{"id":28456,"date":"2026-04-07T01:00:39","date_gmt":"2026-04-06T17:00:39","guid":{"rendered":"https:\/\/bigband.net.my\/?p=28456"},"modified":"2026-04-06T11:40:20","modified_gmt":"2026-04-06T03:40:20","slug":"ransomware-resilience-malaysia-manufacturing-guide-2026","status":"publish","type":"post","link":"https:\/\/bigband.net.my\/index.php\/2026\/04\/07\/ransomware-resilience-malaysia-manufacturing-guide-2026\/","title":{"rendered":"Ransomware Resilience Malaysia Manufacturing Guide 2026"},"content":{"rendered":"\n[et_pb_section fb_built=”1″ _builder_version=”4.27.5″ _module_preset=”default” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||20px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_text_color=”#0060ae” header_font_size=”50px” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”40px||0px||false|false” custom_margin_phone=”20px||0px||false|false” header_font_size_tablet=”46px” header_font_size_phone=”42px” global_colors_info=”{}”]

How Malaysian Manufacturers Can Build<\/b><\/h1>\n

a Ransomware-Resilient Operation<\/span>
<\/b><\/h1>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”20px|0px|0px|0px|false|false” custom_margin_tablet=”20px||||false|false” custom_margin_phone=”20px||||false|false” header_2_font_size_phone=”26px” global_colors_info=”{}”]

A five-layer defence guide for production businesses: understanding how attacks unfold, what they cost, and the practical steps that keep your operations running.<\/em><\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”60px|0px|0px|0px|false|false” custom_margin_tablet=”40px||||false|false” custom_margin_phone=”40px||||false|false” header_2_font_size_phone=”26px” header_2_font_size_last_edited=”off|desktop” global_colors_info=”{}”]

The Manufacturers That Stay Running Have Something in Common<\/b><\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|20px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”on|desktop” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]

Manufacturing is the most ransomware-targeted industry in the world for the second consecutive year. Globally, the sector accounted for 1,156 ransomware incidents in 2025, a 32% increase from the previous year, and representing 19.3% of all recorded cases across all industries, according to NordStellar’s 2025 Year-End Ransomware Review. In Malaysia specifically, multiple manufacturing companies were targeted throughout mid-2025 by groups including Qilin, Global Inc Ransom, and Crypto24, causing production downtime and delayed deliveries to both domestic and export markets.
Source: NordStellar<\/span><\/a><\/p>\n

The reason manufacturers are targeted is straightforward. As Corey Nachreiner, Chief Security Officer at WatchGuard Technologies, states directly: ‘To a manufacturer, every minute of uptime translates to money. Cybercriminals and ransomware threat actors realise this. Every hour they can keep a manufacturer down costs the company revenue and profit, so they can really turn the screws with extortion.’
Source: manufacturingdive.com<\/span><\/a><\/p>\n

The manufacturers that recover quickly and keep operating do not have impenetrable defences. No organisation does. What they have is layered preparation: a set of specific, practical measures that contain the damage when an attack comes and make recovery measured in hours rather than weeks. This post explains those five layers.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ custom_padding_last_edited=”off|desktop” _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”||||false|false” custom_padding=”0px||0px||false|false” custom_padding_tablet=”||20px||false|false” custom_padding_phone=”||20px||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” background_color=”#f7f7f7″ custom_margin=”0px||20px||false|false” custom_padding=”0px|40px|0px|40px|false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”30px||||false|false” custom_margin_phone=”20px||||false|false” header_2_font_size_phone=”26px” header_2_font_size_last_edited=”off|desktop” global_colors_info=”{}”]

\n

THE MALAYSIAN MANUFACTURING REALITY IN 2026<\/b><\/h2>\n<\/div>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”||40px||false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]

Malaysia’s manufacturing sector is deeply integrated with ASEAN and global supply chains. A ransomware compromise at a Malaysian components supplier can ripple immediately to customers in Singapore, Thailand, and Indonesia. The Simply Data Malaysia Cybersecurity Landscape 2026 report documents specific recent incidents: a Selangor manufacturing plant lost two weeks of production to Cl0p ransomware with a demand of RM 2 million, and a Malaysian electronics SME was compromised through firmware updates that deployed malware to more than 200 downstream customers across Asia Pacific, with estimated damage exceeding RM 10 million.<\/p>\n

The Qilin ransomware group, which targeted Malaysia Airports Holdings Berhad in March 2025 and multiple Malaysian manufacturers throughout the year, recorded its 700th global attack of 2025 by October, according to Industrial Cyber’s analysis. Ransomware.live data confirms that manufacturing consistently holds the second-highest ransomware victim count across all industries in 2026. The threat is active, growing, and specifically targeting Malaysian operations. Sources: SimplyData<\/span><\/a> and industrialcyber.co<\/span><\/a><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||40px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”60px||||false|false” custom_margin_phone=”40px||||false|false” custom_margin_last_edited=”off|desktop” header_2_font_size_phone=”26px” global_colors_info=”{}”]

Understanding How a Manufacturing Ransomware Attack Actually Unfolds<\/b><\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”10px|0px|20px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]

Before building a defence, it helps to understand the attack. Modern ransomware against manufacturing operations follows a consistent four-stage pattern. Knowing these stages tells you exactly where your defences need to be strongest.<\/p>[\/et_pb_text][dvmd_table_maker tbl_column_header_count=”0″ tbl_responsive_mode=”off” tbl_frame_type=”lines” tbl_frame_line_color=”#e8e8e8″ tbl_frame_line_width=”2px” tbl_tcell_cell_color=”#FFFFFF” tbl_tcell_cell_align_vert=”center” tbl_rhead_cell_color=”#58595b” _builder_version=”4.27.6″ _module_preset=”default” tbl_tcell_text_font=”||||||||” tbl_tcell_text_text_color=”#58595b” tbl_tcell_text_font_size=”16px” tbl_chead_text_font=”||||||||” tbl_rhead_text_font=”|700|||||||” tbl_rhead_text_text_color=”#FFFFFF” tbl_rhead_text_font_size=”20px” custom_margin=”||10px||false|false” global_colors_info=”{}”][dvmd_table_maker_item col_label=”No.” col_content=”1. Initial Entry (Day 1)<\/I>” col_column_max_width=”0.6fr” col_column_max_width_tablet=”0.6fr” col_column_max_width_phone=”0.8fr” col_column_max_width_last_edited=”on|phone” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Content” col_content=”The attacker gains access through one of three common vectors: a phishing email that compromises an employee’s credentials, an exposed remote access system with weak authentication, or a compromised supplier or third-party vendor with access to your network. This entry is quiet. Nothing obvious happens.” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][\/dvmd_table_maker][dvmd_table_maker tbl_column_header_count=”0″ tbl_responsive_mode=”off” tbl_frame_type=”lines” tbl_frame_line_color=”#e8e8e8″ tbl_frame_line_width=”2px” tbl_tcell_cell_color=”#FFFFFF” tbl_tcell_cell_align_vert=”center” tbl_rhead_cell_color=”#f6921e” _builder_version=”4.27.6″ _module_preset=”default” tbl_tcell_text_font=”||||||||” tbl_tcell_text_text_color=”#58595b” tbl_tcell_text_font_size=”16px” tbl_chead_text_font=”||||||||” tbl_rhead_text_font=”|700|||||||” tbl_rhead_text_text_color=”#FFFFFF” tbl_rhead_text_font_size=”20px” custom_margin=”||10px||false|false” global_colors_info=”{}”][dvmd_table_maker_item col_label=”No.” col_content=”2. Lateral Movement (Weeks 1 to 12)<\/I>” col_column_max_width=”0.6fr” col_column_max_width_tablet=”0.6fr” col_column_max_width_phone=”0.8fr” col_column_max_width_last_edited=”on|desktop” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Content” col_content=”The attacker moves silently through your network over weeks or months, mapping systems, escalating privileges, and identifying your most critical assets. In manufacturing environments, this includes both IT systems (finance, email, ERP) and Operational Technology (OT) such as production controls and factory floor systems. The average dwell time before detection in Malaysia is 187 days. Your security tools may see nothing unusual during this phase.” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][\/dvmd_table_maker][dvmd_table_maker tbl_column_header_count=”0″ tbl_responsive_mode=”off” tbl_frame_type=”lines” tbl_frame_line_color=”#e8e8e8″ tbl_frame_line_width=”2px” tbl_tcell_cell_color=”#FFFFFF” tbl_tcell_cell_align_vert=”center” tbl_rhead_cell_color=”#E02B20″ _builder_version=”4.27.6″ _module_preset=”default” tbl_tcell_text_font=”||||||||” tbl_tcell_text_text_color=”#58595b” tbl_tcell_text_font_size=”16px” tbl_chead_text_font=”||||||||” tbl_rhead_text_font=”|700|||||||” tbl_rhead_text_text_color=”#FFFFFF” tbl_rhead_text_font_size=”20px” custom_margin=”||10px||false|false” global_colors_info=”{}”][dvmd_table_maker_item col_label=”No.” col_content=”3. Backup Destruction (Shortly before attack)<\/I>” col_column_max_width=”0.6fr” col_column_max_width_tablet=”0.6fr” col_column_max_width_phone=”0.8fr” col_column_max_width_last_edited=”on|phone” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Content” col_content=”Before triggering the ransomware, the attacker identifies and corrupts or deletes your backup systems. This is deliberate: removing your recovery option maximises the pressure to pay. If your backups are connected to the same network as your main systems, they are vulnerable at this stage.” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][\/dvmd_table_maker][dvmd_table_maker tbl_column_header_count=”0″ tbl_responsive_mode=”off” tbl_frame_type=”lines” tbl_frame_line_color=”#e8e8e8″ tbl_frame_line_width=”2px” tbl_tcell_cell_color=”#FFFFFF” tbl_tcell_cell_align_vert=”center” tbl_rhead_cell_color=”#911414″ _builder_version=”4.27.6″ _module_preset=”default” tbl_tcell_text_font=”||||||||” tbl_tcell_text_text_color=”#58595b” tbl_tcell_text_font_size=”16px” tbl_chead_text_font=”||||||||” tbl_rhead_text_font=”|700|||||||” tbl_rhead_text_text_color=”#FFFFFF” tbl_rhead_text_font_size=”20px” custom_margin=”||10px||false|false” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][dvmd_table_maker_item col_label=”No.” col_content=”4. Encryption and Demand (Attack day)<\/I>” col_column_max_width=”0.6fr” col_column_max_width_tablet=”0.6fr” col_column_max_width_phone=”0.8fr” col_column_max_width_last_edited=”on|desktop” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Content” col_content=”Files across IT and OT systems are encrypted simultaneously. Production halts. Screens display a ransom demand. In 2025 and 2026, most groups use double extortion: they also exfiltrate data and threaten to publish it publicly, creating pressure to pay even if you can restore from backup.” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][\/dvmd_table_maker][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” background_color=”#f7f7f7″ custom_margin=”40px||40px||false|false” custom_padding=”0px|40px|0px||false|false” locked=”off” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text content_tablet=”

\n

Hybrid cloud is not about splitting environments arbitrarily.<\/h3>\n
\n

It is about intentional workload placement based on risk analysis.<\/h3>\n<\/blockquote>” content_phone=”
\n

Hybrid cloud is not about splitting environments arbitrarily.<\/h3>\n
\n

It is about intentional workload placement based on risk analysis.<\/h3>\n<\/blockquote>” content_last_edited=”off|desktop” _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” header_3_font=”|600|||||||” header_3_line_height=”1.6em” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”30px||||false|false” custom_margin_phone=”20px||||false|false” custom_margin_last_edited=”on|desktop” custom_padding=”|||60px|false|false” custom_padding_tablet=”|||60px|false|false” custom_padding_phone=”|||20px|false|false” custom_padding_last_edited=”on|desktop” header_2_font_size_phone=”26px” header_3_font_size_tablet=”” header_3_font_size_phone=”” header_3_font_size_last_edited=”on|desktop” header_3_line_height_phone=”1.6em” header_3_line_height_last_edited=”off|desktop” global_colors_info=”{}”]
\n

“Attackers no longer need to break in through the front door. They look for the least protected connection in the wider ecosystem and work from there. Large organisations may feel secure, yet are blindsided by persistent, indirect attacks that occur within the cyber supply chain.”<\/em><\/h3>\n

Jeremy Moke, Senior Director, Ensign InfoSecurity Malaysia | CRN Asia, 2026 | Source: crnasia.com<\/span><\/a><\/p>\n<\/blockquote>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ custom_padding_last_edited=”on|desktop” _builder_version=”4.27.5″ _module_preset=”default” custom_margin=”||||false|false” custom_padding=”0px||40px||false|false” custom_padding_tablet=”||20px||false|false” custom_padding_phone=”||20px||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||20px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”30px||||false|false” custom_margin_phone=”20px||||false|false” custom_margin_last_edited=”off|desktop” header_2_font_size_phone=”26px” header_2_font_size_last_edited=”off|desktop” global_colors_info=”{}”]

\n

The 5-Layer Ransomware Defence for Malaysian Manufacturers<\/b><\/h2>\n<\/div>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]

AMDT’s 2026 manufacturing security analysis and IT GOAT’s Manufacturing Ransomware Defence Guide both confirm that effective protection is not a single tool. It is a set of layered measures that work together, each one addressing a different stage of the attack timeline. The five layers below are drawn from these frameworks, CISA’s StopRansomware Guide, and the SANS Institute 2025 OT Security Survey.
<\/span><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||40px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”24px” header_3_line_height=”1.3em” custom_margin=”10px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”20px|20px|0px|20px|false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” border_width_top=”10px” border_color_top=”#0c71c3″ locked=”off” global_colors_info=”{}”]

1. Separate Your Production Network from Your Office Network<\/strong><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”20px” header_3_line_height=”1.3em” custom_margin=”0px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px|20px|20px|20px|false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” locked=”off” global_colors_info=”{}”]

In many Malaysian manufacturing facilities, IT systems (email, ERP, finance) and OT systems (factory controls, sensors, production equipment) share the same network. This is one of the most common and most dangerous configurations in 2026. When an attacker enters through a phishing email targeting the finance team, a flat network gives them a direct path to production systems. Network segmentation creates a boundary: attackers who compromise office systems cannot automatically reach the factory floor. AMDT’s 2026 analysis is direct: IT systems should not be able to establish connections to the OT network. OT systems should transmit information to the IT network in one direction only. This single configuration change dramatically limits lateral movement.
Source: amdt.com<\/span><\/a><\/p>\n

Ask your IT team:<\/strong> Are our office IT systems and production floor systems on separate, firewalled network segments? Can someone who compromises an office laptop reach our production controls?<\/em><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||40px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”24px” header_3_line_height=”1.3em” custom_margin=”10px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”20px|20px|0px|20px|false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” border_width_top=”10px” border_color_top=”#088935″ locked=”off” global_colors_info=”{}”]

2. Apply Multi-Factor Authentication Everywhere, Especially Remote Access<\/strong><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”20px” header_3_line_height=”1.3em” custom_margin=”0px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px|20px|20px|20px|false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” locked=”off” global_colors_info=”{}”]

Remote access is the leading entry vector for manufacturing ransomware, accounting for 50% of incidents according to the SANS Institute 2025 OT Security Survey. Remote desktop tools, VPN connections, and supplier access portals without MFA are open doors. Adam Marr\u00e8, Chief Information Security Officer at Arctic Wolf, specifically identifies failure to integrate OT environments into centralised monitoring and failure to use MFA on remote access as the two most common mistakes that increase manufacturer vulnerability. MFA on every remote access point, admin account, and critical system blocks the vast majority of credential-based attacks at negligible cost.
Source: manufacturingdive.com<\/span><\/a><\/p>\n

Ask your IT team:<\/strong> Does every remote access point into our network, including supplier and third-party connections, require multi-factor authentication? Are admin accounts protected with MFA?<\/em><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||40px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”24px” header_3_line_height=”1.3em” custom_margin=”10px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”20px|20px|0px|20px|false|false” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” border_width_top=”10px” border_color_top=”#d88500″ locked=”off” global_colors_info=”{}” sticky_enabled=”0″]

3. Deploy Endpoint Detection and Response (EDR) Across All Devices, Including Factory Floor Systems<\/strong><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”20px” header_3_line_height=”1.3em” custom_margin=”0px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px|20px|20px|20px|false|false” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” locked=”off” global_colors_info=”{}” sticky_enabled=”0″]

Traditional antivirus detects known threats. EDR detects behaviour, the unusual patterns of movement, access, and activity that indicate an attacker is inside and moving through your network. In manufacturing environments, this needs to cover not just office laptops but engineering workstations, Human-Machine Interfaces (HMIs), and any device connected to your network. AMDT’s 2026 guide states clearly: manufacturers must maintain continuous visibility into their assets, deployed software, software versions, and the dependencies between IT and OT. This information must be available during day-to-day operations, not compiled for the first time during an incident. EDR combined with 24\/7 monitoring shortens detection time from months to hours.
Source: amdt.com<\/span><\/a><\/p>\n

Ask your IT team:<\/strong> Does our security monitoring cover factory floor devices and engineering workstations, not just office computers? Do we have real-time alerts for unusual network activity?<\/em><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||40px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”24px” header_3_line_height=”1.3em” custom_margin=”10px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”20px|20px|0px|20px|false|false” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” border_width_top=”10px” border_color_top=”#bc004b” locked=”off” global_colors_info=”{}” sticky_enabled=”0″]

4. Maintain Immutable, Isolated Backups with a Tested Recovery Plan<\/strong><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”20px” header_3_line_height=”1.3em” custom_margin=”0px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px|20px|20px|20px|false|false” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” locked=”off” global_colors_info=”{}” sticky_enabled=”0″]

As covered in our previous post on backup readiness, ransomware attackers specifically destroy backup systems before triggering encryption. The defence is an immutable backup, one that cannot be altered or deleted even by someone with admin access, stored in an environment completely isolated from your main network. For manufacturing businesses, this backup must cover both IT data and OT configuration data: the settings, parameters, and configurations for production equipment that would be needed to restart operations after a shutdown. Without OT configuration backups, restoring production after a ransomware event can take significantly longer than restoring IT systems alone. IT GOAT’s 2026 Manufacturing Defence Guide notes that organisations without tested recovery plans face weeks of disruption, while those with mature programmes restore critical operations within days.
Source: IT GOAT<\/span><\/a><\/p>\n

Ask your IT team:<\/strong> Do our backups include OT system configurations as well as business data? Are our backups isolated from our main network? When was the last time we tested a full restore?<\/em><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||40px||false|false” custom_padding=”0px||0px||false|false” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”24px” header_3_line_height=”1.3em” custom_margin=”10px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”20px|20px|0px|20px|false|false” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” border_width_top=”10px” border_color_top=”#6a00ad” locked=”off” global_colors_info=”{}” sticky_enabled=”0″]

5. Establish and Practise a Written Incident Response Plan That Covers the First 30 Minutes<\/strong><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” header_3_font=”|600|||||||” header_3_font_size=”20px” header_3_line_height=”1.3em” custom_margin=”0px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px|20px|20px|20px|false|false” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” header_3_font_size_last_edited=”off|desktop” header_3_line_height_last_edited=”off|desktop” locked=”off” global_colors_info=”{}” sticky_enabled=”0″]

The first 30 minutes of a ransomware event determine how far it spreads. The critical actions in that window, disconnecting affected systems, identifying the scope, notifying the right people, and beginning containment, must be documented and practiced before an incident occurs, not improvised during one. For Malaysian manufacturers subject to the Cybersecurity Act 2024, NACSA guidelines also require that critical information infrastructure operators maintain active security controls and report significant incidents within defined timeframes. A written plan that names specific people, specific actions, and a clear escalation path is the difference between a contained incident and a full plant shutdown. CISA’s StopRansomware Guide recommends that the plan be reviewed and approved by the CEO in writing, and that it be reviewed and understood across the chain of command.
Source: CISA<\/span><\/a><\/p>\n

Ask your IT team:<\/strong> Does a written incident response plan exist for a ransomware event? Does it name specific people responsible for the first 30 minutes? Has it ever been walked through as a tabletop exercise?<\/em><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||40px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”60px||||false|false” custom_margin_phone=”40px||||false|false” custom_margin_last_edited=”off|desktop” hover_enabled=”0″ header_2_font_size_phone=”26px” global_colors_info=”{}” sticky_enabled=”0″]

The Financial Anatomy of a Ransomware Attack on a Malaysian Manufacturer<\/b><\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”10px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}” sticky_enabled=”0″]

The numbers below are drawn from Simply Data’s Malaysia Cybersecurity Landscape 2026 report and CyberSecurity Malaysia incident data. They represent the typical range for a Malaysian manufacturing SME or mid-market operator. Understanding the full cost makes the investment case for prevention clear.<\/p>[\/et_pb_text][dvmd_table_maker tbl_column_header_count=”0″ tbl_responsive_mode=”off” tbl_frame_type=”lines” tbl_frame_line_color=”#dbdbdb” tbl_frame_line_width=”2px” tbl_tcell_cell_color=”#FFFFFF” tbl_tcell_cell_align_vert=”center” tbl_rhead_cell_color=”#FFFFFF” _builder_version=”4.27.6″ _module_preset=”default” tbl_tcell_text_font=”||||||||” tbl_tcell_text_text_color=”#58595b” tbl_tcell_text_font_size=”16px” tbl_chead_text_font=”||||||||” tbl_rhead_text_font=”|700|||||||” tbl_rhead_text_font_size=”18px” custom_margin=”||10px||false|false” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][dvmd_table_maker_item col_label=”Title” col_content=”Cost Category\nRansom demand\nProduction downtime losses\nIT forensics and system recovery\nOT system restoration\nCustomer penalties and supply chain claims\nPDPA regulatory fines\nLegal costs and public notification\nReputational damage and customer loss\nTotal typical range” col_column_max_width=”0.5fr” _builder_version=”4.27.6″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][\/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Content” col_content=”Typical Range for Malaysian Manufacturer<\/B>\nRM 500,000 to RM 5,000,000 (with no guarantee of full data return)\nRM 50,000 to RM 500,000 per day (varies by scale and sector)\nRM 100,000 to RM 1,000,000\nVariable, often exceeds IT recovery costs in production environments\nVariable, can be significant for export manufacturers\nUp to RM 750,000 for first offence, RM 1,500,000 for repeat\nRM 100,000 to RM 500,000\nOngoing, difficult to quantify\nRM 1,000,000 to RM 7,000,000+ per incident” _builder_version=”4.27.6″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″ col_tcell_text_font_size=”18px”][\/dvmd_table_maker_item][\/dvmd_table_maker][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”10px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”off|desktop” global_colors_info=”{}” sticky_enabled=”0″ text_line_height_last_edited=”off|tablet” text_line_height=”1.4em”]

For context:<\/strong> Simply Data’s analysis shows that investing RM 60,000 to RM 120,000 per year in managed security services reduces breach probability from approximately 70% to 20% for a Malaysian SME. At an average breach cost of RM 3.2 million, the expected value calculation is unambiguous.
Source: simplydata.com.my<\/span><\/a><\/em><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” background_color=”#f7f7f7″ custom_margin=”0px||20px||false|false” custom_padding=”0px|40px|0px|40px|false|false” locked=”off” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|10px|0px|false|false” custom_margin_tablet=”30px||||false|false” custom_margin_phone=”20px||||false|false” custom_margin_last_edited=”off|desktop” hover_enabled=”0″ header_2_font_size_phone=”26px” header_2_font_size_last_edited=”off|desktop” global_colors_info=”{}” sticky_enabled=”0″]

\n

YOUR MANUFACTURING RESILIENCE CHECK<\/b><\/h2>\n<\/div>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|40px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}” sticky_enabled=”0″]

5 of 5 layers in place:<\/strong><\/span> Your operation has strong foundational resilience. Focus on regular testing and keeping your OT asset inventory current as systems evolve.<\/p>\n

3 to 4 layers in place:<\/strong><\/span> Good progress. Prioritise network segmentation and MFA first, as these address the most common initial entry and lateral movement vectors.<\/p>\n

2 or fewer layers in place:<\/span><\/strong> This is the right moment to have a structured conversation with your IT team or security provider. The gaps are addressable, and addressing them now costs a fraction of what a successful attack would.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||60px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”60px||||false|false” custom_margin_phone=”40px||||false|false” custom_margin_last_edited=”off|desktop” header_2_font_size_phone=”26px” global_colors_info=”{}”]

A Final Word<\/b><\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”10px|0px|10px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” hover_enabled=”0″ text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}” sticky_enabled=”0″]

We encourage every Malaysian manufacturing business owner and operations leader to review their ransomware resilience with their current IT adviser or security provider. Use the five layers above as a practical starting point. Ask specifically about network segmentation between IT and OT. Ask whether your OT system configurations are backed up and tested. Ask what the first 30 minutes of your incident response plan looks like. These are reasonable, professional conversations that any qualified IT security partner should welcome.<\/p>\n

If you would like a second perspective, or if you are evaluating your options and want an independent view of your manufacturing operation’s cyber resilience, BigBand is happy to offer a no-obligation conversation. We are not here to replace your current provider. We are here to make sure your production never has to stop because of an attack that could have been prevented.<\/p>\n

bigband.net.my\/bigband-contact<\/span><\/a> | Office: +60 3 5879 3933 | email: sales@bigband.net.my<\/a><\/strong><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n","protected":false},"excerpt":{"rendered":"

How Malaysian Manufacturers Can Build a Ransomware-Resilient OperationA five-layer defence guide for production businesses: understanding how attacks unfold, what they cost, and the practical steps that keep your operations running.The Manufacturers That Stay Running Have Something in CommonManufacturing is the most ransomware-targeted industry in the world for the second consecutive year. Globally, the sector accounted […]<\/p>\n","protected":false},"author":5,"featured_media":28618,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"1080","footnotes":""},"categories":[38],"tags":[100,57,67,41,59,98,99,56,74],"class_list":["post-28456","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-anti-ransomware","tag-bigband","tag-businesscontinuity","tag-cybersecurity","tag-digitaltransformation","tag-manufacturingmalaysia","tag-otsecurity","tag-pdpa","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/posts\/28456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/comments?post=28456"}],"version-history":[{"count":15,"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/posts\/28456\/revisions"}],"predecessor-version":[{"id":28487,"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/posts\/28456\/revisions\/28487"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/media\/28618"}],"wp:attachment":[{"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/media?parent=28456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/categories?post=28456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bigband.net.my\/index.php\/wp-json\/wp\/v2\/tags?post=28456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}