COPENHAGEN, Denmark, June 30, 2026 /PRNewswire/ -- Following a recent increase in publicly reported ransomware and extortion incidents affecting manufacturers and industrial suppliers, Secomea is urging organizations to reassess how third-party remote access is managed across production environments.
In operational technology (OT) environments, third-party remote access is essential for maintenance, troubleshooting, and equipment support. However, as ransomware groups increasingly target manufacturing organizations, security teams are facing growing pressure to balance operational continuity with cybersecurity, compliance, and vendor access control.
"Many organizations focus on keeping attackers out, but far fewer examine how much access is available once someone gets in," said Knud Kegel, CTPO at Secomea. "In manufacturing environments, remote access is essential for keeping operations running. The challenge is making sure that access is controlled, temporary, and visible."
Manufacturers rely on machine builders, system integrators, and service providers to support critical equipment remotely. However, always-on access, shared credentials, and limited oversight can create opportunities for attackers to move through environments once an initial compromise occurs.
While the specific circumstances vary from incident to incident, recent attacks highlight a common challenge: balancing operational access with security and oversight.
According to Secomea, organizations should focus on three areas:
Reduce standing access
Vendor access should be granted only when needed and removed when the task is complete. Limiting access windows reduces the opportunity for misuse, credential abuse, and unauthorized activity.
Improve visibility and accountability
Organizations should be able to see who accessed systems, when they connected, and what actions were performed. Detailed audit trails support investigations, compliance requirements, cyber insurance reporting, and incident response.
Prepare for containment
When suspicious activity is detected, security and operations teams need practical ways to isolate affected assets and prevent disruptions from spreading across production environments.
Effective OT access governance combines least-privilege access, just-in-time vendor access, auditability, and rapid containment to reduce cyber risk while maintaining operational continuity.
These measures have become increasingly important as manufacturers face growing regulatory scrutiny, rising cyber insurance requirements, and continued pressure to maintain operational uptime.
Practical steps for ransomware-ready OT remote access
As manufacturers review their cyber resilience strategies, Secomea recommends assessing whether the following controls and processes are in place:
"The conversation is shifting from simply enabling remote access to governing it," said Knud Kegel. "Manufacturers do not need less connectivity. They need better governance of that connectivity. Organizations that can limit, monitor, and contain access are often better positioned to reduce operational impact when incidents occur."
"Ransomware resilience in manufacturing increasingly depends on how organizations govern remote access to OT systems," added Knud. "Just-in-time vendor access, visibility into remote sessions, and the ability to contain affected assets are becoming foundational cybersecurity controls."
What the stars mean:
★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional
Tag: