Create a free Industrial Equipment News account to continue

Ransomware Defense Starts with Your Vendors

Manufacturers face over 1,500 attacks per week, here are five steps to help improve defenses.

Eric Hensley
Apr 30, 2026
Ransomware

Manufacturing has ranked as the most targeted sector for ransomware attacks four years in a row and the pressure is intensifying. Manufacturers now face roughly 1,585 attacks per week, a figure that has climbed 30 percent year over year. These incidents are part of a sustained campaign against an industry that attackers see as both accessible and high value.

Most security efforts still focus on plant-floor systems and internal infrastructure. Attackers are getting around them by using third-party relationships to gain access, then moving across connected systems where detection is slow, and response is even slower. Breaches will continue to increase until manufacturers redirect their attention to where risk actually exists. 

The Door Was Already Open

Modern manufacturing depends on an ecosystem of vendors, suppliers, and service providers.  Every one of those relationships involves some degree of access to systems, networks, or sensitive data.

Consider what happened to Volvo Group North America in 2025. The commercial truck and equipment manufacturer confirmed a breach traced back to Conduent, a third-party business services provider in its network. Attackers gained access to employee names, Social Security numbers, health insurance data and medical information. Volvo's own infrastructure was never directly compromised.     

Volvo’s story isn't unique. Across manufacturing, vendors and contractors at every tier of the supply chain create the same risk: access into larger organizations with fewer controls around it. Smaller partners often don’t have the same security resources, and that exposure goes unmonitored.  Attackers don't need to break through a hardened perimeter when a trusted partner opens the door for them.

Connected by Design, Exposed by Default

Digital transformation has reshaped how manufacturing environments run, connecting IT systems with operational technology (OT) across the floor. This improves efficiency, but it also expands the attack surface. 

With IT and OT tightly linked, attackers who get in face fewer barriers to moving deeper into the environment. Many of the IoT devices embedded across these operations are deployed and maintained by third- or fourth-party vendors. They often sit outside centralized risk programs, even though their technology is core to daily operations. 

Deloitte found that while 90 percent of manufacturers say they have detection capabilities in place for cyber events, very few have extended that monitoring into OT environments. Many OT systems were built decades ago, and often no longer receive support or updates. 

Modernizing them means taking production offline, which is downtime manufacturers can’t afford. The irony is that avoiding that disruption creates a far worse one. When ransomware reaches these systems, production stops anyway, orders go unfulfilled, and the damage spreads fast through every operation connected to them.

A Different Kind of Defense

Knowing where the threat lives is only useful if it changes how organizations respond. A mature third-party risk program puts that into practice through the following steps: 

  • Start with your vendor inventory. Know who your vendors are and who their vendors are. Start by mapping every relationship that touches your systems, including the indirect ones, to gain the visibility needed to make informed decisions about where risk lives across the supplier base.
  • Treat cybersecurity as a vendor requirement. Evaluate vendor security practices before granting access and set expectations in contracts as a non-negotiable condition of doing business.
  • Move from point-in-time assessments to continuous monitoring. A vendor that looked secure while onboarding may look very different a year later. Regular auditing and ongoing monitoring of third parties is what keeps programs current with how those relationships evolve over time.
  • Use TPRM technology to scale what manual processes can't. Managing third-party risk across hundreds of vendor relationships can't be done through spreadsheets and siloed systems. A centralized, purpose-built platform consolidates risk data and processes into one place, giving teams the coordination and control needed to manage third-party risk across the extended enterprise.
  • Make third-party risk a business priority. IT, OT, procurement and leadership all need shared accountability for managing vendor risk. When that responsibility sits with one team, critical gaps form across the others. 

Ransomware continues to succeed in manufacturing because the threat has evolved faster than the programs designed to stop it. The steps above aren't complex. But they require an honest accounting of where risk actually lives across the full supply chain.

Manufacturers who get it right will build the kind of resilience that modern manufacturing demands: one that accounts for every vendor, every connection, and every system that stands between their operations and the next attack.

Latest in Supply Chain
Building Your Multi-Mode Freight Strategy
Sponsored
Building Your Multi-Mode Freight Strategy
June 10, 2026
A customer at a gas station in Lincolnshire, Ill., June 8, 2026.
Higher Prices for Gas, Groceries Will Likely Outlast Iran War
June 17, 2026
A motorboat passes anchored vessels in the Strait of Hormuz off Bandar Abbas, Iran, June 11, 2026.
Even With Deal to Reopen the Strait of Hormuz, It Could Take Weeks for Oil Flow to Recover
June 16, 2026
Pedestrians walk past a poster showing slain Iranian Supreme Leader Ayatollah Ali Khamenei, left, and the late revolutionary founder Ayatollah Khomeini, Islamic Revolution square, Tehran, June 14, 2026.
U.S., Iran Reach Initial Deal to End War, Open Strait of Hormuz
June 15, 2026
Related Stories
I Stock 1348286558
Supply Chain
Tariff Refunds Are Here. Here’s How to Take Action
Ep543
Supply Chain
First Brands Pauses 345 Layoffs as Accounting Scandal Unfolds
Matt Garman, CEO of AWS, left, speaks next to Denise Dresser, chief revenue officer of OpenAI, at a What's Next with AWS event Tuesday, April 28, 2026, in San Francisco.
Supply Chain
Amazon Touts 'Major Expansion' with ChatGPT-Maker OpenAI
How to Save Big on Water and Energy in Your Facility
Sponsor Content
How to Save Big on Water and Energy in Your Facility
More in Supply Chain
Bringing the Power of Video AI Tools to the Plant Floor
Sponsored
Bringing the Power of Video AI Tools to the Plant Floor
Video AI agents uncover production floor risks, including missing PPE, idle workstations and operational bottlenecks.
June 5, 2026
A customer at a gas station in Lincolnshire, Ill., June 8, 2026.
Supply Chain
Higher Prices for Gas, Groceries Will Likely Outlast Iran War
Even after oil starts flowing again, it could take awhile for consumers to see a difference.
June 17, 2026
A motorboat passes anchored vessels in the Strait of Hormuz off Bandar Abbas, Iran, June 11, 2026.
Supply Chain
Even With Deal to Reopen the Strait of Hormuz, It Could Take Weeks for Oil Flow to Recover
The price of oil dropped, but questions remained about when and how it would start flowing again.
June 16, 2026
Pedestrians walk past a poster showing slain Iranian Supreme Leader Ayatollah Ali Khamenei, left, and the late revolutionary founder Ayatollah Khomeini, Islamic Revolution square, Tehran, June 14, 2026.
Supply Chain
U.S., Iran Reach Initial Deal to End War, Open Strait of Hormuz
Iranian and U.S. officials will hold meetings this week before the deal is signed.
June 15, 2026
Loading Med Trans Truck Scaled
Supply Chain
Medline Activates 'Network Contingency Plan' After Blaze Destroys Warehouse
Product distribution previously supported by the Tracy facility has been reassigned.
June 12, 2026
I Stock 2221066291
Supply Chain
Appeals Court Says Government Can Keep Collecting 10% Tariffs for Now
The case could be headed to the Supreme Court.
June 12, 2026
A ship is docked, Jan. 15, 2026, at PortMiami in Miami.
Supply Chain
Producer Prices Spike in Largest Yearly Jump Since 2022
Core wholesale prices rose 4.9% year-over-year.
June 11, 2026
The Gordie Howe Bridge is shown under construction between Windsor, Ontario and Detroit, May 22, 2026.
Supply Chain
Opening of Canada-U.S. Bridge in Detroit Delayed
Officials said they would take time to resolve "outstanding issues."
June 11, 2026
I Stock 1169572096
Supply Chain
Amazon Expands Freight Service to Outside Distribution Hubs
The e-commerce giant says its less-than-truckload service can now go to “any type of destination.”
June 10, 2026
A sticker with the image of President Trump points to per-gallon prices for gasoline at a Conoco station in Denver, May 30, 2026.
Supply Chain
Higher Energy Prices Push Inflation Above 4%
Consumer prices rose for a third consecutive month to the highest level in three years.
June 10, 2026
Workers transfer goods from a truck at the Xiaomi logistic center, Beijing, May 29, 2026.
Supply Chain
China’s Exports Jump 19.4% in May
Technology-related shipments remained robust despite impacts from the Iran war.
June 10, 2026
Canadian and American flags on the Gordie Howe Bridge between Windsor, Ontario and Detroit, May 22, 2026.
Supply Chain
New Canadian-built Bridge Across Detroit River Poised to Open
A ribbon-cutting ceremony for the Gordie Howe International Bridge is set for Friday.
June 9, 2026
A United Airlines passenger jet approaches Los Angeles International Airport in Los Angeles, Wednesday, May 20, 2026.
Operations
U.S. Air Carriers Spent $6.5B on Fuel in April
Soaring energy costs could nearly halve profits in 2026.
June 9, 2026
I Stock 1363143742
Supply Chain
Trump Administration Seeks New Path Forward With Tariffs
They’ve turned to an authority that has withstood legal challenges in the past.
June 5, 2026
The coal-burning TransAlta power plant is shown near Centralia, Wash., April 29, 2011.
Supply Chain
Trump Announces $700M to Support Struggling Coal Industry
The funding would support 13 existing plans and help build new ones.
June 5, 2026