Legacy Tech Exposes Mexico’s Manufacturing to Cyberthreats

Mexico’s manufacturing industry faces significant operational risks stemming from the persistence of legacy technologies. The integration of modern automation systems with outdated platforms, such as the Windows XP operating system and uncontrolled use of USB flash drives, has created critical attack vectors that malicious actors exploit to disrupt production lines.

“We are seeing accelerated growth in the use of resources such as robotic arms and programmable logic controllers (PLCs). But these systems were designed to perform functions, not to defend against attacks,” said Roberto Suzuki, Director of Operational Technology for Mexico and Latin America, Fortinet, during the Fortinet OT Summit 2025. This lack of built-in security becomes a major vulnerability when these systems are connected to external networks.

“In Mexico, manufacturing covers a wide range of sectors, among the most prominent of which are the automotive sector, the electronics sector, aerospace, food and beverages, pharmaceuticals, textiles, and even the electrical and electronic products industry. These examples show the diversity and scope of the manufacturing industry in our country,” writes Filiberto Tamez, CEO, Car Fast Automotores, on MBN.

For the past few years, Mexico has been adopting Industry 4.0 models, a paradigm that demands the interconnection of traditionally isolated production equipment with corporate IT networks and cloud platforms. However, this IT/OT convergence, while essential for optimizing efficiency and data analytics, exposes production environments to threat landscapes for which they were not designed.

“Manufacturing systems are evolving rapidly, with OT assets growing by a staggering 400% and over 15 billion devices projected to be connected via 5G and the cloud by 2026. However, this growth introduces several vulnerabilities, including exploitation of legacy systems, increasing use of Public-Facing Applications, and Complex Cyber-Physical Risks,” argues Net Data Networks.

Operational Impact

Unlike cyberattacks on IT environments, which typically aim to extract data, intrusions into OT networks focus on direct operational disruption. “The impact is directly on company revenues. A business can continue without email, but if its production line stops, losses are immediate,” says Suzuki.

Companies in the manufacturing sector say that two out of three reported attacks had a direct impact on production, according to Fortinet. Although the names of affected companies remain confidential, documented cases in Mexico include complete shutdowns of manufacturing plants due to these types of security breaches, reports El Economista. Attackers aim to apply maximum pressure by disrupting revenue-generating operations, thereby increasing the likelihood of ransom payments.

Attack Vectors and Legacy Systems

The initial entry point into production networks is not usually a direct attack on industrial machinery. The more frequent method involves first breaching corporate IT networks through conventional vectors, such as phishing emails containing malicious software or remote access sessions protected by weak credentials. Once inside the IT perimeter, attackers execute lateral movements to access OT networks, which often lack proper segmentation and security controls, says Fortinet.

This risk is compounded by the continued use of legacy systems. Fortinet estimates that about 3 million computers worldwide still run on Windows XP, a discontinued operating system no longer supported by security updates, rendering each one a defenseless entry point.

“Most of the industries in Mexico are lacking OT Cybersecurity practices, but Mexico’s manufacturing and healthcare sectors are particularly lagging in terms of OT cybersecurity readiness,” says Alexandro Fernández, OT Cybersecurity Director, Intelligent Networks, to MBN.

In addition, many older OT devices only support data transfers or configurations via USB flash drives. Without proper management and monitoring, these devices become untraceable vectors for malware deployment. 

The National Coordinator for Critical Infrastructure Security and Resilience (CISA) reports that attackers can use USBs to infect other computers with malware. “The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer,” reports CISA.

CISA adds that some attackers have also targeted electronic devices directly, infecting items such as electronic picture frames and USB drives during production. “When users buy the infected products and plug them into their computers, malware is installed on their computers,” says the company.

How can companies face these risks?

To effectively navigate this complex landscape, Net Data Networks recommends prioritize cybersecurity strategies designed specifically for the convergence of their IT/OT environments structured on three fundamental pillars:

• Achieve Comprehensive Asset Visibility: Deploy solutions that automate the discovery and classification of all assets connected to the OT network. The use of AI and machine learning (ML) tools is crucial to gain deep visibility into individual device activities, data access patterns, and security policy compliance.

• Adopt a Zero Trust Framework: Implementing Zero Trust principles eliminates the implicit trust of any user or device within the network. This model is based on segmentation at the individual asset level, continuous validation of all network traffic, and automation of responses to quarantine threats before they can spread. 

• Simplify Security Operations: Managing multiple point security solutions increases complexity and reduces efficiency. It is advisable to consolidate security tools into an integrated platform. This unified approach not only reduces administrative complexity and improves compliance, but also optimizes the ability to efficiently detect, manage and neutralize threats.