• The manufacturing sector in Malaysia faces growing cybersecurity risks.
• Legacy OT systems have become increasingly connected to digital networks.

As Malaysia accelerates its push toward Industry 5.0, the country’s manufacturing sector – valued at over RM1.2 trillion – faces a growing and complex set of cybersecurity threats. From legacy operational technology (OT) systems to expanding digital ecosystems, manufacturers are navigating a risk landscape that’s changing as fast as the technology they adopt.

According to Allen Chin, Senior Manager, Technical Solutions at Palo Alto Networks, the industry’s increasing reliance on interconnected devices and systems opens up vulnerabilities that cyber attackers may exploit quickly. This includes risks from internal exploits, layered attack methods, and the convergence of IT and OT environments.

“One of the key issues is that many legacy OT systems weren’t designed with security in mind,” Chin explains. “As they get integrated into broader digital environments, organisations are left with gaps in visibility and control.”

In 2024 alone, CyberSecurity Malaysia recorded more than 1,200 incidents, with intrusion attempts and ransomware among the most common threats. According to PIKOM’s 2024 cybersecurity report [PDF], manufacturing remains one of the hardest-hit sectors, emphasising the importance of Malaysian industry in this regard.

Multiple entry points and the rise of AI-powered threats

The complexity of today’s threat landscape is not just about a single point of entry. Chin states that the 2025 Global Incident Response Report by Palo Alto Networks found that 70% of cyber incidents experienced at least three attack vectors. These include endpoints, cloud systems, and employee-targeted social engineering tactics.

Compounding the challenge is the growing use of AI by threat actors. “Attackers are now using AI to automate phishing, scan for vulnerabilities, and avoid detection. The makes it easier for them to launch fast, multi-stage intrusions,” Chin says. In many cases, attackers are able to move laterally through networks, pivoting into OT environments that were previously isolated. The assumption that these systems are protected by “air gaps” no longer holds up, particularly as more manufacturers connect them to IT systems for remote monitoring and data analysis.

Ageing vulnerabilities still in play

A recent whitepaper by Palo Alto Networks and Siemens sheds light on another concerning trend: the persistent exploitation of old vulnerabilities. The report found that nearly 62% of exploit attempts in OT environments targeted CVEs that were six to ten years old – most of which had already been patched.

“When we cross-reference this with our Unit 42 Incident Response Report, the pattern is clear,” says Chin. “In OT-related cases, almost 75% of attacks exploited known vulnerabilities. That’s not just a visibility issue – it’s a patching issue, an awareness issue, and often a resource issue.”

The research also revealed that manufacturing firms were frequent targets of internal exploit attempts. About 80% of malware detected in OT networks was referred to as “Unknown,” showing the growing sophistication of attacks and the limitations of traditional threat detection methods.

Why SCADA and OT systems are now a bigger target

Supervisory control and data acquisition (SCADA) systems and other OT platforms were once largely immune to cyberattacks due to their physical isolation. But that’s no longer the case. As digital transformation brings cloud platforms, 5G networks, and smart technologies into the factory environment, these systems are becoming more exposed – and more appealing – to cybercriminals.

“The exposure often isn’t intentional,” Chin says. “Devices installed for convenience or remote access sometimes end up accessible from the internet without the right protections in place.”

There’s also a financial incentive. Manufacturing disruptions have a domino effect on supply chains and productivity, making them ideal ransomware targets. With Malaysia’s manufacturing sector being such a major contributor to the economy, the potential damage extends far beyond lost data – it could result in halted production, regulatory fines, and reputational harm.

Building security into innovation

As factories integrate more automation, robotics, and IoT into their operations, Chin urges a proactive mindset: “The question shouldn’t be whether to prioritise digital transformation or cybersecurity. It’s about how to do both from the beginning.” Security, he adds, should be embedded in every stage – from procurement to deployment.

A Zero Trust approach is one way to achieve this, where no user or device is automatically trusted, even in the network. Each access attempt is verified and monitored. “Too often, security is bolted on after systems are operational,” Chin says. “That’s much harder and more expensive than designing with security in mind from day one.”

What the Cyber Security Act 2024 means for manufacturers

With the implementation of Malaysia’s Cyber Security Act 2024, manufacturers now have a legal framework to follow – but Chin stresses that compliance should be viewed as a baseline, not an endpoint. The law outlines requirements like doing frequent risk assessments, reporting incidents, and adhering to specific security protocols.

However, Chin believes that true resilience comes from treating cybersecurity as a strategic priority rather than a regulatory obligation. “Security needs to be part of digital transformation conversations right at the planning stage,” he says. “And that includes everything from supply chain visibility to how remote access is managed.”

He also emphasises the importance of collaboration between the public and private sectors, where shared intelligence and coordinated responses can benefit the broader cybersecurity ecosystem in Malaysia.

A secure future for high-tech manufacturing

As Malaysia works to establish itself as a high-tech manufacturing hub in Southeast Asia, protecting its digital infrastructure will be important for long-term success. From AI to robotics, the country’s industrial base is rapidly modernising – but that progress is vulnerable without the right security foundations.

Chin emphasises that building cyber resilience in OT environments isn’t just a technical requirement – it’s essential for national competitiveness and economic stability. “Strengthening OT security helps ensure that the benefits of innovation are realised safely and sustainably,” he says. “It’s about enabling long-term growth in a connected, digital world.”