Industrial control systems (ICS) and SCADA (Supervisory Control and Data Acquisition) environments were never designed to be exposed to the internet. Yet, as manufacturing enterprises embrace digital transformation, they find themselves in a challenging position—balancing operational efficiency with cybersecurity risk.
For one Fortune 500 global manufacturer client, this challenge caused a potentially exploitable vulnerability. In an effort to modernize its production facilities, the company integrated its SCADA network with cloud-based analytics and remote monitoring solutions. But in the process, multiple SCADA endpoints were accidentally left exposed to the public internet. Without strong authentication controls or segmentation, these systems became attractive targets for attackers. (Figure 1).
Figure 1. A Fortune 500 global manufacturer’s SCADA system that was compromised via its cloud-based monitoring solution.
The implications were severe:
Despite using conventional vulnerability management and network security tools, the aforementioned company remained unaware of these exposures. Why? Because legacy scanners and asset management tools rely on predefined IP ranges and manual inputs—meaning they often miss the unknown or misconfigured assets within sprawling IT and OT environments.
In this case, the SCADA systems were connected via a third-party vendor’s remote access solution, which created an unintended internet-facing exposure. The company’s security team had no visibility into these risks because the asset wasn’t registered in their inventory. This is a textbook example of shadow OT—a growing problem where connected operational technology assets exist outside the security team’s awareness.
The company’s security team had no visibility into this risk because:
To avoid shadow OT problems, manufacturers need to implement what’s called external exposure management. In short, this is the process of taking the attacker’s view from the outside and managing risk based on the accessibility and attractiveness of exposed assets.
This was an actual case study of how CyCognito’s external attack surface management (EASM) platform detected and flagged the internet-exposed SCADA endpoints, luckily before any known security incidents arose.
Here’s how CyCognito helped remediate the issue:
This incident underscores a critical reality for manufacturers—security gaps often emerge at the intersection of IT and OT environments. As companies accelerate digital transformation initiatives, they must:
For this Fortune 500 manufacturer, CyCognito provided the critical visibility and remediation guidance needed to avert a potential cyber incident. But this is just one case among many. Every manufacturing company must ask itself: Do we know what’s truly exposed? And if not, who else does?
Discover and secure your attack surface today. Contact CyCognito to learn how we can help eliminate blind spots before attackers exploit them.
Rob Gurzeev, CEO and Co-Founder of CyCognito, has led the development of offensive security solutions for both the private sector and intelligence agencies.
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.
Discover insights on application security, exposure management and other key topics below.
The definitive guide to attack surface management. Learn everything you need to know to reduce your cyber security risk with attack surface management.
Exposure management is a set of processes which allow organizations to assess the visibility, accessibility, and risk factors of their digital assets.
Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in a system.
Explore CyCognito modules ASM, AST and EI in the resources below.
Scalable, continuous, and comprehensive testing for all external assets, all the time.
CyCognito Automated Security Testing dynamically applies payload-based testing techniques across your entire external attack surface.
CyCognito Exploit Intelligence uses threat intelligence about attackers’ behavior and exploitability for enhanced prioritization.