In an era where technology is advancing at breakneck speed, cybersecurity concerns aren’t resolving. In fact, they’re growing. In the Experis 2025 CIO Survey, cybersecurity topped the priority list. Nearly half of the tech leaders surveyed cited cybersecurity as their top concern.
The reasons are clear. Cybercrime hit a record 9.5 trillion in 2024, and 2025 is on track to surpass that. As an entity, cybercrime constitutes the world’s third-largest economy.
To make matters worse, the cyber skills gap has increased by 8% in the last year, with 66% of organizations reporting moderate to critical skills gaps, including a lack of essential talent and skills to meet their security requirements.
Cybersecurity talent will become increasingly in-demand and difficult to find in the coming years. In fact, the industry needs 4.8 million more cybersecurity workers worldwide to address growing threats.
Cybersecurity in Engineering
Engineering firms are increasingly targeted because of the records they possess, including detailed financial records of their global clients and suppliers, as well as proprietary design information, which could be invaluable if sold to a competitor. Yet many engineering firms are still treating cybersecurity as a low priority.
From Supply Chain Attacks to Intellectual Property Theft: Cybersecurity Threats Engineers Should Watch
1. Ransomware Attacks
Unfortunately, ransomware attacks are announced on an all-too-frequent basis. Here are just a few recent examples.
National Defense Corporation (NDC) was hit by the Interlock Ransomware Group in March 2025. The attackers exfiltrated 4.2TB of sensitive data, including procurement and logistics documents. This breach exposed vulnerabilities in supply chain security and emphasized the need for compliance frameworks like CMMC 2.0 to protect sensitive but unclassified data.
Schneider Electric. In mid-January, the ransomware-as-a-service group Cactus infiltrated the networks of this multinational energy management company, reportedly stealing 1.5 terabytes of data from its Sustainability Business Division.
Land Rover/Jaguar. The luxury auto manufacturer, owned by Tata Motors of India, suffered a data breach that led to severe disruptions in operations and factory closures in the UK, China, India and Slovakia. The extent and type of data compromised was not made public.
Samsung Galaxy. A major data leak exposed 270,000 customer support records tied to Samsung Germany, after a hacker exploited long-compromised log-in credentials from a third-party vendor.
There are no easy answers for avoiding ransomware attacks, but what’s clear is that traditional tools — like firewalls, antivirus software and endpoint detection — are no longer enough.
2. Threats Targeting Software Engineers
In April 2025, a zero-day Common Log File System (CLFS) vulnerability in Microsoft systems was exploited globally (the term zero day means that the vulnerability is brand-new and developers have had zero days to address the issue). Custom malware called PipeMagic was used to escalate privileges and deploy ransomware.
These types of exploits are especially dangerous for engineers working on Windows-based systems or infrastructure, as they often have elevated access.
3. Intellectual Property Theft
Engineering firms, manufacturers, utilities and government entities can be attractive targets for intellectual property theft or sabotage.
Perhaps the most damaging intellectual property breach may still be ongoing. Starting in 2019, Chinese state actors infiltrated 30 multinational corporations in the manufacturing, energy and pharmaceutical sectors, exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas and manufacturing-related proprietary data. The damage that may have been caused by this effort, nicknamed Operation CuckooBees, is difficult to quantify, but the loss is estimated to be in the trillions.
Strong encryption and access controls can provide some protection against cyber espionage.
More Malicious Attacks
Supply Chain Attacks on Industrial Systems
As mentioned above, breaches can often migrate from multiple points within the supply chain.
Malware campaigns that initiate in the supply chain have brought warehouses and distribution centers to a standstill, delayed or misdirected shipments and resulted in reputational loss.
Malware can also be embedded into software updates for operational technology, affecting manufacturers of industrial machinery. This leads to physical damage to equipment and disrupted production.
Supply chain attacks emphasize the need for compliance frameworks like CMMC 2.0 to protect sensitive but unclassified data.
GPS Spoofing in Infrastructure Projects
GPS spoofing involves jamming the GPS signal to mislead navigation systems in maritime and logistics sectors. This causes misdirected shipments and near-misses. This is growing concern in the Persian Gulf in particular, where the potential exists to cause mass disruption of global trade.
IoT Vulnerabilities
As IoT devices like smart devices and automation systems gain in popularity, attackers exploit their lack of built-in security to gain network access. When these devices are added to a network, care must be taken to ensure firmware updates and network segmentation are in place.
Who Is Behind These Cybersecurity Attacks
In some cases, foreign governments are perpetrators. These actors have various motivations, political or financial. But because ransomware attacks can yield massive payloads when victims pay the price, there is a bustling market for these criminal services. Ransomware groups often operate using ransomware-as-a-service (RaaS) models, where they rent their tools and techniques to other threat actors. While arrests have been made, new players are constantly arriving on the scene, with half of the top 10 ransomware groups emerging for the first time in 2024.
Enhancing Cybersecurity Skills in Your Organization
Investing in cybersecurity education for engineers and technical staff ensures teams are equipped to recognize threats and respond effectively.
Here’s a basic framework for upskilling your employees:
1. Assess Current Skill Levels and Needs
Where are your vulnerabilities and where are the skills gaps?
2. Develop a Tiered Training Program
Break it down into levels based on roles and responsibilities:
- For Engineers
- Basic Cyber Hygiene
- Secure Development Training
- Operational Technology (OT) Security For those working with SCADA, PLCs, or industrial control systems.
- For Non-Technical Staff
- Cybersecurity Awareness
- Compliance & Policy Training
- For Leadership
- Risk Management & Strategy - Cyber risk assessment, incident response planning, governance
3. Use a Mix of Learning Formats
- Online platforms
- Workshops & Seminars
- Certifications
4. Measure and Evolve
- Track training completion, incident reduction, and employee feedback.
- Update training regularly to reflect evolving threats and technologies.
Other Important Measures
- Collaborating with specialized staffing firms like Manpower Engineering can accelerate access to skilled cybersecurity professionals. Our active consultants have access to no-cost training and certifications in digital security, helping organizations close talent gaps and strengthen defenses.
- Deploying tools that automate threat detection and response — such as SIEM platforms and AI-driven analytics — can help engineering firms identify vulnerabilities before they’re exploited. Threat intelligence platforms also provide real-time insights into emerging risks.
- Engineers and IT staff are frequent targets of phishing and impersonation attacks. Security awareness training is essential to prevent breaches. For example, Cisco reported a voice phishing (vishing) attack where a hacker impersonated support staff and tricked an employee into granting access to sensitive data, including email addresses and phone numbers.
- Federal and state governments have enacted robust cybersecurity laws and regulations. It’s important to be aware of and compliant with these measures.
The Time to Act Was Yesterday!
The engineering sector sits at the crossroads of innovation and vulnerability. As cybercriminals grow more sophisticated, the stakes for engineers and engineering firms rise — from compromised intellectual property to operational disruption and reputational damage. The reality is clear: cybersecurity must be embedded into the DNA of every engineering organization.
The good news? You don’t have to tackle this challenge alone.
Let’s Build Resilience Together
Manpower Engineering is here to help you stay ahead of the curve. Whether you're looking to strengthen your internal teams or bring in specialized cybersecurity talent, we offer flexible solutions tailored to your needs. Reach out today to explore how we can help you secure your future.
For more about cyber threats facing manufacturing and logistics, read The State of Cybersecurity in Manufacturing and Logistics.