strategic move that enables manufacturing companies to significantly improve their operational continuity and resilience, while gaining a competitive advantage.
SIEM features for OT Security
Security Information and Event Management (SIEM) is a fundamental technology for enhancing the security of Operational Technology (OT) systems.
SIEM capabilities enable the collection, analysis, and correlation of security data in real-time, providing a comprehensive view of threats and vulnerabilities.
Data collection and centralization
SIEM centralizes the collection of data from various sources, such as network devices, servers, firewalls, and industrial control systems.
This centralization is crucial for OT systems as it allows for a unified view of the security status, reducing the risk of missing critical events that could indicate an attack or malfunction.
- Collects logs and events in real-time, facilitating the immediate identification of anomalies.
- Monitors suspicious activities, such as unauthorized access or configuration changes, that could compromise security.
Event correlation & Analysis
One of the main features of SIEM is its ability to correlate events and logs from different sources. This correlation helps identify patterns of abnormal behavior that might not be evident when analyzed individually.
- Analyzes data to identify correlations between events, such as unauthorized access followed by a configuration change.
- Uses machine learning algorithms to enhance threat detection, continuously adapting to new attack patterns.
Incident Response
SIEM not only detects threats but also facilitates a rapid and coordinated response. When a security event is identified, the system can generate alerts and notifications for the security team, enabling timely intervention.
- Automates response actions, reducing the time needed to contain and mitigate incidents.
- Provides tools for incident management, enabling effective collaboration among security team members.
Compliance Management
OT systems often need to comply with stringent regulations. SIEM helps monitor and document activities to ensure compliance with security standards and regulations.
- Generates detailed reports that simplify audit procedures and demonstrate regulatory compliance.
- Identifies and documents security gaps, allowing organizations to take corrective measures.
Noise reduction and efficiency enhancement
Another significant advantage of SIEM is its ability to reduce alert “noise” by filtering out irrelevant events. This is particularly useful in OT systems, where operations must remain efficient and uninterrupted.
- Establishes filters to focus on significant events, reducing alert fatigue among security personnel.
- Improves operational efficiency by monitoring not only threats but also system performance, facilitating predictive maintenance and resource management.
Defend Your Business with SGBox
The SGBox Next Generation SIEM & SOAR Platform is the modular and scalable solution capable of adapting to the specific security needs of SMEs.
SGBox combines the Security Information and Event Management (SIEM) functionalities of collecting, correlating, and analyzing security information with the Security Orchestration, Automation, and Response (SOAR) functionalities.
Its adoption enables setting up a proactive defense strategy against cyber threats, thanks to in-depth analysis and timely detection of dangers that could compromise the integrity of OT and IT systems.