The core issue lies in the reliance on persistent, always-on access for machine builders and service providers. While this connectivity is vital for operational uptime, it creates a wide attack surface. Knud Kegel, CTPO at Secomea, argues that the industry's focus must shift from merely keeping attackers out to managing the scope of access granted once a breach occurs. Without granular oversight, a single compromised credential can provide a gateway for ransomware to traverse entire production floors.

To mitigate these risks, Secomea advocates for a move toward just-in-time access, where permissions are granted only for specific tasks and revoked immediately upon completion. This approach, paired with strict least-privilege policies, limits the window of opportunity for attackers. Furthermore, robust audit trails are essential for modern compliance and forensic investigations, allowing security teams to reconstruct events following a security incident.

Beyond access management, containment remains a critical gap in many industrial setups. Security teams must be equipped to isolate specific assets the moment suspicious behavior is detected, preventing the spread of malware across interconnected systems. By implementing approval-based workflows and real-time session monitoring, manufacturers can maintain necessary vendor collaboration without sacrificing their overall cyber resilience.