Cyber Security Insights for Resilient Digital Defence

Manufacturing in the digital age

In this article, Eric Herzog, CMO at Infinidat, explores how to protect your enterprise with cyber resilient storage: A significant transformation is underway in manufacturing enterprises, as traditional boundaries between Operational Technology (OT) and Information Technology (IT) systems rapidly dissolve. This convergence, driven as a result of ongoing digital transformation and the adoption of Industry 4.0 technology, is enabling manufacturers to achieve new levels of efficiency, productivity, and visibility across their operations. However, as these systems become increasingly integrated, the risks - particularly in the realm of cyber security - are also escalating. Understanding the changing landscape Historically, manufacturers have relied on OT systems to manage their core physical processes and machinery on the factory floor, focusing on real-time control and automation. In contrast, IT systems have taken care of data processing, business operations, and enterprise resource planning requirements. Initially, these systems would have been running independently, but in recent years, manufacturers have invested in more integrated manufacturing environments, where data flows seamlessly between shop floor equipment and enterprise systems. This integration is essential for efficiency. It enables real-time monitoring, advanced analytics, and data-driven decision-making, leading to optimised production processes and vastly improved business outcomes. At the heart of a manufacturing business is the Manufacturing Execution System (MES). The MES connects production equipment with business applications, supporting the planning, monitoring, documentation, and control of manufacturing processes in real time. It also acts as a bridge to higher-level ERP systems and industrial automation platforms, providing comprehensive visibility and enabling enterprises to make informed, data-driven decisions. But herein lies the risk, because integration is also a somewhat double-edged sword. There are plenty of upsides, but the cyber security risks can grind an enterprise to a halt. Integration upsides Here are three of the immediate benefits realised through OT and IT system integration: • Potential for real-time data analysis — Integrated OT/IT systems allow for immediate feedback and adjustments, reducing downtime and waste. • Enhanced communication — Seamless data exchange between shop floor and enterprise systems leads to better coordination and a faster response to all issues. • Optimised production — Enterprises can fine-tune their processes based on live data, improving quality and throughput. Integration downsides These operational advantages also expose manufacturers to additional cyber security threats. This question of cyber risk is for all industry sectors. The UK government’s 2024 Cyber Security Breaches Survey found that half of UK businesses experienced a cyber breach or attack in the past year, with the rate even higher among medium (70%) and large (74%) businesses. Manufacturing enterprises are an especially attractive target for cyber criminals for multiple reasons. They rely on complex, interconnected supply chains. They tend to be running a larger number of legacy systems than other industry sectors and this can create security blind spots. They also provide a high-impact target, because a successful cyberattack can disrupt an entire supply chain. Dealing with a cyberattack is also very costly. According to Make UK, an organisation representing manufacturers, nearly half of British manufacturers suffered cyberattacks in the previous year. A quarter reported losses between £50,000 and £250,000, and 65% experienced production downtime. But the true costs of a cyberattack run much deeper, because many attacks involve data exfiltration. In these cases, sensitive intellectual property or customer information is stolen and potentially sold or leaked. Data breaches are one of the biggest security threats, and new research from Deloitte - conducted with the Manufacturing Leadership Council in 2024 - quantifies this. The study reported that 48% of manufacturers experienced at least one data breach in the past 12 months, at an average cost of £2.1 million per breach. The devastating impact of storage targeted attacks A ransomware attack on enterprise storage systems can cripple a manufacturer, potentially completely halting production processes as data and files become encrypted and inaccessible. Such an attack can also compromise the entire manufacturing operation, from design and engineering data to supply chain management information. If key files are encrypted, the enterprise may not have access to product specifications, production schedules, and customer orders. Operations can be brought to a stand-still and the implications are far reaching, potentially also damaging long-term projects, customer relationships, and the business reputation. Investing in cyber resilience is not just business best practice; it is mandated by law. The EU’s NIS2 directive (2024) sets strict requirements for cyber risk management in critical sectors including manufacturing. And although no longer bound by EU laws, the UK will be releasing its own regulations with the forthcoming Cyber Security and Resilience Bill, expected to be ratified later in 2025. It is now widely accepted that, these days, it’s not a case of 'if my enterprise will be attacked', but 'when will I be attacked, how often will I be attacked, and, most importantly, how quickly can I recover?' Cyberattacks are occurring constantly. They have become an inevitable part of being in business. As the likelihood of an attack has evolved, so too have the techniques used, and completely preventing any form of cyber security breach is no longer realistic. Instead, manufacturers should focus on building cyber storage resilience into their enterprise storage and maximising their ability to detect, respond to, and recover quickly from attacks. Six foundations for cyber resilient storage A cyber resilient storage infrastructure to support manufacturing business continuity is built on six key principles: 1. Immutable snapshots — Rather than creating simple backups, manufacturers need secure, unalterable data copies taken at specific intervals. These immutable snapshots ensure that critical production and business data remains unchanged after creation, providing a reliable recovery source regardless of attack sophistication. 2. Logical and remote air-gapping — Effective cyber resilient storage requires logical isolation of immutable snapshots from network access. Air-gapping - implemented locally, remotely, or both - creates an additional protection layer that keeps recovery data segregated from potential infection vectors. 3. Automated detection and response — The speed of modern cyberattacks renders manual monitoring insufficient. Manufacturing companies need automated cyber security capabilities: Automated Cyber Protection (ACP) that integrates seamlessly with their existing security stack, including Security Operations Centres (SOC); Security Information and Event Management (SIEM); and Security Orchestration, Automation, and Response (SOAR) platforms. These systems should automatically trigger immutable snapshots when security incidents are detected. 4. Fenced forensic environment — Recovery from cyberattacks requires a completely isolated network environment for forensic analysis. This 'fenced' area allows for thorough data testing and integrity verification, ensuring that recovered data isn't compromised before reintroduction to production systems. 5. Near-instantaneous recovery — Critical for manufacturing operations is the ability to retrieve clean data copies within minutes, regardless of dataset size. Manufacturing processes are particularly time-sensitive, making rapid recovery capabilities essential for minimising production disruption and financial losses. 6. Scanning for cyber threats in your storage estate — Leveraging advanced AI and ML technology, you can scan your storage at regular intervals to see if there is a cyber threat. This gives you two different advantages: First, by scanning on a regular basis, you may uncover a cyber threat. Then, you can report that to the cyber security elements in your data centre as an 'early warning system.' Second, if you have an attack, the ability to search your immutable snapshots for a dataset free from any cyberattack gives you much faster and more reliable recovery. Road to proactive cyber storage resilience The integration of OT and IT is transforming manufacturing and unlocking new efficiencies, but it is also heightening the cyber security risk. As cyberattacks become more frequent and sophisticated, manufacturers must adopt a proactive, resilience-focused approach to their cyber security and enterprise storage. This means investing in advanced, cyber resilient storage, with robust defences and rapid data recovery capabilities. By prioritising these investments, manufacturing enterprises can reap all the benefits that integration offers, safeguard their operations, and protect data and intellectual property - even in the face of an increasingly hostile cyber threat landscape. For more from Infinidat, click here.

International Cyber Expo 2025 returns

The International Cyber Expo is fast approaching, taking place 30 September - 1 October 2025 at the Olympia London. Start planning your visit now by exploring the 2025 Event Preview and securing your free pass today. Get ready for: • Mind-blowing content — Three action-packed stages featuring the brightest minds in cyber security.• Next-level networking — Meet industry leaders, innovators, and peers ready to collaborate.• Innovative new features — Be the first to see what’s shaping the future of cyber security.• A packed exhibition floor — Discover ground-breaking solutions, products, and ideas, all in one place. Be part of the most dynamic and interactive showcase in the cyber security calendar. Register for free here. For more from the International Cyber Expo, click here.

Infoblox unveils 2025 DNS Threat Landscape Report

Infoblox, a provider of cloud networking and security services, today released its 2025 DNS Threat Landscape Report, revealing a dramatic surge in DNS-based cyberthreats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech, and evasive domain tactics. Based on pre-attack telemetry and real-time analysis of DNS queries from thousands of customer environments - with over 70 billion DNS queries per day - the report offers a view into how threat actors exploit DNS to deceive users, evade detection, and hijack trust. "This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands," says Renée Burton, Head of Infoblox Threat Intel. "The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers." Research background Since its inception, Infoblox Threat Intel has identified a total of over 660 unique threat actors and more than 204,000 suspicious domain clusters, meaning a group of domains believed to be registered by the same actor. Over the past 12 months, Infoblox researchers have published research covering 10 new actors. They have uncovered the breadth and depth of malicious adtech, which disguises threats from users through TDS. The report brings together findings from the past 12 months to illuminate attack trends. Particularly, the report sheds light on adtech's role in these attacks. Top findings • 100.8 million newly observed domains in the past year, with 25.1% classified as malicious or suspicious• 95% of threat-related domains observed in only one customer environment• 82% of customer environments queried domains associated with malicious adtech, which rotate a massive number of domains to evade security tools and serve malicious content• Nearly 500k traffic distribution system (TDS) domains were seen in the last 12 months within Infoblox networks• Daily detection of DNS Tunneling, exfiltration, and command and control, including Cobalt Strike, Sliver, and custom tools, which require ML algorithms to detect Uptick in newly observed domains Over the year, threat actors continuously registered, activated, and deployed new domains, often in very large sets through automated registration processes. By increasing their number of domains, threat actors can bypass traditional forensic-based defences, which are built on a "patient zero" approach to security. This reactive approach relies on detecting and analysing threats after they have already been used somewhere else in the world. As attackers leverage increasing levels of new infrastructure, this approach becomes ineffective, leaving organisations vulnerable. Actors are using these domains for an array of malicious purposes, from creating phishing pages and deploying malware through drive-by downloads to engaging in fraudulent activities and scams, such as fake cryptocurrency investment sites. The need for preemptive security These findings underscore a pressing need for organisations to be proactive in the face of AI-equipped attackers. Investing in preemptive security can be the deciding factor in successfully thwarting threat actors. Proactive protection, paired with consistent radar on emerging threats, tips the scales in favour of security teams — allowing them to pull ahead of attackers and interrupt their unlimited supply of domains.

Summer habits could increase cyber risk to enterprise data

As flexible work arrangements expand over the summer months, cybersecurity experts are warning businesses about the risks associated with remote and ‘workation’ models, particularly when employees access corporate systems from unsecured environments. According to Andrius Buinovskis, Cybersecurity Expert at NordLayer - a provider of network security services for businesses - working from abroad or outside traditional office settings can increase the likelihood of data breaches if not properly managed. The main risks include use of unsecured public Wi-Fi, reduced vigilance against phishing scams, use of personal or unsecured devices, and exposure to foreign jurisdictions with weaker data protection regulations. Devices used outside the workplace are also more susceptible to loss or theft, further raising the threat of data exposure. Andrius recommends the following key measures to mitigate risk: • Strong network encryption — It secures data in transit, transforming it into an unreadable format and safeguarding it from potential attackers. • Multi-factor authentication — Access controls, like multi-factor authentication, make it more difficult for cybercriminals to access accounts with stolen credentials, adding a layer of protection. • Robust password policies — Hackers can easily target and compromise accounts protected by weak, reused, or easy-to-access passwords. Enforcing strict password management policies requiring unique, long, and complex passwords, and educating employees on how to store them securely, minimises the possibility of falling victim to cybercriminals. • Zero trust architecture — The constant verification process of all devices and users trying to access the network significantly reduces the possibility of a hacker successfully infiltrating the business. • Network segmentation — If a bad actor does manage to infiltrate the network, ensuring it's segmented helps to minimise the potential damage. Not granting all employees access to the whole network and limiting it to the parts essential for their work helps reduce the scope of the data an infiltrator can access. He also highlights the importance of centralised security and regular staff training on cyber hygiene, especially when using personal devices or accessing systems while travelling. “High observability into employee activity and centralised security are crucial for defending against remote work-related cyber threats,” he argues.

'Have we learned anything from the CrowdStrike outage?'

On 19 July 2024, services and industries around the world ground to a halt. The cause? A defective rapid response content update. While widely known by security experts, the sheer impact of such an update was made painfully clear to the average person, affecting countless businesses and organisations in every sector. With airlines to healthcare, financial services to government being affected, the impacts on people were felt far and wide – with banking apps out of action and hospitals having to cancel non-urgent surgeries. Yet, a year on from the global IT outage, have businesses really learned anything? Recent outages for banks and major service providers would suggest otherwise. Although not every outage can be avoided, there are a few key things businesses should remember. Eileen Haggerty, Area Vice President, Product & Solutions at Netscout, gives her biggest takeaways from the outage and how organisations can avoid the same happening again: “If nothing else, businesses should ensure they have the visibility they need to pre-empt issues stemming from software updates. Realistically, they need complete round-the-clock monitoring of their networks and entire IT environment. "With this visibility - and by carrying out maintenance checks and regular updates - organisations can mitigate the risk of unexpected downtime and, in turn, prevent financial and reputational losses. “Securing a network and assuring consistent performance isn't just about deploying defences, it's about anticipating every move. That's why a best practice for IT teams includes conducting proactive synthetic tests which simulate real traffic, long before a single customer encounters a frustrating lag or a critical function fails. "Conducting these tests provides organisations with the vital foresight they need to anticipate issues before they even have a chance to materialise. This step, combined with proactive real-time traffic monitoring provides vital details necessary when facing a major industry outage, security incident, or a local corporate issue, enabling the appropriate response with evidence as fast as possible. “While outages like last year’s are a harsh lesson for businesses, they also present an invaluable learning opportunity. Truly resilient organisations will turn the disruption they experienced into a powerful data source and a blueprint for performance assurance and operational resilience. "This means leveraging advanced visibility tools to conduct deeply informative post-mortems. By building a rich, detailed repository of information from every previous incident, organisations aren’t just documenting history, they're establishing best practice policies and actively future-proofing their operations, ensuring they can anticipate and navigate any potential challenges before they become an issue for customers.” For more from Netscout, click here.

Datadog partners with AWS to launch in Australia and NZ

Datadog, a monitoring and security platform for cloud applications, has just launched its full range of products and services on the Amazon Web Services’ (AWS) Asia-Pacific (Sydney) Region. The launch adds to existing locations in North America, Asia, and Europe. The new local availability zone enables Datadog, its customers, and its partners to store and process data locally, enabling in-region capacity to meet applicable Australian privacy, security, and data storage requirements. This, according to the company, is crucial for an increasing number of organisations - particularly those operating in regulated environments such as government, banking, healthcare, and higher education. “This milestone reinforces Datadog’s commitment to supporting the region’s advanced digital capabilities - especially the Australian government’s ambition to make the country a leading digital economy,” says Yanbing Li, Chief Product Officer at Datadog. “With strong momentum across public and private sectors, our investment enhances trust in Datadog’s unified and cloud-agnostic observability and security platform, and positions us to meet the evolving needs of agencies and enterprises alike.” Rob Thorne, Vice President for Asia-Pacific and Japan (APJ) at Datadog, adds, "Australian organisations are on track to spend nearly A$26.6 billion [£12.84 billion] on public cloud services alone in 2025. "For organisations in highly regulated industries, it isn’t just the cloud provider that needs to have local data storage capacity, it should be all layers of the tech stack. "This milestone reflects Datadog’s priority to support these investments. It’s the latest step in our expansion down under, and follows the continued addition of headcount to support our more than 1,100 A/NZ customers, as well as the recent appointments of Field CTO for APJ, Yadi Narayana, and Vice President of Commercial Sales for APJ, Adrian Towsey, to our leadership team.” For more from Datadog, click here.

Netscout expands cybersecurity systems

Netscout Systems, a provider of observability, AIOps, cybersecurity, and DDoS attack protection systems, has just announced Adaptive Threat Analytics, a new enhancement to its Omnis Cyber Intelligence Network Detection and Response (NDR) solution, designed to improve incident response and reduce risk. The aim with the offering is to "enable security teams to investigate, hunt, and respond to cyber threats more rapidly." Cybersecurity professionals face a challenge in the race against time to detect and respond appropriately to cyber threats before it's too late. Alert fatigue, increasing alert volume, fragmented visibility from siloed tools, and cunning AI-enabled adversaries create a compelling need for a faster and more effective response plan. McKinsey & Company noted last year that despite a decline in response time to cyber-related risks in recent years, organisations still take an average of 73 days to contain an incident. In the threat detection and incident response process, comprehensive north-south and east-west network visibility plays a critical role in all phases, but none more so than the ‘Analyse’ phase between ’Detection’ and ‘Response.’ Adaptive Threat Analytics utilises continuous network packet capture and local storage of metadata and packets independent of detections, built-in packet decodes, and an ad hoc querying language, seeking to enable more rapid threat investigation and proactive hunting. “Network environments continue to become more disparate and complex," says John Grady, Principal Analyst, Cybersecurity, Enterprise Strategy Group. "Bad actors exploit this broadened attack surface, making it difficult for security teams to respond quickly and accurately." "Due to this, continuous, unified, packet-based visibility into north-south and east-west traffic has become essential for effective and efficient threat detection and incident response.” “Security teams often lack the specific knowledge to understand exactly what happened to be able to choose the best response,” claims Jerry Mancini, Senior Director, Office of the CTO, Netscout. “Omnis Cyber Intelligence with Adaptive Threat Analytics provides ‘big picture’ data before, during, and after an event that helps teams and organisations move from triage uncertainty and tuning to specific knowledge essential for reducing the mean time to resolution.” For more from Netscout, click here.

DigiCert opens registration for World Quantum Readiness Day

DigiCert, a US-based digital security company, today announced open registration for its annual World Quantum Readiness Day virtual event, which takes place on Wednesday, 10 September 2025. The company is also accepting submissions for its Quantum Readiness Awards. Both initiatives intend to spotlight the critical need for current security infrastructures to adapt to the imminent reality of quantum computing. World Quantum Readiness Day is, according to DigiCert, a "catalyst for action, urging enterprises and governments worldwide to evaluate their preparedness for the emerging quantum era." It seeks to highlight the growing urgency to adopt post-quantum cryptography (PQC) standards and provide a "playbook" to help organisations defend against future quantum-enabled threats. “Quantum computing has the potential to unlock transformative advancements across industries, but it also requires a fundamental rethink of our cybersecurity foundations,” argues Deepika Chauhan, Chief Product Officer at DigiCert. “World Quantum Readiness Day isn’t just a date on the calendar, it’s a starting point for a global conversation about the urgent need for collective action to secure our quantum future.” The Quantum Readiness Awards were created to celebrate organisations that are leading the charge in quantum preparedness. Judges for the Quantum Readiness Awards include: · Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence, NIST· Dr Ali El Kaafarani, CEO, PQShield· Alan Shimel, CEO, TechStrong Group· Blair Canavan, Director, Alliances PQC Portfolio, Thales· Tim Hollebeek, Industry Technology Strategist, DigiCert For more from DigiCert, click here.

Invicti launches new Application Security Platform

Cybersecurity company Invicti today announced the launch of what it calls its "next-gen" Application Security Platform, featuring AI-powered scanning capabilities, enhanced dynamic application security testing (DAST) performance, and full-spectrum visibility into application risk. The platform seeks to enable organisations to detect and fix vulnerabilities faster and with greater accuracy. “Your applications are dynamic, shouldn’t your AppSec tools be too?” argues Neil Roseman, CEO of Invicti. “Attackers live in your runtime, but most security tools are stuck in static analysis. With Invicti, we’re cutting through the static with a DAST-first platform that continuously uncovers real risk in real time so security teams can take action with confidence.” DAST improvements with AI The latest release introduces enhancements to Invicti’s DAST engine, which, according to data provided by the company, include: • Being 8x faster than leading competitors.• Finding 40% more high and critical vulnerabilities.• Delivering 99.98% accuracy with proof-based scanning. Securing more of what matters The company says the Invicti platform now combines AI-driven features and integrated discovery to "expose more of the real attack surface and deliver broader, more accurate security coverage." The main features include: • LLM scanning — securing AI-generated code by identifying risks produced by large language models.• AI-powered DAST — revealing vulnerabilities that traditionally required manual penetration testing.• Integrated ASPM — bringing greater visibility into application posture, enabling teams to prioritise and manage risk across the SDLC.• Enhanced API detection — identifying and testing previously hidden or unmanaged APIs, now with native support for F5, NGINX, and Cloudflare. “A stronger DAST engine gives our customers more than better scan results, it gives them clarity,” claims Kevin Gallagher, President of Invicti. “They can see what truly matters, cut through the noise, and move faster to reduce risk. This launch continues our push to make security actionable, efficient, and focused on what’s real.” For more from Invicti, click here.

'7% of organisations tackle vulnerabilities only when necessary'

A recent joint survey conducted by VDC Research, a technology market intelligence and consulting firm, and Kaspersky, a Russian multinational cybersecurity company, has highlighted an alarming trend: 7% of industrial organisations tackle vulnerabilities only when necessary. This leaves them exposed to unplanned downtime, production losses, and the reputational and financial damages that can result from possible cyber breaches. The study, entitled Securing OT with Purpose-built Solutions, illuminates the shifting landscape of cybersecurity within the industrial sector. Focusing on key industries such as energy, utilities, manufacturing, and transportation, their research surveyed over 250 decision-makers to uncover trends and challenges faced in fortifying industrial environments against cyber threats. A strong cybersecurity strategy begins with complete visibility into an organisation’s assets, allowing leaders to understand what assets need protection and to assess the highest risk areas. In environments where IT and OT systems converge, this demands more than just a comprehensive asset inventory. Organisations must implement a risk assessment methodology that is aligned with their operational realities. By establishing a clear asset baseline, organisations can engage in meaningful risk assessments that address both corporate risk criteria and the potential physical and cyber consequences of vulnerabilities. Recent survey findings reveal a concerning trend: a significant number of organisations are not engaging in regular penetration testing or vulnerability assessments. Only 27.1% of respondents perform these critical evaluations on a monthly basis, while 48.4% conduct assessments every few months. Alarmingly, 16.7% do so only once or twice a year, and 7.4% address vulnerabilities solely as needed. This inconsistent approach could leave organisations vulnerable as they navigate an increasingly complex threat landscape. Every software platform is inherently vulnerable to bugs, insecure code, and other weaknesses that malicious actors can exploit to compromise IT environments. For industrial companies, effective patch management is therefore crucial to mitigate these risks. That being said, studies reveal that many organisations encounter significant challenges in this area, often struggling to allocate the necessary time to pause operations for critical updates. Unnervingly, many organisations patch their OT systems only every few months or even longer, significantly heightening their risk exposure. Specifically, 31.4% apply patches monthly, while 46.9% do so every few months and 12.4% update only once or twice a year. These challenges in maintaining effective patch management are exacerbated in OT environments, where limited device visibility, inconsistent vendor patch availability, specialised expertise requirements, and regulatory compliance add layers of complexity to the cybersecurity landscape. As IT and OT systems increasingly converge, there is a pressing need to harmonise these traditionally disparate systems which have often relied on proprietary technologies rather than open standards. The challenge is further intensified by the rapid proliferation of Internet of Things (IoT) devices — ranging from cameras and smart sensors for asset tracking and health monitoring to advanced climate control systems. This explosion of connected devices broadens the attack surface for industrial organisations, underscoring the urgent need for robust cybersecurity measures.