Cybersecurity Essentials for Lehre Manufacturing Companies: Protecting Your Operations in an Increasingly Dangerous Digital Landscape
Manufacturing companies in the Lehre area — and across the Braunschweig-Wolfsburg industrial region of Lower Saxony — face a cybersecurity challenge that is fundamentally different from what most other businesses face. You're not just protecting computers and data. You're protecting physical operations, production equipment, supply chains, and in many cases, the safety of workers on the shop floor. A cyber incident at a manufacturing company isn't just an IT problem — it can halt production, damage equipment, create safety hazards, breach contracts with major customers, and expose the business to regulatory penalties that can threaten its very survival.
The attack surface for a modern manufacturing company is also broader than most people realise. Production equipment — CNC machines, robotic arms, PLCs (Programmable Logic Controllers), SCADA systems, industrial control systems — is increasingly networked with business IT systems for data collection, analytics, and remote monitoring. This convergence of Operational Technology (OT) and Information Technology (IT) creates new attack vectors that traditional IT security approaches don't adequately address. And the attackers know it. Manufacturing is now one of the most frequently targeted sectors for ransomware attacks globally, and small and mid-size manufacturers in Germany — including those in our region — are increasingly in the crosshairs.
In this article, I want to walk through the essential cybersecurity measures that every manufacturing company in the Lehre, Braunschweig, and Wolfsburg area should implement. I'll be specific about what these measures actually involve, why they matter for manufacturers specifically, and what a practical implementation looks like for a small to mid-size operation. This isn't a theoretical overview — it's a practical guide based on our experience working with manufacturing companies across Lower Saxony.
Why Manufacturing Companies Are Prime Targets
Before diving into specific measures, it's worth understanding why manufacturing companies — and particularly small and mid-size manufacturers in regions like ours — are such attractive targets for cybercriminals. This context helps explain why each of the measures I'm describing is genuinely critical, not just nice-to-have.
High motivation to pay ransoms: Unlike a law firm or an accounting practice, which can often survive weeks of downtime by working around the disruption, a manufacturing company that stops producing typically starts losing money immediately. Every hour of production downtime costs real money — in labour, in missed deliveries, in contract penalties. This makes manufacturers more willing to pay ransoms quickly, which makes them more attractive targets. A ransomware operator who knows they're attacking a manufacturer knows the probability of a fast, full payment is higher than with many other sectors.
Valuable intellectual property: Manufacturing companies — especially those in precision engineering, automotive supply, or specialised production — often hold significant intellectual property in the form of designs, processes, formulas, and production data. This IP has real value, and nation-state actors as well as commercial criminals are interested in stealing it. A competitor in another country with access to your production specifications and process data could undercut you in markets where your IP isn't protected, or sell that information to other parties.
Supply chain leverage: A manufacturer that supplies components to Volkswagen or another major OEM occupies a critical position in the supply chain. Compromising that manufacturer — encrypting their files, disrupting their production — has cascading effects that can attract attention and create leverage. In some cases, attackers specifically target suppliers as a way to gain access to larger targets further up the supply chain.
Historically weak security: Manufacturing companies have historically invested less in cybersecurity than financial services, healthcare, or government organisations. Production equipment is often designed to operate for decades with minimal updating, and the IT security of industrial control systems has historically been an afterthought. This makes manufacturers easier to penetrate than more hardened targets.
Underestimation of risk: Many small and mid-size manufacturers in our area still believe they're too small to be targeted — that attackers only go after large enterprises. This is categorically false, and it's a dangerous assumption that leads to inadequate security investment. The reality is that attackers actively scan for vulnerable small businesses precisely because they know those businesses are likely to have weaker security.
The Essential Cybersecurity Measures: A Layered Approach
Effective cybersecurity for manufacturing companies is not about any single measure — it's about building multiple layers of defence, so that if one layer fails, the others continue to provide protection. This is called the "defence in depth" approach, and it's the framework I'll use to walk through the essential measures below.
Layer 1: Network Segmentation
Network segmentation is one of the most important — and most often neglected — cybersecurity measures for manufacturing companies. The basic principle is simple: you don't put your production OT network, your business IT network, and your guest Wi-Fi network all in the same place. You separate them, so that a security incident in one network doesn't automatically spread to the others.
In practice, this means: your business IT (computers, servers, email, accounting software) should be on one network segment; your OT/ICS network (PLCs, CNC machines, SCADA systems, industrial control equipment) should be on a separate, isolated network segment; and your guest and IoT networks should be further isolated from both. Critical point: the OT network should not be directly accessible from the business IT network. If someone on the business network wants to access a CNC machine for monitoring purposes, that access should go through a carefully controlled industrial DMZ, not directly across the local network.
For a small to mid-size manufacturer in our area, implementing proper network segmentation typically involves configuring VLANs (Virtual Local Area Networks) on your network switches and firewalls, and establishing strict firewall rules governing what traffic can flow between segments. If your production equipment was installed by an equipment vendor who just plugged everything into the same flat network — which is remarkably common — this is a priority remediation.
Layer 2: Endpoint Protection
Endpoint protection means protecting the individual computers, servers, and devices that connect to your network. This includes business workstations, laptops, servers, and any networked devices in the production environment that can run standard operating systems.
For business IT endpoints, modern endpoint protection should include: antivirus software with real-time scanning and behavioural analysis capabilities (not just signature-based detection, which misses new and modified threats); endpoint detection and response (EDR) capabilities that can detect suspicious activity patterns even when no known malware signature exists; disk encryption to protect data on lost or stolen devices; and mobile device management to enforce security policies on laptops and mobile devices that connect to your network.
For OT/ICS endpoints — the industrial computers that run machine HMIs (Human Machine Interfaces), SCADA servers, and similar equipment — endpoint protection is more complex. Many of these systems run older operating systems (Windows 7, Windows XP, or even older embedded systems) that can't run standard antivirus software. For these systems, protection typically relies on: application whitelisting (allowing only approved applications to run), strict USB device controls (USB drives are a common attack vector for malware in manufacturing environments), and network-based monitoring that looks for anomalous traffic patterns rather than relying on software installed on the endpoint itself.
One of the most practical steps a small manufacturer can take is implementing application whitelisting on OT systems using tools like Microsoft's Windows Defender Application Control (WDAC) or hardware-enforced security features available on newer industrial equipment. This prevents attackers from running any malicious software on OT systems, even if they manage to get it onto the network.
Layer 3: Email Security and Phishing Protection
The vast majority of cyberattacks on small and mid-size businesses — including manufacturing companies — begin with a phishing email. An employee receives an email that appears to be from a supplier, a customer, a colleague, or even the CEO, clicks a link or opens an attachment, and inadvertently installs malware or reveals login credentials. From that moment, the attacker has a foothold in your network.
Email security for manufacturing companies should include: spam filtering that catches known phishing and malware-laden emails before they reach users; link protection that rewrites URLs in emails and checks them against threat intelligence databases before allowing users to click through; attachment sandboxing that opens potentially dangerous attachments in an isolated environment to check for malicious behaviour before forwarding them to the recipient; and DMARC (Domain-based Message Authentication, Reporting, and Conformance) configuration to prevent email spoofing using your own domain.
Microsoft 365 and Google Workspace both include built-in email security features that cover most of these requirements for businesses using those platforms. If your manufacturing company is still using ISP-hosted email or older on-premise email systems, migrating to a modern platform with built-in security is one of the highest-impact security improvements you can make.
Layer 4: Multi-Factor Authentication (MFA)
Multi-factor authentication means requiring a second form of verification — a code sent to your phone, a hardware token, a biometric scan — in addition to your password when logging into systems. This is one of the single most effective cybersecurity measures available, because it means that even if an attacker obtains your password — through a phishing attack, a data breach at another service, or a password-cracking attempt — they still can't access your accounts.
MFA should be implemented on: all remote access solutions (VPN, RDP, remote desktop gateways); cloud services (Microsoft 365, Google Workspace, any cloud applications your business uses); privileged accounts (domain administrators, IT administrator accounts, any account with access to critical systems); and business applications that contain sensitive data (accounting software, CRM systems, file storage).
The most secure form of MFA is hardware security keys (like YubiKey), which are physical tokens that must be present to authenticate. These are increasingly required by cybersecurity insurance policies. For most small businesses, authenticator apps (Microsoft Authenticator, Google Authenticator) provide a good balance of security and convenience, and are far better than no MFA at all.
Layer 5: Backup and Recovery
Robust backup is your last line of defence against ransomware and other data destruction attacks. If an attacker encrypts all your files and demands a ransom payment, the only thing that determines whether you can recover without paying is the quality and integrity of your backups.
For manufacturing companies, backup strategy has some specific considerations. Your backup should cover: business IT data (accounting records, customer data, emails, documents, CRM data); design and engineering data (CAD files, production specifications, process documentation); and ideally, system images that allow you to rebuild servers and workstations quickly.
The key principles for effective backup are captured in the 3-2-1 rule: maintain at least three copies of your data; store them on at least two different types of media (e.g., local disk and cloud storage); and keep at least one copy offsite (in the cloud, at a secondary location). For most manufacturing companies in our area, a combination of local backup to an external device and cloud backup to a provider like Microsoft Azure or AWS provides the right balance of recovery speed and protection against local disasters.
Critically: your backup must be tested regularly. We can't count the number of times we've arrived at a manufacturing company after a ransomware attack, only to discover that their backups hadn't been working for months — the backup software reported success, but the backup destination had been full or disconnected for so long that the last successful backup was from six months ago. Test your backups. Actually restore from them. Verify the process works.
Layer 6: Security Monitoring and Incident Response
You can't protect what you can't see. Effective cybersecurity requires visibility into what's happening on your network — logins at unusual hours, large data transfers, connections from unknown IP addresses, attempts to access systems without proper credentials. For most small and mid-size manufacturing companies, this level of monitoring requires a managed security service that can watch your environment 24/7 and alert you when something suspicious occurs.
At Graham Miranda UG, we provide security monitoring as part of our managed IT services, using tools like Microsoft Sentinel and Defender for Endpoint to collect and analyse security events across our clients' environments. When something suspicious is detected, we investigate and respond — containing the threat, preserving evidence, and restoring normal operations as quickly as possible.
Every manufacturing company should also have an incident response plan — a documented, rehearsed process for what to do when a cybersecurity incident occurs. This plan should identify who is responsible for what, how incidents are escalated, how critical systems are protected during an incident, how communication with employees, customers, and regulators is handled, and how recovery is sequenced. Having this plan in place before an incident occurs dramatically reduces the time and cost of recovery.
Layer 7: OT Security and Industrial Control Systems
I want to specifically address the OT security challenge for manufacturing companies, because it's different enough from standard IT security to warrant its own treatment. The industrial control systems — PLCs, SCADA systems, DCS (Distributed Control Systems), CNC machines, robotic systems — that run modern manufacturing operations were designed for reliability and safety, not cybersecurity. Many of them run on decades-old operating systems with known vulnerabilities that can never be fully patched. They were designed to operate in isolated environments, not to be connected to business networks and the internet. And they control physical processes that can have safety implications if manipulated by malicious actors.
The specific OT security measures that manufacturing companies in our area should consider include: conducting an OT security assessment to understand the current state of industrial network segmentation, device hardening, and vulnerability exposure; implementing an industrial demilitarized zone (IDMZ) — a network zone that sits between the IT network and the OT network, with strict controls on what can pass through; deploying OT-specific security monitoring that can detect anomalous traffic on industrial protocols like Modbus, Profinet, and EtherNet/IP; establishing change management processes for OT systems that ensure any changes to PLC logic, HMI configurations, or network settings are documented and reviewed; and working with equipment vendors to ensure that remote access capabilities — which many modern machines include for diagnostic purposes — are properly secured with strong authentication and access controls.
If your manufacturing company uses equipment from multiple vendors — which is common — and those vendors have varying levels of cybersecurity sophistication in their remote support practices, this is an area where an IT security partner with OT experience can add significant value by auditing vendor access practices and establishing secure remote support protocols.
The NIS2 Directive and What It Means for Manufacturing Companies in Germany
Germany's implementation of the EU's Network and Information Systems Directive 2 (NIS2), which came into force in late 2024, has significantly expanded the cybersecurity obligations for businesses in Germany — including many small and mid-size manufacturing companies that previously assumed they were not affected by such regulations.
NIS2 applies to "essential entities" and "important entities" across a wide range of sectors. Manufacturing companies that meet certain thresholds — in terms of number of employees, revenue, or critical infrastructure relevance — may find themselves classified as important entities, with corresponding obligations to implement appropriate technical and organisational security measures, report incidents to authorities within 24 hours, and maintain security policies and incident response capabilities.
Even companies that fall below NIS2 thresholds may find that their business relationships — particularly with automotive OEMs and other major customers — are requiring them to demonstrate cybersecurity maturity as part of supplier qualification. Volkswagen and other major manufacturers have been increasingly requiring their suppliers to provide evidence of cybersecurity controls, and this trend is accelerating.
The practical implication for manufacturing companies in the Lehre area is clear: cybersecurity is no longer purely a technical matter. It's a business obligation and, increasingly, a prerequisite for maintaining and winning business with major customers. Companies that treat it as optional are accumulating both technical risk and business risk with every passing month.
What a Practical Cybersecurity Programme Looks Like for a Small Manufacturer
I want to address a common objection that I hear from small manufacturing company owners: "All of this sounds important, but we're a 30-person workshop. We can't afford a full cybersecurity programme." This is understandable — but it's also often based on a misunderstanding of what a practical cybersecurity programme looks like for a small manufacturer.
Effective cybersecurity for a small manufacturing company doesn't require a large team or an enterprise-grade budget. It requires making the most of available resources by focusing on the measures that deliver the greatest risk reduction per euro invested. Based on our experience with small and mid-size manufacturers in the Braunschweig-Wolfsburg area, here's what a practical programme looks like:
Essential tier (covers the most critical risks, achievable for businesses with fewer than 20 employees): This includes multi-factor authentication on all remote access and cloud services; working email and endpoint protection on all business IT systems; cloud backup of all critical business data with tested recovery; basic OT network segmentation (at minimum, separating business IT from production networks); and cybersecurity awareness training for all employees (even a short, practical session on recognising phishing emails makes a significant difference).
Standard tier (for businesses with 20-100 employees or those with more complex security requirements): This adds managed detection and response services with 24/7 monitoring; comprehensive backup with offline and offsite copies; network segmentation with properly configured industrial DMZ; privileged access management; regular vulnerability scanning; and documented incident response planning.
Advanced tier (for businesses with 100+ employees, those in sensitive supply chains, or those with significant OT complexity): This adds OT-specific security monitoring; regular penetration testing; security architecture review; supply chain security assessment; and compliance-focused activities like NIS2 readiness assessments.
The important point is that you don't have to do everything at once. A practical cybersecurity programme starts with the essential tier, addresses the highest-risk gaps first, and builds progressively. What matters is that you start — and that you work with a partner who can help you prioritise intelligently.
Graham Miranda UG: Cybersecurity for Manufacturers in Our Region
At Graham Miranda UG, we bring specific experience in cybersecurity for manufacturing companies in the Lower Saxony region. We understand the automotive supply chain context and the specific requirements that major customers are placing on their suppliers. We have experience with OT security — the challenge of securing industrial control systems, CNC machines, and production networks — which is quite different from standard IT security and requires specific knowledge to do correctly.
We're based in the Harz region but serve businesses across all of Lower Saxony, including the Braunschweig-Wolfsburg area. We're not a large corporate IT vendor — we're a small, responsive team that understands the realities of running a small to mid-size business in our region. We bring enterprise-grade tools and expertise, applied appropriately to the scale and budget of your business.
If you're a manufacturing company owner or decision-maker in the Lehre area and you'd like an honest, practical conversation about your cybersecurity posture — what you have, what you're missing, and what to do about it — we'd welcome the opportunity to speak with you. We'll provide a straightforward assessment without the sales pressure.
Reach us at +49 156-7839-7267 or graham@grahammiranda.com. Visit grahammiranda.com to learn more about our cybersecurity services.
The threat landscape for manufacturing companies is not going to improve on its own. Every month that passes without adequate security measures in place is a month of accumulated risk. The good news is that the most important cybersecurity measures are also among the most achievable — and the return on investment in security is exceptionally high when you focus on the right measures.