IT security in production: How manufacturing could secure the digitalisation of production

Digitalised manufacturing makes processes more transparent, workflows more efficient and supports companies in the continuous improvement of products. Digitalisation can reduce energy consumption, maintain supply chains in a stable manner even in difficult times, reduce unproductive downtime and relieve the workforce of time-consuming routine tasks. However, Industry 4.0 also makes manufacturing companies a target for cybercriminals.

This is so because every digital interface – be it on the machine, in administration or in construction – is also a potential gateway for hackers. Ransomware, advanced persistent threats or social engineers, industrial espionage or botnets: The Federal Office for Information Security has recorded more attacks on German companies in all sectors in 2022 than ever before. Particular targets of the attackers are small and medium-sized enterprises!
In this article, you will learn which current threats are pressurising SMEs and how production can be cost-effectively and reliably secured.

These 4 attack methods are particularly popular in 2022


A wrong click on an actually harmless-looking email is enough – and a small programme with major consequences has already taken root in the company's network. Completely unnoticed by the employees and unfortunately also often by the protection software used, the program spreads – until the cyberattacker in the background gets the signal that the "endgame", i.e. their mission objective, has been reached. From one moment to the next, the affected company is "locked out", access to the data in the network is no longer possible, business operations are interrupted. Access to the data is only possible after paying a ransom – and only if the cybercriminals actually deactivate the ransomware ("extortion software") after receiving the payment.

Advanced Persistent Threats

Advanced Persistent Threats (APT) are characterised by the fact that a well-trained, mostly state-funded attacker moves undetected in the networks of a company over a longer period of time and can thus conduct sabotage or espionage tasks. Trade or business secrets, special manufacturing processes or research results are thus passed unnoticed into the hands of others. In addition to large corporations, it is mainly highly specialised SMEs or "hidden champions" that are targeted by APTs. The attacks are extremely professionally organised and are therefore usually detected much too late or not at all.

Social Engineering

In IT security, humans are regarded as the biggest weak point. Social engineers also know this and use their methods and tactics to specifically target human characteristics in order to gain access to protected networks within a company. When the management calls and releases a payment to an account, the person called usually executes this order without further enquiry. This is only fatal if the voice of the supposed superior has been digitally faked and the money ends up on the account of cybercriminals. The friendly service technician, who has to fix "a hardware defect in the server room", is let through by the reception – especially if the person can identify themself. However, if the "service technician" is a social engineer, he has simultaneously gained access to all important and critical areas of the IT infrastructure within the company.

Phishing is an invented term composed of the English "password" and "fishing". Phishing is an attempt to convince people to enter access data, financial data or sensitive information via fake emails, text messages or websites. In some cases, the counterfeits are perfectly implemented – from the logo to the personal salutation of the recipient to websites that are an exact replica of the original. If victims fall for phishing attackers, the consequences are almost impossible to assess. Access data ends up on lists in the darknet that can be conveniently "bought" by other cybercriminals for further attacks, tapped trade secrets can be used for blackmail or expensive purchases are made via the business account.

Large companies are upgrading – and where are the SMEs?

Large manufacturing companies have responded to the threat situation in many cases. With an in-house SIEM (Security Information and Event Management), systems are implemented that make activities of all kinds visible within the network – and enable companies to respond to cyber threats in real time. SIEM offers the possibility to react to incidents in IT with a holistic view. If a cyberattack was successful, in-house IT forensic experts set to work, identify artefacts of the attack, assign traces to possible perpetrators and thus offer the optimal basis for asserting claims for damages against insurance companies or directly identifying the attacker.

All this costs money – a lot of money. In addition to setting up a company's own IT security infrastructure and using powerful tools for cyber defence, it is above all the personnel costs that make in-house solutions unaffordable for most small and medium-sized production companies. A SIEM team of highly trained, expert IT security specialists can easily cost a six- to seven-figure sum annually – just for salaries; provided the labour market offers free capacities because there is also an absolute shortage of skilled workers in IT security.

Cybercriminals know full well that SMEs often have at best rudimentary protection against cyberattacks – and at the same time are forced by the competitive situation to digitally restructure their manufacturing. Small and medium-sized production companies thus become an attractive target for attacks. This is a state of affairs that must not be accepted!

How even SMEs can reliably secure their digital production on a small budget 

The good news right at the start: Reliable all-round protection against cyber threats can also be implemented in a company without its own IT security teams! With the two modules "IT Security Awareness" and "Security-as-a-Service", even companies with a limited budget can respond to cyberattacks.

IT Security Awareness is an elementary security measure that can – and should – be implemented in every company. The term describes behavioural changes in all employees of a company, the creation of a problem awareness for cybersecurity and the motivation to increase the cybersecurity of the entire company through one's own daily actions in the workplace. As already mentioned, the interface between "man and machine" is a popular because mostly unprotected, gateway for cyberattackers. This gateway can be closed by regular training, safety instruction and by involving all employees in existing IT processes. If all employees, from the operators to the management, know how to detect fraudulent emails, prevent password theft through phishing and unmask social engineers, a big step towards cyber resilience of the entire company will have been taken.

Security-as-a-Service is the term for IT security measures that are outsourced to external, specialised service providers. With customisable modules, cybersecurity can be implemented and adapted to the needs of the respective company. In our opinion, "Threat Hunting" – the proactive hunt for cybercriminals in the corporate network – is particularly recommendable here. Specialists can monitor your in-house network around the clock and 365 days a year. Attacks are thus detected at an early stage, and countermeasures can be initiated even before damage occurs. Well-known, renowned IT security service providers include Allgeier secion or Secuinfra. Both service providers offer customised security solutions and flexibly scalable cost models. 


Digitalisation brings immense competitive advantages to manufacturing companies. The interconnectivity of machines and systems also offers cybercriminals the opportunity to extend their dark machinations to production. Going online without protection is a completely silly idea – what applies in the private sphere also applies in the professional environment. After all, where there is a loophole, there is a hacker. The damage after a cyberattack can be of an economic nature, damage the good reputation or threaten the existence of the entire company through the loss of company secrets. With consistent training and safety instruction, the "human risk factor" in particular can be transformed into a "human safety factor". Even on a small budget, the portfolio of security measures can be supplemented by external service providers who provide all-round protection for the networks.