Ransomware is exploiting factory VPNs: Manufacturers should rethink OT remote access governance, says Secomea

Just-in-time vendor access, auditability, and containment are key controls for reducing ransomware risk in manufacturing, according to Secomea

COPENHAGEN, Denmark, June 30, 2026 /PRNewswire/ — Following a recent increase in publicly reported ransomware and extortion incidents affecting manufacturers and industrial suppliers, Secomea is urging organizations to reassess how third-party remote access is managed across production environments.

In operational technology (OT) environments, third-party remote access is essential for maintenance, troubleshooting, and equipment support. However, as ransomware groups increasingly target manufacturing organizations, security teams are facing growing pressure to balance operational continuity with cybersecurity, compliance, and vendor access control.

“Many organizations focus on keeping attackers out, but far fewer examine how much access is available once someone gets in,” said Knud Kegel, CTPO at Secomea. “In manufacturing environments, remote access is essential for keeping operations running. The challenge is making sure that access is controlled, temporary, and visible.”

Manufacturers rely on machine builders, system integrators, and service providers to support critical equipment remotely. However, always-on access, shared credentials, and limited oversight can create opportunities for attackers to move through environments once an initial compromise occurs.

While the specific circumstances vary from incident to incident, recent attacks highlight a common challenge: balancing operational access with security and oversight.

According to Secomea, organizations should focus on three areas:

Reduce standing access
Vendor access should be granted only when needed and removed when the task is complete. Limiting access windows reduces the opportunity for misuse, credential abuse, and unauthorized activity.

Improve visibility and accountability
Organizations should be able to see who accessed systems, when they connected, and what actions were performed. Detailed audit trails support investigations, compliance requirements, cyber insurance reporting, and incident response.

Prepare for containment
When suspicious activity is detected, security and operations teams need practical ways to isolate affected assets and prevent disruptions from spreading across production environments.

Effective OT access governance combines least-privilege access, just-in-time vendor access, auditability, and rapid containment to reduce cyber risk while maintaining operational continuity.

These measures have become increasingly important as manufacturers face growing regulatory scrutiny, rising cyber insurance requirements, and continued pressure to maintain operational uptime.

Practical steps for ransomware-ready OT remote access

As manufacturers review their cyber resilience strategies, Secomea recommends assessing whether the following controls and processes are in place:

• Just-in-time vendor access instead of persistent remote connections
• Approval-based workflows for access to critical systems
• Least-privilege permissions for users and vendors
• Audit trails that support investigations, compliance, and forensic analysis
• The ability to quickly isolate affected assets during an incident

“The conversation is shifting from simply enabling remote access to governing it,” said Knud Kegel. “Manufacturers do not need less connectivity. They need better governance of that connectivity. Organizations that can limit, monitor, and contain access are often better positioned to reduce operational impact when incidents occur.”

“Ransomware resilience in manufacturing increasingly depends on how organizations govern remote access to OT systems,” added Knud. “Just-in-time vendor access, visibility into remote sessions, and the ability to contain affected assets are becoming foundational cybersecurity controls.”

About Secomea

Secomea is a Secure Remote Access solution purpose-built for industrial networks and OT equipment. More than 8000 manufacturers and machine builders worldwide use Secomea to securely connect people, systems, and machines while maintaining operational continuity and control. By helping organizations govern vendor access, implement zero-trust principles, and improve visibility into OT remote access activities, Secomea supports secure collaboration across the manufacturing ecosystem.

Secomea was recently identified as a Representative Vendor in the CPS Secure Remote Access category in Gartner® Hype Cycle™ for CPS Security, 2026.

GARTNER is a trademark of Gartner, Inc. and/or its affiliates.

Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.  

Logo – https://mma.prnewswire.com/media/3002341/Secomea_Logo.jpg

View original content:https://www.prnewswire.co.uk/news-releases/ransomware-is-exploiting-factory-vpns-manufacturers-should-rethink-ot-remote-access-governance-says-secomea-302814296.html