Companies from the manufacturing industry invest ever more into Internet of Things (IoT) devices. The main objective is to collect data that can be analyzed and used in a variety of scenarios, such as energy use optimization, predictive maintenance, etc. One can hardly imagine a modern smart factory without such solutions. However, the expansion of IoT networks gives rise to security issues, as many IoT devices are not built with security in mind and are therefore a frequent target of cyber threats.
Introduction—Why is IoT security important?
As operational technology (OT) networks formed of IoT devices merge with existing information technology (IT), the number of networked devices grows rapidly, dramatically expanding the attack surface. As of summer 2025, it was reported that over 50% of all cyber security incidents involved attacks on operational technology, making IoT security the primary arena of the struggle and necessitating a proactive security approach.
Add to this the introduction of the new EU Network and Information Security (NIS2) Directive, which adds more stringent safety management and incident reporting requirements in key sectors (such as energy, transport, healthcare, etc.), and it is easy to how IoT security solutions will be a subject of key importance in 2026.
IoT security challenges—From DDoS attacks to IoT device tampering
Why is IoT security important? In short, because networked devices connect to both ends of the cyberattack pipeline. At one end, unsecured connected devices can be exploited as tools for DDoS attacks and as entry points allowing hostile actors to bypass intrusion detection systems and gain access to vulnerable networks. At the other end, security breaches increasingly lead to kinetic outcomes. While in the past hackers could steal data or use data encryption to extort companies, nowadays they have the ability to affect physical critical infrastructure made up of connected devices (e.g., tampering with industrial control systems, such as smart thermostats). This can be used by malicious parties to extort companies by causing costly interruptions in production or even by state actors to damage defense-critical infrastructure or simply sow chaos.
Unsurprisingly, IoT devices have been involved in over a half of all incidents involving cyber threats. What is more, according to the IBM X-Force 2025 Threat Intelligence Index, the manufacturing industry has been the #1 target of IoT security threats for four consecutive years, accounting for 26% of all cyberattack incidents in 2024, which puts it ahead of even the seemingly most valuable finance and insurance targets. The objective of these attacks is primarily extortion, which accounts for 29% of all incidents and, as mentioned, can involve both holding sensitive data hostage and causing even more costly interruptions to production. The second most common type of cyberattack involves stealing sensitive data. It is notable that, although the overall prevalence of ransomware incidents is declining, it is still a major threat in the manufacturing sector, which often relies on easily exploitable and outdated legacy technology. Good risk assessment and threat intelligence is crucial to risk management, quantification, and mitigation in the manufacturing industry.
Read more on Industrial IoT:
The LoRaWAN technology for industrial settings: Four practical use cases for 2026
Where range matters: LoRaWAN for smart cities
Predictive maintenance in manufacturing industry
Industrial IoT solutions—5 practical examples
Data acquisition: the backbone of Industry 4.0 in 2025
Edge AI technology: driving Industry 4.0 in 2025
What is a smart factory of the future and how do you create one?
Industrial IoT communication protocols: a comprehensive guide to modern connectivity
8 practical applications of AI in manufacturing
IoT security issues—Where the digital doors are left open
The reason why IoT devices are such a frequent target for hackers is both their proliferation and vulnerability to attack. Many IoT devices are simply not built with security in mind. Many vulnerable devices are “vulnerable by design”; i.e., the manufacturer consciously forgoes efforts to secure IoT devices in favor of faster deployment to market and adding more features. As a result, even though many IoT devices connect to networks, they often lack even the most basic security features. Thus, some of the common IoT device attack vectors include taking advantage of weak default (or even hardcoded) administrator passwords, lack of encryption (data is often sent as plain text), and unpatched software and firmware vulnerabilities.
Another problem is that IoT environments often include Internet-connected devices that by their nature allow physical access to third parties (e.g., security cameras). This means that, unlike traditional IT systems that are hidden away in secure server rooms, IoT technology can be tampered with through physical access. Someone may physically plug into IoT devices or disassemble and modify them. Because of these unique security risks, IoT security work must include constant monitoring of device behavior and physical checks for signs of tampering with IoT devices, as well as secure communications protocols or, better yet, disconnecting these IoT devices from critical systems altogether.
The major vector of attack against IoT devices, accounting for 29% of all incidents, involves exploiting public-facing applications, such as poorly secured web interfaces or remote access portals. Another, accounting for 21% of attacks, relies on compromised credentials and identity-based attacks allowing hackers to bypass perimeter network security. These may use the aforementioned default passwords (often, malicious actors access unsecured IoT devices by simply trying the most common default credentials) or take advantage of credentials for valid accounts obtained through phishing and infostealers.
A paradox of IoT security challenges is that while IoT devices connect to Wi-Fi or use Bluetooth technology in a way that makes them visible to anyone, they are at the same time often invisible to security software and teams. That is one of the reasons why many IoT device security incidents are not directed attacks but automated scans for connected devices that can easily go unnoticed. Once a malicious actor finds a breach in IoT security, they can take control of connected devices to use them as entry points to circumvent network security or in bot nets for DDoS attacks. These networks of connected devices are often not even used by the hackers themselves but rented out in a sort of DDoS-as-a-Service model. This means that one person’s IoT security challenges become everyone’s problem, making the need to secure IoT devices all the more pressing.
IoT network and device security solutions
So how does one protect themselves from these IoT security threats? First of all, it is crucially important and must be stressed that a reactive approach is not enough in this landscape, and one has to adopt a proactive approach to protect IoT systems. Responding to incidents when they are detected is often too late when IoT security is involved—it is necessary to address security risks before they are exploited by malicious actors.
The basis of any comprehensive IoT security assurance framework is asset visibility. You cannot secure what you cannot see, so the first step is to make sure that all IoT devices are visible to security software and to network security operators. This not only allows security breaches to be spotted but also, more importantly, allows vulnerabilities to be addressed before an incident happens. Having a comprehensive inventory of IoT devices, critical infrastructure, IT assets, and network traffic is the backbone of IoT security frameworks.
Another system-wide IoT security measure is to implement network segmentation. IoT systems should not share a network with critical IT infrastructure, thereby denying anyone who breaches them the ability to gain access to sensitive data and potentially take control of assets through remote code execution or to encrypt or steal data. Thus, strong IoT security should involve connecting IoT devices to isolated networks (VLANs).
Third, since most IoT devices come with very weak default credentials, it is vital to change all these passwords to new strong ones, preferably with multifactor authentication (MFA), as soon as possible, optimally even before these IoT devices connect to the network. Good IoT security requires that access to IoT systems is granted following the principle of least privilege, i.e., only granting access to those users and devices that absolutely need it.
Finally, unmanaged devices pose the greatest threat, so it is crucial to enforce a firm system of regular software and firmware updates. This IoT security measure cannot be implemented on an ad hoc basis. Software and firmware updates need to be installed as soon as they become available, and constant monitoring should be implemented to make sure these updates are not missed. Furthermore, legacy IoT devices, for which patches to IoT firmware may not be available, should be cycled out and replaced with newer models with more robust IoT security.
NIS2 Directive—an IoT security foundation
The new version of the EU directive on Network and Information Systems (NIS2) significantly expands the scope of the regulation, bringing many manufacturing companies under its umbrella as Operators of Essential Services (OES; including health, e.g., medical devices and securing patient data integrity; transport; ICT and digital infrastructure; drinking and waste water; energy production) or Operators of Important Services (OIS; e.g., waste management; manufacturing of critical products, including food and chemicals). The specific obligations imposed on OES and OIS entities include:
- Risk management—implementing a risk-based approach to cybersecurity and data protection, including IoT connections.
- Incident handling—establishing procedures for rapid incident response and reporting. Although, as mentioned before, IoT security should primarily rely on prevention.
- Supply chain security—securing the entire supply chain, which is critical for IoT devices especially, since many IoT devices may come with built-in vulnerabilities or even preinstalled malware.
- Access control and encryption—mandating specific controls for secure access and use of encryption in IoT environments.
The directive is already in force and must be implemented by 2026, making compliance with its requirements an urgent matter. To achieve this objective, which luckily largely overlaps with international standards like IEC 62443-4-2 for industrial automation and control systems, a manufacturing company needs a reliable, experienced IT partner.
Conclusion
The Internet of Things (IoT) is a dangerous place. Both industrial-grade and consumer IoT devices, such as smart TVs and other consumer electronics, security cameras, IP cameras, smart locks, and other devices, have built-in vulnerabilities that allow for unauthorized control and data breaches and therefore require robust security measures. These measures include ensuring visibility of all IoT assets, especially Internet-connected devices, network traffic segmentation, robust access control in a zero-trust security model, and device life cycle management including software and firmware updates and retiring legacy devices. All these aspects of IoT security need to be introduced as soon as possible and proactively enforced.
Therefore, a manufacturing company that takes IoT security issues seriously needs a reliable and experienced partner from the IT sector that can help implement all these measures, especially when new IoT systems are built. And with the introduction of the NIS2 directive, it’s not just a good idea, it’s the law!
Need help with securing your IoT infrastructure? Drop us a line at sales@fabrity.pl. We are eager to help.
