Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Leadership and ManagementLogical SecurityCybersecurity NewsTransportation/Logistics/Supply Chain/Distribution/ Warehousing

9 ways to protect manufacturing from ransomware

By Lila Kee
manufacturing-security-fp1170x658.jpg

Image from Freepik

November 8, 2022

Ransomware continues to cause havoc across the manufacturing industry. In 2021, for example, ransomware accounted for 23% of cyberattacks. Threat actors understand the critical role manufacturing and energy businesses have in global supply chains. A single ransomware attack could take just 11 seconds, and tapping into these organizations can have a ripple effect across a number of industries. 


Security researchers at cybersecurity firm Dragos announced that while there is evidence of a slight decrease in ransomware attacks on industrial systems following the shutdown of the Conti ransomware group in Q2, several attacks had devastating effects. Case in point: the LockBit ransomware group attacked a Foxconn factory in Mexico in May, which forced a weeks-long closure at the company. 


On average, a ransomware attack could cost $4.54 million, and that’s not taking into consideration the additional downtime cost. And this is likely to be why manufacturing, and those with operational technology (OT) networks especially, are attractive targets to ransomware attackers. In 2021, 36% of attacks on OT-connected organizations were ransomware. 


What can manufacturing businesses do to prevent ransomware attacks and limit their impact? Here are nine ways.


1. Train Your Employees on Cybersecurity

Ransomware attacks are predominately delivered by phishing campaigns, and this doesn’t just include emails - operations that added phone calls were three times more effective. According to a report by Verizon, 82% of data breaches involve a human element; therefore, training your employees on the types of cybersecurity attacks, associated threats and how to guard against them will help decrease the likelihood of an attack.


2. Backup Your Data and Have a Recovery Plan In Place

Backing up your data regularly won’t prevent an attack from occurring, but it will minimize the damage caused and give the best chance to help a business recover from ransomware. Don’t forget to protect the backup from other cyber threats too.


3. Conduct Regular Patching and Updates on Software Used Within The Company

Attackers will, more often than not, find entry points to company systems through software vulnerabilities. While developers will generally actively search for these vulnerabilities and release patches for them, 60% of companies don’t patch their systems on a regular basis. But by patching and updating the software regularly, businesses can strengthen and safeguard against any potential weaknesses. 


4. Have the Appropriate Insurance In Place

Cyberattacks like ransomware are not covered under a traditional business policy. Instead, it will be a dedicated cyber insurance policy. Cybersecurity insurance policies may help cover the financial losses that result from cyber threats and help with other costs the business may incur with remediation, including legal assistance, investigators, crisis communications and customer credits and refunds.


5. Implement or review your Bring Your Own Device (BYOD) Policy

According to ProofPoint’s State of Phish report, 74% of survey respondents said they use one or more of their own devices for work-related purposes. If your employees are using their own devices, consider implementing a BYOD policy, and if you have one already in place, review it for potential vulnerabilities. 


6. Invest In Password Security and Multi-Factor Authentication

Usernames and passwords, also known as single-factor authentication methods, are no longer a sufficient security control measure. Many tools, such as password generators and password managers, are available to help manage and maintain the number of login details; however, it is also worth considering investing in 2nd Factor Authentication (2FA) as an additional layer of security. There are several types of 2FA, such as SMS, digital certificates based on PKI technology, biometrics, and soft and hardware tokens, to name a few. There are pros and cons with each method that should be evaluated on a number of factors, including usability, cost, and risk of breach.


2FA provides an additional layer of protection by requiring the user to provide additional credentials, which is becoming even more popular as more and more corporate recourses are being accessed outside the network perimeter. Additionally, as privacy laws and high-stakes B2C applications come online, 2nd-factor authentication credentials are becoming more the norm than the exception.


7. Secure Your Emails with S/MIME

Many social engineering tactics are used to execute a ransomware attack, but more than 90% are performed through phishing emails. Organization emails can be protected with a protocol called S/MIME. 


S/MIME uses Public Key Infrastructure (PKI) technology and can protect emails that are sent from your company in three main ways; by providing strong assurances when backed by a trusted Certificate Authority of the sender’s identity protecting the communication’s confidentiality while in transit on mail servers through the use of encryption and message integrity through validation processes that can ensure the message wasn’t altered. 


8. Complete regular security audits

An internal and external security audit should be conducted on a regular basis to continuously monitor activity, assets and deployment of technologies to contain threats. Each audit will be unique to an individual organization, and the following list is not exhaustive of all the options that should be covered. Reviews should include; data security, operational security, network security, system security and physical security.


9. Have an Incident Response Plan and Team in Place

So far in this article, we have covered the ways in which you can actively put procedures and technologies in place to limit the likelihood of a ransomware attack from occurring, but what happens if your organization does fall victim and become infected?


Having an Incident Response Plan (IRP) in place will reduce the impact of how such an attack affects the business. The IRP should be drafted, by a chief information security officer (CISO) or by a committee (also known as the Incident Response Team (IRT)), in preparation for such an attack and rehearsed. 


Cybersecurity measures against ransomware are essential

Last year, for the first time since 2016, manufacturing was the most attacked industry, with ransomware being the number one attack type. With the number of manufacturing organizations growing annually by approximately 3.8% (on average), it is essential to introduce cybersecurity measures. Should an unfortunate event occur, and your organization does become infected with ransomware, all the above steps should help to minimize the impact. 

KEYWORDS: cyber security incident response manufacturing ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Lila Kee is the Americas General Manager and Chief Product Officer for GlobalSign. She is based out of the company’s U.S. headquarters in Portsmouth, New Hampshire.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Colorful laptop

    4 Ways to Protect Networks from Botnets Before It’s Too Late

    See More
  • ransomware

    How to Protect Your Organization from Ransomware

    See More
  • convergence freepik

    Four ways SMBs can protect themselves from cybersecurity threats

    See More

Related Products

See More Products
  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing