Data breaches in the manufacturing industry rose 89% year over year, reaching 1,607 confirmed cases in 2025 compared to 849 in 2024, according to Verizon’s DBIR Report. The driver is the increasing connection between IT and OT systems. Files that once stayed within isolated networks, such as CAD designs, predictive maintenance logs, and supplier updates, now move across both environments. Each transfer is a potential entry point. When those files are compromised, the consequence is production downtime, supply chain delays, and compliance failures.
OPSWAT documented five strategies that manufacturers across automotive, pharmaceutical, petrochemical, and agriculture are applying to close these gaps. Three stand out for their immediate impact and the real-world results behind them.
Why Are USB Drives Still a Top Cyber Threat in Manufacturing?
USB drives and portable media remain one of manufacturing’s most persistent cybersecurity risks because they move between departments, contractors, and suppliers without centralized inspection.
For all the sophistication of modern cyber threats, one of the most persistent risks in manufacturing is also one of the simplest: USB drives. Portable media still moves between departments, contractors, and suppliers without centralized inspection. Production teams working under tight deadlines connect devices without a second thought.
Abdi Ibrahim, a global pharmaceutical manufacturer, learned this firsthand. The company had relied on air gapping to protect sensitive data, including pharmaceutical formulations. But portable media kept finding its way in. Their solution was to scan every file at the point of entry. The company now processes more than 18,000 files daily at scanning stations, with no impact on production throughput and full regulatory compliance across its sites.
The lesson extends beyond pharma. Any manufacturer that allows USB drives or external devices into a production environment without inspection is carrying risk that scales with every shift change and every visiting technician.
How Do Third-Party Devices Bypass Manufacturing Security?
Contractor and vendor devices plugged into OT networks without verification bypass every protection in the facility, through inconsistent processes that vary by site.
A contractor shows up for urgent maintenance. The production line is down, and their laptop needs to connect to the OT network immediately. Under time pressure, the device is plugged in without verification. That single decision can bypass every protection in the facility. A global automotive manufacturer faced exactly this problem. Their security setup involved multiple vendors, and the gaps between those systems left critical OT assets exposed. Contractor and vendor devices connected through inconsistent processes that varied by site.
The fix was less about adding technology and more about standardizing the process. By implementing unified device validation with visitor management integration, the company established one repeatable workflow for every external device. The result was stronger threat prevention and less unplanned downtime. More importantly, it removed the judgment call from the individual on the plant floor and replaced it with a consistent, enforceable check.
How Can Manufacturers Secure File Transfers Between IT and OT?
Hardware-enforced one-way data transfer between IT and OT reduces inbound attack risk by allowing monitoring data out while blocking all traffic toward production systems.
Software updates, security patches, and design files need to cross from IT into OT. That is a business requirement, not a choice. But if those transfers bypass inspection, they become the entry point that air gapping was supposed to prevent.
Two cases illustrate how manufacturers are handling this differently. A Vietnamese chemical manufacturer operating a flat, unsegmented network implemented hardware-enforced one-way data transfer between IT and OT. Data could flow out for monitoring and business analysis, but nothing could flow back in toward production systems. The approach eliminated communication vulnerabilities while keeping operations stable.
A Fortune 500 petrochemical company took a similar path when its firewalls reached end of life. Rather than replacing them with another generation of bidirectional controls, the company switched to one-way gateways. The result was a measurable reduction in inbound attack risk and a compliance posture that satisfied regulators.
Manufacturing Cyber Resilience: Four Case Studies
| Manufacturer | Industry | Threat Vector | Solution | Outcome |
| Abdi Ibrahim | Pharmaceutical | Portable media bypassing air gaps | File scanning at every entry point | 18,000 files scanned daily, full regulatory compliance |
| Global automotive OEM | Automotive | Inconsistent processes across sites | Unified device validation with visitor management | Stronger threat prevention, less unplanned downtime |
| Vietnamese chemical company | Chemical | Flat, unsegmented network | Hardware-enforced one-way data transfer | Communication vulnerabilities eliminated |
| Fortune 500 petrochemical | Petrochemical | Firewalls at end of life | One-way gateways replacing bidirectional controls | Inbound attack risk reduced, regulatory compliance satisfied |
OPSWAT documents two additional strategies covering centralized security operations and compliance alignment across frameworks including ISO 27001, IEC 62443, and NIS2. Read the full article for all five.
Sponsored by OPSWAT.
Frequently Asked Questions
1. How much have manufacturing data breaches increased?
Manufacturing data breaches rose 89% year over year, reaching 1,607 confirmed cases in 2025 compared to 849 in 2024, according to Verizon’s DBIR Report. The driver is the increasing connection between IT and OT systems, where files that once stayed within isolated networks now move across both environments.
2. Why are USB drives a cybersecurity risk in manufacturing?
USB drives and portable media move between departments, contractors, and suppliers without centralized inspection, carrying risk that scales with every shift change. Abdi Ibrahim, a global pharmaceutical manufacturer, addresses this by scanning more than 18,000 files daily at entry points with no impact on production throughput.
3. What is one-way data transfer in OT security?
One-way data transfer is a hardware-enforced security approach that allows data to flow from OT to IT for monitoring and business analysis while blocking all traffic toward production systems. Manufacturers use it to eliminate communication vulnerabilities in flat or unsegmented networks.
4. What compliance frameworks cover manufacturing cybersecurity?
Key compliance frameworks for manufacturing cybersecurity include ISO 27001, IEC 62443, and NIS2. OPSWAT documents strategies for centralized security operations and compliance alignment across these frameworks.
