The Trustwave SpiderLabs research 2025 Trustwave Risk Radar Report: Manufacturing Sector takes a global view of the cybersecurity issues facing this vertical, but it’s also important to examine how and if different regions are specifically impacted.
To determine how threat actors impact Australian manufacturers, we asked Craig Searle, Director, Consulting & Professional Services in Pacific at Trustwave, four pointed questions that will help decipher the impact of and why Australian manufacturers need to be concerned.
Trustwave: Are Australian manufacturers more likely to be impacted than other industries, and how can they mitigate the cyberattack risks?
Craig Searle: In my opinion, critical infrastructure, financial services, and healthcare are still the targets of choice right now by virtue of the ‘value’ of the data they hold, according to the Office of the Australian Information Commissioner.
That being said, manufacturing is still very appealing as a target because it tends to be a very cost-conscious industry, meaning investment in cybersecurity controls is likely to be less expensive than other industries. The downside is that in the majority of cases, the value of the data/access post-compromise is not as good. So, it really depends on the motives of the attacker.
Trustwave: A big theme that the report explores is IT/OT convergence. How are Australian manufacturers approaching this, and what risks should they keep at the top of their minds?
Craig Searle: I would say manufacturing is lagging behind other industries, such as resources and critical infrastructure, when it comes to securing OT environments. As a general observation, the OT infrastructure in manufacturing tends to be ‘sweated’ for longer, meaning it is more likely to be outdated and difficult to secure effectively.
There is still ample evidence of Australian manufacturers relying on a small target philosophy – “Why would anyone bother attacking us?”.
Trustwave: How can Australian manufacturers ensure business continuity in the event of a cyberattack?
Craig Searle: Preparation is key. Actual stress-tested preparation.
Using an Australian analogy - A footy team wouldn’t walk onto the MCG purely based on a few scribbles from the coach on a whiteboard and moving around a few positional markers.
Yet all too often we see Australian manufacturing organizations relying on BCP plans that have never been tested in the wild and instead only exist on paper.
Occasionally, organizations will go one step further and conduct a tabletop exercise, which is an improvement but is still not enough.
The best footy teams build cohesion and an ability to respond under pressure by constant, consistent training and refining the outcomes they observe. If an organization is serious about having a workable and reliable BCP framework, then it needs the same level of dedication and enthusiasm.
Trustwave: Are there specific concerns you’re hearing from manufacturing clients or prospects regarding their security hygiene or posture?
Craig Searle: Cost and bang for their buck. The Australian manufacturing sector runs on notoriously thin margins because our labour costs are so high in comparison to our regional competitors. So, every dollar saved is important.
This means that cybersecurity is often an afterthought, and cybersecurity leaders in the sector are frequently hampered by a lack of investment.
Because cybersecurity is not top of mind, security experts and advisors that Trustwave has to offer can help those organizations "Maximize Cyber Value" from their existing budget.