The Spanish manufacturing industry has become one of the favorite targets of cybercrime due to its high dependence on technology and the strategic value of its activity. According to the cybersecurity company ESET, To combat them, it is essential to observe both standards and good security practices. online, from network segmentation to vulnerability management. In this way, companies in the sector will achieve real cyber resilience in IT/OT environments.
The cost of an attack for companies in this type of sector is no longer only measured in data loss, but also in production stops, supply chain interruptions and million-dollar losses. In Europe, the most recent analyzes by ENISA, published this month of October, dedicated in the region to cybersecurity, place the manufacturing sector among those that register the greatest impact of ransomware incidents.
This reinforces the need to establish specific continuity and response controls. Additionally, the report highlights that ransomware actors are increasing their attacks targeting the manufacturing sector, as they recognize it as a high-value target within critical sectors.
In Spain, the impact of these attacks has already become visible in recent incidents. The attack against Aceros Olarra in September of this year forced it to interrupt part of its activity. This joins other previous ones in companies such as Damm or Hero, which confirms that the threat suffered by industries in their plants is real and increasing.
Recommendations to deal with cyber attacks
Given this situation, ESET warns of the urgency of reinforcing digital security in a sector that is critical for the Spanish economy, in a framework in which many manufacturers continue to see cybersecurity only as a compliance requirement, and which leads them to comply with the minimum to pass audits, but which is not enough to face current threats, such as ransomware.
For ESET, the appropriate approach is to treat cybersecurity as a critical business risk, at the same level as occupational safety or quality control, so company management must be involved in this, as emphasized by the NIS2 directive on governance.
But the industrial reality adds another challenge to the panorama. Much of the technology in operation was designed to last decades, making it difficult to renew even if the systems are left unsupported. These devices, which are essential for key processes, expand the attack surface due to old protocols and insecure configurations. For many industrial SMEs, the question is no longer upgrading, but when the potential cost of a digital security incident will exceed that of modernizing infrastructure.
Much of the Industry 4.0 debate focuses on OT protection, but the most common attack entry point is still IT: phishing, stolen credentials, or compromised third-party software. Manufacturing is especially vulnerable to them, because any production stoppage has a great economic impact.
Supply chains increase risk and often the IT teams they have in these types of companies are usually small. To this we must add the value of intellectual property, such as designs and prototypes, that these companies usually have. Everything makes the sector a target for digital espionage.
ESET’s recommendations for real cyber resilience for these companies, in line with good cybersecurity practices and the NIS2 directive, are the following: actionable threat intelligence, prioritizing defenses against ransomware tactics, supply chain vulnerabilities and persistent threats; continuous supervision with monitoring of endpoints, servers and cloud, and extending visibility to the OT environment when possible; segmentation and access control through the separation of critical systems, identity management with the principle of least privilege and the activation of multi-factor authentication.
In addition, the adoption of vulnerability management routines is also recommended, with patching automation, periodic firmware reviews and prioritization by exposure. Secure backups are essential, with offline backups and frequent restoration tests to reduce the impact of a ransomware attack; as well as the adoption and use of a notification and response system. For the latter, it is necessary to prepare procedures and responsibilities to meet the NIS2 deadlines (24 and 72 hours, and one month), and undertake due diligence in the event of an investigation or sanction.
He use of advanced technologiessuch as XDR (Extended Detection and Response), or even MDR (Managed Detection and Response) services allows manufacturersespecially the smaller ones, have a comprehensive defense and expert supervision 24/7 without the need to have your own operations center. With this, the sector can maintain a preventive posture and guarantee the continuity of activity even in an environment of increasing threats.
