Diving into the critical intersection of cybersecurity and manufacturing, we’re thrilled to speak with Kwame Zaire, a renowned expert in the field with deep insights into electronics, equipment, and production management. Kwame is a thought leader in predictive maintenance, quality, and safety, and today, he’ll be shedding light on the pressing mobile device security challenges facing the manufacturing sector. Drawing from recent findings in Verizon’s 2025 Mobile Security Index, our conversation explores the heightened cyber risks tied to mobile and IoT adoption, the complexities of IT and OT convergence, and the industry’s lag in implementing robust security measures. We’ll also delve into specific threats like phishing and AI-assisted attacks, as well as the gaps in policies and preparedness that leave manufacturers vulnerable.
How aware do you think manufacturing companies are of the cyber risks associated with their increasing reliance on mobile and IoT devices?
I’d say awareness is growing, but it’s still not where it needs to be. Many manufacturing companies are starting to recognize that their rapid adoption of mobile and IoT devices—think sensors on factory floors or tablets for inventory tracking—opens up new attack surfaces. However, the depth of understanding varies widely. Larger firms with dedicated IT teams often grasp the scale of the threat, while smaller players might see cybersecurity as an afterthought until a breach hits. The reality is, these devices are integral to modern operations, but they’re often less secure than traditional IT systems, making them prime targets for attackers.
What are some of the biggest concerns manufacturers have about how interconnected supply chains amplify their exposure to cyberattacks?
Manufacturers are deeply worried about the ripple effects of a breach in their supply chains. Since everything is so interconnected—vendors, suppliers, logistics partners—a single weak link can bring down the whole network. For instance, if a supplier’s mobile system gets compromised, it could delay critical parts, halt production, or even expose sensitive data across the chain. There’s also the fear of cascading failures; a cyberattack on one partner could lead to operational downtime for everyone else, costing millions and eroding trust with customers.
Why do you think such a high percentage of manufacturers believe a security incident could disrupt their supply chain and damage their reputation?
The figure—83%—really speaks to how tightly knit and time-sensitive manufacturing operations are. A security incident, like ransomware locking up a factory’s systems, doesn’t just stop production at one site; it can delay shipments, miss deadlines, and frustrate downstream partners. Reputation takes a hit because clients start questioning reliability—if you can’t deliver on time due to a cyber breach, they might look elsewhere. Plus, in today’s world, news of a data breach spreads fast, and public perception can tank even if the financial loss is contained. Manufacturers know their brand is on the line.
How does the convergence of operational technology and information technology make mobile device security a bigger priority for manufacturers?
The merging of OT—think machinery control systems—and IT, like corporate networks and mobile apps, creates a much broader attack surface. Historically, OT was air-gapped, isolated from the internet, but now, with mobile devices and IoT connecting factory floors to corporate systems, a compromised phone or tablet can serve as a gateway to critical infrastructure. For 85% of manufacturers to highlight this as a concern shows they’re seeing real risks, like a hacker accessing a production line through a poorly secured device. Securing mobile endpoints isn’t just an IT issue anymore; it’s about protecting the heart of operations.
What unique challenges does this IT-OT convergence pose when it comes to securing mobile devices in manufacturing settings?
One major challenge is the sheer diversity of devices and systems in play. You’ve got legacy OT equipment that was never designed with cybersecurity in mind, now interacting with modern mobile devices running on different platforms. Standardizing security across this mix is a nightmare. Then there’s the environment—factories aren’t sterile offices; devices get exposed to dust, heat, or even physical damage, which can complicate updates or security patches. Plus, many workers aren’t tech-savvy, so user error, like clicking a bad link on a tablet, becomes a huge risk when that device ties directly to production systems.
Why do you believe the manufacturing sector lags behind other industries in updating mobile security controls?
Manufacturing often prioritizes uptime and production over security. There’s a mindset of ‘if it ain’t broke, don’t fix it,’ especially with tight budgets and thin margins. Upgrading security controls can mean downtime or costly overhauls, which many companies avoid. Unlike, say, finance or healthcare, where data breaches have direct regulatory consequences, manufacturing hasn’t faced the same level of scrutiny—until recently. There’s also a skills gap; many firms lack in-house cybersecurity expertise and rely on outdated practices, putting them behind industries that adapted faster.
What are the primary obstacles manufacturers face in adopting incident response best practices?
First, there’s a resource issue—both financial and human. Developing a solid incident response plan requires investment in training, tools, and personnel, which smaller manufacturers often can’t spare. Second, there’s a cultural barrier; many companies still view cybersecurity as an IT problem, not a core business concern, so there’s little executive buy-in to prioritize response strategies. Finally, the complexity of their environments—sprawling supply chains, mixed OT-IT systems—makes it hard to create a one-size-fits-all plan, leaving gaps when a crisis hits.
Why is phishing such a significant threat for manufacturing employees, especially considering the high targeting rate in early 2025?
Phishing is a massive issue because it exploits the human element, which is often the weakest link. In manufacturing, where 18.5% of employees were targeted in Q1 of 2025, many workers use mobile devices for quick communication or to access systems on the go. They might not be trained to spot a fake email or text, especially under pressure to keep production moving. Attackers know this and craft convincing messages—think fake urgent requests from a ‘supplier’—that can trick someone into sharing credentials or downloading malware, potentially disrupting entire operations.
How concerned should manufacturers be about emerging threats like AI-assisted attacks, zero-day exploits, and deepfakes compared to other industries?
Manufacturers should be very concerned, even if they’re slightly less prepared than other sectors. AI-assisted attacks can automate and scale phishing or malware campaigns, making them harder to detect. Zero-day exploits are terrifying because they target unknown vulnerabilities—manufacturing systems, often running older software, are prime targets. Deepfakes, while less common, could be used to impersonate executives in video calls, tricking employees into transferring funds or data. While other industries might be ahead in countermeasures, manufacturing’s critical infrastructure makes the stakes incredibly high.
What practical steps can manufacturers take to better shield themselves against these specific cyber threats?
Start with the basics: implement robust mobile device management to control and secure every device accessing the network. Training is crucial—regular sessions on spotting phishing or suspicious activity can cut down human error. For AI-assisted threats or zero-day exploits, invest in mobile threat defense tools that detect anomalies in real time. Adopting a zero-trust approach, where every user and device is verified, can also limit damage from deepfakes or credential theft. Finally, partner with cybersecurity experts for managed detection and response to stay ahead of evolving threats.
Why do you think so few manufacturers have defined policies for generative AI compared to the broader industry average?
Only 37% having policies versus 50% across industries points to a couple of issues. First, generative AI is still seen as a niche tool in manufacturing, not a core operational risk, so there’s less urgency to regulate it. Many firms are focused on immediate threats like ransomware, not future ones like AI misuse. Second, there’s a lack of expertise—crafting policies for something as complex as AI requires know-how that many manufacturers don’t have in-house. They’re playing catch-up while other sectors, like tech, have already faced AI-related incidents and adapted.
How does the lack of regular security audits impact manufacturers’ ability to spot and address vulnerabilities?
With only 40% conducting audits compared to 54% overall, manufacturers are flying blind to a degree. Audits are like health checkups—they reveal weak spots, whether it’s outdated software on mobile devices or unpatched IoT systems. Without them, companies can’t prioritize fixes or allocate resources effectively. This gap means vulnerabilities fester, increasing the odds of a breach going unnoticed until it’s too late. It’s a risky oversight, especially when supply chains and OT systems are in the crosshairs.
What is your forecast for the future of mobile security in manufacturing over the next few years?
I think we’re at a tipping point. Over the next few years, I expect manufacturing to face more targeted attacks as cybercriminals realize how lucrative and vulnerable the sector is. But I also see a silver lining—awareness is growing, and pressure from regulators and customers will force companies to invest in mobile security. We’ll likely see wider adoption of zero trust and mobile threat defense tools, alongside better IT-OT integration. The challenge will be balancing security with operational efficiency, but those who adapt quickly will gain a competitive edge. It’s going to be a bumpy ride, but I’m cautiously optimistic.
