Operational technology networks. Product designs. Supply chain data. Manufacturers hold exactly the assets industrial espionage actors, ransomware groups, and foreign adversaries target most — and SMB manufacturers are the least defended against all three.
In 2018, Norsk Hydro was hit by LockerGoga ransomware that encrypted servers across 22,000 workstations in 40 countries, halting aluminum production lines and forcing the company to shut down IT systems at multiple plants. Total losses exceeded $71M. The initial entry point was a phishing email to a finance employee. SMB manufacturers face the same threat landscape — with thinner margins and no dedicated security team.
A specialty parts manufacturer lost 12 years of proprietary design files when a sales manager clicked a phishing email with a fake RFQ attachment. The malware exfiltrated CAD files, bill-of-materials documents, and process specs before IT caught the intrusion. The competitor who received the data won three contracts in the following year. Trade secret misappropriation under the DTSA requires demonstrating reasonable security measures — documented training is the foundation.
Operational technology networks (PLCs, SCADA, industrial control systems) were historically air-gapped — no longer. Modern manufacturing requires MES integration, remote monitoring, and supplier portals that connect OT to corporate IT, and from there to the internet. Phishing emails to plant managers and engineering staff are the primary path into those networks. A compromised plant floor network can shut down production, alter production parameters, or exfiltrate proprietary process data.
Attackers compromise a software vendor, ERP integration partner, or raw material supplier — then use that trusted relationship to phish the manufacturer. A regional auto parts supplier was breached through a compromised ERP update that arrived via an email from their logistics software vendor. The update installed a backdoor that gave attackers access to pricing, inventory, and sub-tier supplier data — all of which was used in a subsequent extortion attempt.
The Defend Trade Secrets Act (DTSA) creates federal civil cause of action for trade secret misappropriation — and the most common exfiltration path is a phishing email or compromised employee credentials. NIST Cybersecurity Framework (CSF) provides the baseline controls that cyber insurance underwriters and government contractors now require. For DoD suppliers, CMMC (Cybersecurity Maturity Model Certification) is flowing down to every tier — even SMBs handling CUI must demonstrate compliance. State breach notification laws cover any breach of employee PII, customer data, or proprietary manufacturing specs. One documented training program hits all four.
"A production engineer received an email that looked like a firmware update notification from our automation vendor. He was about to install it — then he stopped. He had just come from a SecurEveryone session. He escalated it to IT, and they confirmed it was a spoofed update designed to install a backdoor. Our entire OT network would have been exposed."
— Plant Manager, Precision Parts Manufacturer
"We lost a contract to a competitor who somehow had our proprietary process specifications. We never proved how they got it — but after SecurEveryone, our IT director found a dormant rule in our mail server that had been forwarding messages for six months. The phishing campaign that planted it came from a fake vendor inquiry. We trained everyone on exactly that scenario."
— Director of Operations, Specialty Components Manufacturer
"Our cyber insurance renewal required documented security awareness training. We thought it was a checkbox — but the session surfaced three things our IT team had missed: an expired service account with admin rights, a shared login for our MES platform, and a vendor portal with no MFA. We fixed all three before the policy renewed."
— IT Director, Tier-2 Automotive Supplier
Air-gapping is increasingly rare in modern manufacturing and is largely aspirational rather than actual. MES systems, remote monitoring tools, ERP integrations, supplier portals, and engineering workstations all create connections between OT and corporate IT — and from there to the internet. Even when air-gapping is maintained for some systems, the people who manage them (plant managers, controls engineers, automation specialists) are fully connected via email and remote access tools. Phishing targets them, not the PLCs. Our session covers OT-specific credential hygiene and social engineering awareness for every role that touches production systems.
It’s more relevant, not less. Attackers specifically target SMB manufacturers because they know there’s no dedicated security team. Your team of generalists is exactly the population that needs to recognize the initial phishing email, flag a suspicious vendor communication, and know when to escalate — because the attacker is counting on no one being there to catch them. One trained employee who recognizes a phishing email prevents the incident that would have consumed your entire IT team for three weeks.
CMMC Level 2 requires documented security awareness training for all employees who handle CUI (Controlled Unclassified Information). Even if you’re not yet at CMMC Level 2, the NIST SP 800-171 controls that CMMC assesses include phishing awareness ('Training: Awareness' — CA.1) as a foundational requirement. Our training provides documented completion records, content aligned to NIST CSF and the CMMC practices, and specific guidance on the threat vectors most relevant to manufacturing environments — not generic IT security content.
The Defend Trade Secrets Act (DTSA) allows you to sue for misappropriation — but plaintiff’s counsel will look for whether you had “reasonable measures” to protect the information. Documented cybersecurity training is one of the most direct pieces of evidence that reasonable measures were in place. Beyond legal liability: insider-adjacent breaches (former employees with active credentials, staff who fall for phishing) are the most common breach source in manufacturing. Training your team is the first and most cost-effective control — and a documented training program is your best defense in any post-breach legal proceeding.
Vendor email compromise — attackers impersonating your software vendors, logistics partners, or raw material suppliers — is one of the fastest-growing attack vectors for manufacturers. We cover vendor credential hygiene, how to spot a spoofed vendor email, and the verification protocols your team should have in place before approving software updates, payment changes, or access requests from vendors. Our Business session includes a vendor communication verification checklist specifically for manufacturing environments.
Take our free Phishing IQ Quiz to benchmark your team's awareness in 5 minutes — or book a 15-minute consult with one of our instructors.