Cyberattacks against the manufacturing industry continue to rise. A report from IBM’s X-Force found that the sector was the number one targeted industry for a fourth year in a row. And to make matters worse, AI is enabling new types of attacks that allow for greater volume and sophistication.
Firewalls and VPNs tend to dominate manufacturing enterprises’ security strategy, but they aren’t enough. It’s DNS that underpins every digital interaction – and it’s DNS filtering that offers unmatched potential for both protection and intelligence.
Unique Security Challenges
The manufacturing sector is a lucrative target for bad actors. IBM’s research found that manufacturers face an ongoing onslaught of attacks, resulting in extortion (29 percent), data theft (24 percent) and more.
Attackers go after intellectual property and financial assets, and while malware has declined in other industries, manufacturing suffered the greatest number of ransomware cases last year. That’s because malicious actors are more easily able to exploit this industry’s legacy technology. At $5 million, manufacturing had the third-highest average cost for a data breach among industry sectors.
The attacks have significant consequences. In September of this year, a major attack against Jaguar Land Rover (JLR) forced the company to proactively shut down IT systems and stop manufacturing lines at key plants. The company noted in a statement that “our retail and production activities have been severely disrupted.”
The potential wide-reaching consequences (think bang for the buck) can make this sector very appealing to cybercriminals – along with a few common factors that can make it an easier target to strike (and a harder one to secure). Those include:
- Aging OT systems with minimal built-in security.
- Convergence of IT and OT.
- Resource constraints.
- Increasing IoT/IIoT adoption.
Underlying all of these challenges is the fact that AI is equipping cybercriminals with greater power and ability than ever.
The Embedded Risk
Manufacturing organizations have tended to focus on perimeter defenses, such as firewalls and VPNs. While these are important, many organizations still lack robust endpoint security solutions. Today, an organization’s employees are likely to be working from a variety of locations, and all of them need to be secured. Protection must expand to everything from legacy hardware to smartphones.
DNS (Domain Name System) is fundamental to all networking operations, but is often overlooked as a part of cybersecurity defenses. When DNS is used for zero-trust access policies and threat protection, it is sometimes referred to as protective DNS.
DNS is essentially the internet’s address book. Instead of typing a string of numbers (an IP address) to reach a website or connected device, DNS translates easy-to-remember names (like company.com) into the machine-readable address. Every time a factory system, connected sensor or employee device goes online, it uses DNS to find where to connect.
As a foundational component of all network communications, DNS is integral to every action taken online. From servers to IoT devices on a factory floor, every connection begins with a DNS query. This universal dependency means that malicious actors can’t bypass it; their malware, phishing campaigns and other attacks must also use DNS to function.
This isn’t a weakness of DNS, but rather a strategic opportunity for security. By leveraging DNS as a primary control point, organizations can gain unparalleled visibility and control over their network traffic. This approach, known as protective DNS, transforms a fundamental utility into a powerful security layer.
Because protective DNS is active on every device that connects to the network, it offers a more comprehensive and effective shield than many other security tools. It acts as a first line of defense, capable of proactively identifying and blocking a wide range of malicious activity before a connection is ever established.
For manufacturers, this means that protective DNS can prevent cybercriminals from:
- Directing users to harmful websites used for phishing or malware delivery.
- Enforcing a “least privileged” zero trust connection policy to only what the device needs for its work.
- Communicating with malicious servers to launch hijacking or denial-of-service attacks.
Ultimately, securing the DNS layer allows you to use a system that is already everywhere to protect everything.
Getting the Upper Hand
It’s tempting to go chasing after the latest “shiny object” in cybersecurity, but the reality is that many organizations are still missing those foundational basics, including protective DNS. In fact, DNS can be turned into a cybersecurity advantage for modern manufacturing organizations.
It works by blocking connections to malicious destinations before they are established, thereby neutralizing threats such as malware and command-and-control communications. This is especially powerful in a manufacturing environment.
For example, policies can automatically block IoT devices from accessing any domain created within the last 30 days—a common tactic for new attacks. Better yet, since factory-floor devices have routine, predictable communication patterns, you can enforce a zero-trust policy. This means creating a strict allowlist so a device can only connect to a small set of pre-approved domains, effectively shutting down any unauthorized access and drastically shrinking your attack surface.
DNS provides visibility and intelligence across complex supply chain networks. Manufacturing sites often have distributed facilities, contractors and remote workers connecting from many locations.
Organizations need real-time insight into device activity and traffic patterns across all environments, including IT, OT and cloud. This intelligence enables early detection of compromised devices, insider risks and unusual behaviors, which strengthens security monitoring and incident response.
Protective DNS is also required for CMMC compliance, the audit you need to conduct if you want to become a contractor for the Department of Defense. It’s also recommended by guidelines from the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA).
DNS isn’t only critical for connectivity but also for modern cyber defense. Because DNS is so foundational, manufacturers need to secure that layer by monitoring DNS traffic, blocking malicious domains, and preventing attackers from abusing it.
Its simplicity and universality make it uniquely powerful for protection and visibility – especially in manufacturing, where digital and physical risks converge.
