The Cyber Blindspot

You can't defend what you can't see.

Vince Stoffer
Jul 10, 2025
Industrial Concept Metamorworks

Modern manufacturing thrives on automation and connectivity. From smart sensors on factory floors to cloud-connected supply chains, these advances are creating previously impossible opportunities – not just for manufacturers, but for adversaries looking to exploit exposed systems. 

It’s no coincidence that manufacturing has become the most targeted industry for cyberattacks, accounting for over more than a quarter of incidents. Ransomware, in particular, has surged: in Q2 2024 alone, according to one report, manufacturers made up 29 percent of publicly extorted victims globally, marking a 56 percent year-over-year spike. 

Manufacturing In the Crosshairs

What makes manufacturers such an appealing target? Their growing digital footprint presents opportunity, but it’s the sector’s sensitivity to downtime that makes them a high-leverage target for attackers, who can exploit that sensitivity for faster and larger ransoms. 

For an automotive manufacturer, even a single hour offline can cost $2.3 million – that’s almost $40,000 per minute. Manufacturing breaches are also among the costliest. Last year, the average breach in the industrial sector reached $5.56 million – up $830,000 from the year prior. And when attackers go after intellectual property or sensitive data, the long-tail impact can be even more severe. 

Despite this risk profile, many manufacturers struggle with one of the most basic principles of cybersecurity: network visibility. 

That means knowing what’s happening across your network at any given moment – being able to observe and record traffic flows, identify anomalies, and understand whether activity is expected or suspicious. Unlike traditional corporate environments, manufacturers must secure sprawling, hybrid networks – ones that span IT systems, Operational Technology (OT) equipment, legacy infrastructure, and a growing web of third-party vendors. These environments are notoriously difficult to monitor, and bad actors know it.

Quiet Threats, Loud Consequences

The most damaging cyber threats today don’t kick down the proverbial front door. Instead the attackers slip quietly through side entrances, often waiting for weeks or months before taking action. Attackers can use compromised credentials or vendor access to move laterally within a network, avoid detection, and strike only when they’re confident they have established a foothold which can cause maximum disruption. This stealthy approach is what makes ransomware so destructive in industrial settings. 

Traditional security tools aren’t always built to detect this kind of slow-moving, internal threat activity. They may be unable to separate normal user behavior from malicious activity and miss the early behavioral signals that could have generated alerts to prevent  an attack from advancing. That’s why visibility into real-time network behavior has become a strategic priority.

My company partnered with a Fortune 250 steel manufacturer—one of the largest in the world. When they came to us, they had already deployed a wide range of solutions, including next-gen firewalls and anti-virus email filters, and an open source network traffic analysis program. However, as they upgraded their internet connection from 1GB to 10GB, they grew concerned that their systems wouldn’t be able to capture all of the network data.  

We assisted them in replacing their traffic monitoring with a single, high-performance sensor without a massive overhaul. Now, they have information on all network sessions and can identify attacks and anomalous behavior earlier in the attack lifecycle, giving them time to remediate before a serious incident occurs. In other words, the upgrade gave their security team the visibility and context to act decisively, with precision, and in a timely manner. 

Questions Every Manufacturer Should Be Asking

As environments grow more complex and interconnected, so do the paths adversaries can take. Manufacturers need to ask themselves how confident they are that they’ll see a threat coming before it costs them millions in downtime, lost trust, or regulatory fallout.

If you’re unsure where you stand, start with these questions:

  • Can you detect unusual internal cyber activity before it impacts production?
  • Are your security tools helping your team focus or just flooding them with alerts?
  • Do you know what “normal” looks like on your network so you can spot when something’s wrong?
  • Are your network visibility tools being upgraded at the same pace as your operations and connectivity demands? 

What you don't see can – and will – hurt you. Getting ahead of threats starts with knowing exactly what’s happening in your environment, not just hoping you’ll find out in time.

Vincent Stoffer is the Field CTO at Corelight, a provider of Network Detection and Response (NDR) solutions. 

Latest in Operations
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
July 11, 2025
President Donald Trump talks to workers as he tours U.S. Steel Corporation's Mon Valley Works-Irvin plant, Friday, May 30, 2025, in West Mifflin, Pa.
U.S. Manufacturers Stuck in Rut Despite Subsidies from Biden, Protection from Trump
July 14, 2025
I Stock 1446844899
Time Runs Out for 99-Year-Old Michigan Clock Company
July 11, 2025
Sustainability, Economics
How Europe’s Clean Industry Deal Could Impact Global Manufacturing
July 11, 2025
Related Stories
Giant wind turbine blades for the Vineyard Winds project are stacked on racks in the harbor, July 11, 2023, in New Bedford, Mass.
Operations
GE Vernova to Pay $10.5M Settlement After Wind Turbine Blade Broke Apart
I Stock 1446844899
Operations
Time Runs Out for 99-Year-Old Michigan Clock Company
The South Carolina State House in Columbia, South Carolina.
Operations
International Manufacturers Bet Big on South Carolina's Economic Future
Today in Manufacturing Podcast
Sponsor Content
Today in Manufacturing Podcast
More in Operations
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
Today in Manufacturing has a new podcast brought to you by the editors of Industrial Media. In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward.
July 11, 2025
President Donald Trump talks to workers as he tours U.S. Steel Corporation's Mon Valley Works-Irvin plant, Friday, May 30, 2025, in West Mifflin, Pa.
Operations
U.S. Manufacturers Stuck in Rut Despite Subsidies from Biden, Protection from Trump
One economist said the industry is likely to suffer a recession in the coming year.
July 14, 2025
I Stock 1446844899
Operations
Time Runs Out for 99-Year-Old Michigan Clock Company
Tariffs and market shifts spell doom for a legendary clock company's legacy.
July 11, 2025
Sustainability, Economics
Redzone
How Europe’s Clean Industry Deal Could Impact Global Manufacturing
There are a lot of moving parts, taking manufacturing in some challenging directions.
July 11, 2025
Giant wind turbine blades for the Vineyard Winds project are stacked on racks in the harbor, July 11, 2023, in New Bedford, Mass.
Operations
GE Vernova to Pay $10.5M Settlement After Wind Turbine Blade Broke Apart
The company blamed a manufacturing problem.
July 11, 2025
The South Carolina State House in Columbia, South Carolina.
Operations
International Manufacturers Bet Big on South Carolina's Economic Future
Global manufacturers converge on South Carolina, sparking economic transformation.
July 11, 2025
Maintain X
Operations
MaintainX Raises $150M to Transform Asset Management, Industrial Operations with AI
A human-AI collaboration approach converts maintenance from reactive to proactive.
July 11, 2025
The Missouri Capitol in Jefferson City, June 30, 2025.
Operations
Missouri Governor Repeals Paid Sick Leave Law Approved Last Year by Voters
But Missouri voters could get a second chance.
July 11, 2025
Germany-based Butting, a global stainless steel pipe manufacturer, plans to establish its North American headquarters and first United States production facility in Baldwin County, Alabama as part of a $61 million growth project.
Operations
German Steel Pipe Maker Picks Alabama for HQ, Production Facility
The $61 million project looks to create 100 jobs.
July 11, 2025
I Stock 686756190
Home
Sumitomo Expands, Adds Jobs in Kentucky to Make Electric Wiring Harnesses
The company plans to add new equipment to make electrical connectors for the auto industry.
July 10, 2025
Operations
Leah Askarinam
July 10, 2025
Elon Musk, who owns Twitter, Tesla and SpaceX, speaks at the Vivatech fair Friday, June 16, 2023 in Paris. Vivatech is Europe's biggest startup and tech event.
Operations
Tesla Announces November Meeting Under Pressure from Shareholders, but May Still Be Skirting Law
The meeting has the potential to be a raucous event.
July 10, 2025
Checkpoint Mexico Building
Operations
American RFID Provider Opens New Factory in Mexico
The company expects the $40 million investment to create 100 jobs.
July 10, 2025
A shelf of Kellogg's Frosted Flakes cereal at a market in Homestead, Pa., Feb. 24, 2025.
Operations
Ferrero Plans to Buy Cereal Maker WK Kellogg for $3.1B
The agreement includes manufacturing, marketing and distribution of Kellogg's cereals.
July 10, 2025
Nvidia CEO Jensen Huang attends a round table discussion at the VivaTech fair dedicated to innovation and startups in Paris, Wednesday, June 11, 2025.
Operations
Chipmaker Nvidia Becomes Most Valuable Company in the World at $4 Trillion
Nvidia's market value was below $600 billion two years ago.
July 9, 2025