Cyber ​​threats to manufacturing plants are growing

• Modern production is no longer about isolated halls full of machines, but a complex network of interconnected IT systems.
• The manufacturing industry is currently the most common target of ransomware attacks , with 29 percent of all reported cases occurring in this sector.
• The effects of such attacks can be immediate and very real – from halted production lines to disrupted supply chains to nationwide disruptions.

In modern plants, IoT (Internet of Things) sensors track everything from temperature to pressure, artificial intelligence makes decisions about stopping machines, and cloud platforms manage work around the world.

These systems are built for efficiency, but if you trust the wrong people or systems—or don’t test them thoroughly—the consequences can be dire. Employee well-being, product quality, and even public safety can suffer.

It's time to forget about walls and bridges: the era of isolation-based protection is over

For years, companies protected their systems like medieval castles—all they had to do was build a “wall” around the network, and everything inside was considered safe. But those days are long gone. Today, that approach not only doesn’t work—it’s downright dangerous.

Modern production is no longer isolated halls full of machines, but a complex network of connected systems. IT and OT technologies (i.e. those that control physical devices) work closely together, data circulates between devices, and external companies increasingly connect directly to the production infrastructure.

Artificial intelligence makes decisions in real time, and digital twins simulate the operation of entire factories. Each such connection is a potential "window" through which a cyber threat can "enter." And cybercriminals know this very well.

The manufacturing industry is currently the most common target of ransomware attacks – according to data from consulting firm CheckPoint Research, 29% of all reported cases are related to this sector. The effects of such attacks can be immediate and very real – from halted production lines, through broken supply chains, to problems on a national scale.

An example of this is the April 2025 power outage in Spain and Portugal that paralyzed trains, hospitals, and factories. While a cyberattack was not confirmed, the incident clearly demonstrated the scale of the consequences of a single point of failure.

Protecting production systems, or trusting no one

- In the case of production systems that are responsible for key sectors - from food and drug production to energy and defense - the stakes are huge. In an environment where every second of operation and absolute security counts, one thing must be assumed: every device and every person can be a potential threat. That is why we focus on the "zero trust" approach - that is, zero trust. We do not assume that anything in the system is safe by definition. Everything must be verified - from the user, to the machine and every connection between them - said Paweł Worożyszczew, Director of Production Solutions at DXC Technology Polska.

The concept of zero trust is based on one very simple principle: never trust, always verify. This approach works like a series of questions we learn in school: who? what? when? where? why?. In a zero trust world, every user, every device, and every application must answer these questions every time before they are allowed into the system.

In an industrial environment, this means more than just verifying people. Machines must also have an identity. For example, a PLC – the heart of many manufacturing processes – should only accept commands from trusted applications or authorized engineers. Additionally, each system should operate according to the principle of least privilege – both people and machines can only do what they have explicit permission to do.

And everything that happens in the system should be automatically logged – so that you can always check who did what and why. This not only strengthens security, but also facilitates compliance with regulations and a quick response in the event of an incident.

The problem is not only production, but also energy and health care.

What is happening in industry today is also visible in other industries – finance, healthcare, energy. Wherever physical devices are digitally controlled, the same problem occurs: the risk of cyberattack has real, often serious consequences. Examples? Hospital ventilators, water supply networks, or payment terminals – if they are attacked, the consequences can be much more serious than just data loss.

- That is why the "zero trust" approach is becoming increasingly important - not only in factories, but in entire organizations. At DXC, we see that our clients from various industries understand one thing: security is not just the task of the IT department - comments Paweł Worożyszczew.

He admits that implementing a zero trust model is not easy, especially in environments based on legacy systems that were built decades ago and were not designed with such advanced controls in mind. There can be challenges, such as differences between IT and OT teams, and budgets are often limited.

But inaction can cost much more: production downtime, having to pay ransom after an attack, reputational damage, fines for non-compliance, and most importantly – a threat to human safety.