Cyber-attacks on companies are increasing worldwide. Hackers are particularly targeting businesses that interconnect their machines, devices, and business processes. Therefore, investing in cyber-security is worthwhile.
Hackers have become the mafia of the digital age. They block systems, steal sensitive data, and extort money. They no longer operate as individuals in backrooms but as professionally organized groups equipped with top-notch technology. Their targets include both international corporations and medium-sized and small businesses.
(Image: Bystronic/Justin Wood)
It is the largest ransom amount hackers have ever demanded after an attack on a company: $50 million. In July 2020, the hacker group REvil targeted the American software manufacturer Kaseya. The multimillion-dollar demand came after the hackers paralyzed Kaseya's systems—and, as a result, shut down thousands of other companies that relied on the American firm's software.
Hackers have become the mafia of the digital age. They block systems, steal sensitive data, and extort money. They no longer operate as individuals in backrooms but as professionally organized groups equipped with cutting-edge technology. Their targets include international corporations as well as medium-sized and small businesses.
IoT Applications Are Affected By Security Vulnerabilities
Today, any business can become a target for hackers. This is especially true for companies that fully digitalize their operations. In these businesses, devices, machines, and computers frequently communicate autonomously with one another. Alongside the many advantages of digitalization, the risk of cyberattacks also increases. Even a single device connected to a network via the internet can cause significant damage.
This is illustrated by an example from Las Vegas: cybercriminals hacked the supposedly well-secured finance department of a casino. The culprits were the fish in an aquarium—or more precisely, the aquarium's internet connection. It had an application that fed the fish and monitored water quality via an internet connection. This system contained a security vulnerability through which the hackers accessed the network.
The aquarium is not an isolated case. Worldwide, millions of web-based devices—so-called "Internet of Things" (IoT) applications—are affected by security vulnerabilities, according to researchers at the U.S. security firm Forescout. In 2020, they identified the 33 most common vulnerabilities under the name "Amnesia: 33." They found that in about half of all cases examined, IoT devices such as cameras, sensors, smart light switches, barcode scanners, printers, or audio systems were affected.
Industrial companies are increasingly using IoT devices. In the era of Industry 4.0, the Internet of Things is increasingly connecting operational processes in the production hall with IT. Digital technologies have become integral to industrial companies. They are embedded in the control of machines and systems, in monitoring systems, and even in building technology. This means the systems, sensors, and software of all devices and machines communicate over shared networks. As a result, many new interfaces are created, providing attack surfaces for cyberattacks.
IoT Devices Are Popular Targets for Hackers
When it comes to security, IoT devices are particularly vulnerable to weaknesses because they are online around the clock, often poorly maintained, and rarely monitored. A study by the U.S. software company Symantec illustrates what this means: it concludes that today two-thirds of all internet-enabled devices use usernames like "admin" and default passwords like "12345." Additionally, updates are often neglected for devices such as printers.
Such vulnerabilities play into the hands of hackers. For industrial companies increasingly using IoT devices as part of their digitalization efforts, these security gaps can have serious consequences:
Production downtime: If cybercriminals gain access to a connected manufacturing plant, they can install malware and halt production. Until the affected device is identified, downtime occurs due to unavailable services.
Theft of intellectual property: Hackers steal patents and intellectual property. If they sell this data on the darknet, it can cause significant financial damage to the company.
Exposure of sensitive data: Cybercriminals search for critical data that they can publish. Companies with sensitive personnel data are particularly at high risk of incurring financial and reputational damage, along with potential legal consequences.
The examples show: The vulnerability of companies is significant. That's why cyber-security is becoming increasingly indispensable for businesses. However, while it is clear to a company's security officers that protection against physical intruders is necessary, many businesses often lack effective digital security barriers.
Simple Tactic: First Infiltrate the System, then Extort
If digital barriers are missing, hackers have an easy time extorting money through their actions. They proceed as follows:
Step 1: Infiltration
The first step for cybercriminals is to choose their target. Once identified, they attempt to infiltrate the selected company's network. Most often, hackers send phishing emails to employees to achieve this. A study by the international cybersecurity company Proofpoint reveals that two-thirds of the surveyed companies in Germany, France, the UK, Australia, Japan, and the USA were affected by phishing attacks in 2020.
Phishing emails usually contain a link or a file. If an employee clicks on it, malware is silently downloaded onto the computer—allowing the attackers to infiltrate the company network. Once inside, they search for valuable data they can use to blackmail the company. They are particularly interested in sensitive customer data, intellectual property, or other confidential documents.
Step 2: Extortion
Often, attackers extract sensitive data from the company's network, encrypt it, and then demand a ransom. If the company pays, the blackmailers provide software that allows the data to be decrypted. As noted in the latest report from the Swiss National Cybersecurity Center, the extortionists are becoming increasingly audacious: many of them deploy encryption Trojans, also known as ransomware. To apply pressure on their victims, cybercriminals even resort to phone calls. They threaten to inform journalists about security vulnerabilities in the company's network or to publish sensitive data on data leak sites.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
Such reprisals seem to affect victims: According to the international study by Proofpoint, over half of the extorted companies paid the ransom in 2020 to regain access to their own systems and data.
Even Simple Protective Measures Can Help
To protect against cyber-attacks, there are some measures that medium and small businesses can implement without high expenses and with minimal effort:
Increase awareness: Training is important so employees can better recognize phishing emails and avoid opening them. This awareness effort is needed across all areas of a company to ensure the safe handling of corporate data.
Adhere to security standards: What sounds obvious is not always the case, even in large companies. Many employees often use the same password for years. This makes devices easier to hack.
Conduct a risk analysis: An analysis makes digital security vulnerabilities visible. Such an analysis can be particularly useful for companies whose IT networks have grown organically, as cybersecurity is often not taken into account from the outset during the growth process. Based on this, a company can then develop a protection concept (see box "Security in the Smart Factory").
Cyber-security is a top management responsibility: To implement security measures across all business processes, a strong commitment from top management is required. They should make the issue a part of the company culture.
Ensuring Security Together With Everyone
Effective digital security barriers are essential for every company—this is evident from the alarming rise in cyberattacks. In the new reality of cybercriminal threats, it is crucial for businesses to develop a digital security concept that reliably addresses the risks from the internet. This especially includes ensuring that all employees are aware of the dangers and act cautiously as a result.
Nevertheless: There is no such thing as 100% security against attackers. Companies should also be aware of this. Instead, it is about establishing the necessary security barriers in tandem with technological advancement on their path to digital operations.
Companies in Industry 4.0 can achieve this by focusing not only on an internal cultural shift toward greater security awareness but also on prioritizing security in external decisions. This means, on one hand, businesses should take cybersecurity factors into account when selecting their partners. On the other hand, IoT manufacturers must integrate cybersecurity into the development of their solutions. Smart networking will only be successful if, in addition to performance, the protection of the digital infrastructure is ensured.
Info
Security in the Smart Factory
Companies that want to intelligently and securely connect their machines, employees, and applications should consider cyber-security from the very beginning. Experts refer to this approach as "Security by Design"—to avoid as many security gaps as possible.
The following security measures are suitable for industrial companies:
Central management tool: The central control of all machines and systems provides a company with an overview of all applications at any time. This makes it easy to see when and where parts of a network are being accessed. In addition, a company can manage and monitor all IoT devices through a single application.
Not everyone is allowed everything: Each employee, machine, and system requires individual user accounts and access rights. This ensures that each participant only has access to the data relevant to their area of work. In the event of cyber-attacks, this can help minimize potential damage.
Data monitoring: With a central management tool, a company can collect, visualize, and analyze all its data. This makes suspicious activities visible. Security-related events that can be identified include incorrect password entries, resource overloads, unauthorized access, or changes in configuration files.
Info
The 5 top dangers
The biggest cyber traps for companies:
Malware infects control components of machines or other devices in the company network
Malware enters the company network via external storage devices or external software
Social engineering: Hackers specifically target individuals in a company with phishing emails to install malware via a link or a file
Human misconduct: Employees attempt to sabotage the operation
External breach: Hackers gain access to the company network via internet-based maintenance access from external service providers
Secure and Compliant Authentication in Laboratories
:quality(80)/p7i.vogel.de/wcms/af/1e/af1ec4fca4636f521f780ba0ae009c8e/bild3-werkst-c3-bcck-20und-20werkzeug-5204x2928v1v1.jpeg "The main area of application for the new axial gear cutting machine is the production of rotor shafts for electric vehicles. (Image:Profiroll Technologies)")
:quality(80)/p7i.vogel.de/wcms/d1/ab/d1ab452217529e5c29a81add9aca7c22/0128871322v1.jpeg "Only one year to go: the new EU Machinery Regulation makes cybersecurity mandatory. Companies should act now. (Picture: ©Pisit - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/88/53/8853f7df2fe47a3d2c6f1879f6ac38e6/newsimage417073-1500x843v1v1.jpeg "Measuring setup for friction stir welding: Modular acoustic measuring system with flexibly positioned microphones for recording tool wear and process deviations in real time. (Image:Fraunhofer IDMT)")
:quality(80)/p7i.vogel.de/wcms/28/75/28751a17e2bcca46e53a1e7b8a84c433/schmersal-tiepner-029-6749x3796v1v1.jpeg "Tiepner's compact system produces ID cards made of laminated plastic, which are used as customer cards, ID cards or cheque cards, among other things. Left in the picture: Christian Höltge, Managing Director of Tiepner GmbH. (Image:Tiepner GmbH)")
:quality(80)/p7i.vogel.de/wcms/cd/fe/cdfe212a3b3206e2ff09dcdf71c11240/0129219561v1.jpeg "Extended S-series: The new Cobot models from Omron lift up to 30 kilograms and are now also protected against dust and water thanks to protection class IP65. (Image:Omron)")
:quality(80)/p7i.vogel.de/wcms/c3/6d/c36d161e7709095fd1de4cb9de27d927/0129133682v1.jpeg "Nanjing is Siemens' largest research and production center for CNC systems, drives and electric motors outside Germany. (Image:Siemens)")
:quality(80)/p7i.vogel.de/wcms/70/dc/70dc2fbc09e6958a72c63bd15e986e14/0129206156v1.jpeg "The global shoe machine manufacturer Desma relies on automation and has been revolutionizing shoe production—together with ABB Robotics for over 40 years. (Image:ABB Robotics)")
:quality(80)/p7i.vogel.de/wcms/60/fd/60fd12ddfe1fb623568736f27d1cfe61/0128606899v1.jpeg "The future of supply chains: AI and dashboards to ensure optimal OTIF values (Picture: ©immimagery - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/39/38/393873c2ed943bb715a6419d94049b63/geralt-entrepreneur-1340649-1280-1280x720v1v1.jpeg "Visual Components presents its forecast for production simulation in 2026. (Image:Pixabay)")
:quality(80)/p7i.vogel.de/wcms/60/4e/604e2a1ce26f177c5f28c2bff94c2f7d/der-20rotor-20mit-20aktiv-20verwindbaren-20rotorbl-c3-a4ttern-20im-20windkanal-1920x1079v1v1.jpeg "The rotor with actively twistable rotor blades in the wind tunnel: The open measuring section and sound-absorbing wall and model fuselage cladding enable high-quality acoustic measurements. (Image:DLR)")
:quality(80)/p7i.vogel.de/wcms/a8/9a/a89aef1cba3843fa06a1ec1f07cf659b/adobestock-95634179--c2-a9-20crazyforanimeart-20-e2-80-93-20stock-adobe-com-4762x2678v1v1.jpeg "Copied from the octopus: Researchers have developed a film-like thin-film platform that can dynamically change not only its color but also its surface structure. (Image:AdobeStock_95634179_ CrazyForAnimeArt)")
:quality(80)/p7i.vogel.de/wcms/2b/fb/2bfbb9fa26274cb8f6e8979c24a3d08e/0129243542v1.jpeg "In some cases, the new additively manufactured lightweight bearings only reach
11 percent of the weight of comparable steel bearings. (Image:Rosswag Engineering)")
:quality(80)/p7i.vogel.de/wcms/d2/40/d240b49c8edba464bf610f0e0b3628f0/p90629460-lowres-2250x1265v1.jpeg "(Source: BMW Group)")
:quality(80)/p7i.vogel.de/wcms/e9/60/e960f8c34a847b11fc576c54d9d46ea6/0129325747v1.jpeg "Robobuses, like WeRide here, are well on the way to becoming an integral part of local public transport. (Image:WeRide)")
:quality(80)/p7i.vogel.de/wcms/e3/8d/e38d7a9b1bcb87f6ef6546654a2ee40f/bild1v1.jpeg "(Source: InfiMotion)")
:quality(80)/p7i.vogel.de/wcms/a6/cc/a6cc273294dbe8ab9534fb4316fc8d2b/0129255976v1.jpeg "Porsche sees battery expertise as a key strategic competence and has developed the battery modules for the new Cayenne Electric itself. (Image:Porsche)")
:quality(80)/p7i.vogel.de/wcms/6f/8f/6f8ff5bf9b81829ef22736bc790cecca/0129224894v1.jpeg "View of the quantum optics laboratory at the University of Stuttgart: here, researchers are experimenting with new photon sources for quantum computing and quantum networks. (Image:Barz Group, University of Stuttgart)")
:quality(80)/p7i.vogel.de/wcms/52/3a/523ac3157ae4b4f596c7241c89127061/0129260553v1.jpeg "This artistic illustration shows a thermal analog calculator that performs calculations using excess heat and is embedded in a microelectronic system. (Image:Jose-Luis Olivares, MIT)")
:quality(80)/p7i.vogel.de/wcms/d1/f4/d1f4508c6b79ec2f0432b34a6fa33a98/0114966184v1.jpeg "The Infineon headquarters Campeon in Neubiberg, Munich. (Image:Infineon)")
:quality(80)/p7i.vogel.de/wcms/fa/d3/fad3872cf3f110f43411f2dce9e8f23a/0129265762v1.jpeg "Siemens Energy has discovered the USA as a prosperous growth market for network technology and gas turbines! In order to be able to meet demand at some point, the company is already digging deeper into its pockets ... (Image:Siemens Energy)")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80):fill(efefef,0)/p7i.vogel.de/wcms/67/ac/67acb931a438c/elatec-wp-gmp.png "Elatec WP GMP")
:quality(80)/p7i.vogel.de/wcms/42/30/4230405987bf408938befc2cc750d609/0122621419v1.jpeg "Time and again, as in 2025, there are security gaps in AI hacking attacks. (Image:DXC Technology)")
:quality(80)/p7i.vogel.de/wcms/88/44/88441b497a618976c959afbcba86e87e/0127567165v1.jpeg "Zero Trust security should be an approach for many companies due to increasing attacks on IoT and OT devices. (Image: ©ezra - stock.adobe.com)")