Q&A: The connectivity revolution and the surge of cyberattacks
What you’ll learn:
- Zayo noted an escalation in the scale and focus of distributed denial of service attacks.
- Max Clauson, Zayo’s senior VP of network connectivity, attributed this surge to the rise in AI, IoT devices, and for-hire botnets.
- In a Q&A, Clauson said “In this ‘new normal,’ cybersecurity can no longer operate as a standalone, reactive function.”
Zayo, a global provider of communications infrastructure, in March released its 2026 Cybersecurity Insights Report, which like so many cybersecurity reports from 2024 onward toward today revealed sharp rises in cyberattacks against manufacturing.
This latest one from Zayo noted an escalation in the scale and focus of distributed denial of service attacks, which is a bit of a niche form of data breach but, according to Zayo research and Smart Industry’s own coverage, is gaining in popularity and is being weaponized against industry more and more by threat actors and hacking groups.
Smart Industry podcast: Why is manufacturing such a huge target for cyberattacks?
What is a DDoS cyberattack? Plainly, it’s a malicious attempt to disrupt a website or network by overwhelming it with massive traffic from multiple (and often compromised) sources—a botnet. Unlike a standard denial of service, which uses one computer, a DDoS utilizes thousands of “zombie” devices to render servers unusable for legitimate users, according to Zayo.
And according to its cybersecurity insights report, which is based on global traffic last year, attackers are increasingly shifting beyond telecommunications to strike enterprises and other critical organizations directly.
While total attack volume fell slightly below record highs of 2024, the Boulder, Colorado-based group reported that organizations are still facing all-time, sustained highs in attack frequency, “signaling that DDoS is becoming a defining feature of today’s threat environment.”
Max Clauson, senior VP of network connectivity at Zayo, attributed this surge to the rise in AI, IoT devices, and for-hire botnets, which “has led us into a new era where DDoS attacks are a permanent and highly disruptive reality for all organizations—from manufacturers and retailers to schools and governments.”
In Zayo’s PR after the release of their 2026 report, Clauson also noted: “In this ‘new normal,’ cybersecurity can no longer operate as a standalone, reactive function. If organizations fail to prepare, they risk costly disruptions that can halt operations, delay services, and cascade rapidly across partners, customers, and critical systems.”
We asked Clauson to dive a little deeper and asked him to answer three important questions and discuss other facets of the report, which also notes total attack volume was still high in 2025.
The following is Smart Industry's Q&A with Clauson conducted after Zayo released its new report:
Scott Achelpohl: Total attack volume was still high in 2025 (though it didn’t reach the records of 2024), according to Zayo’s 2026 Cybersecurity Insights Report. You seemed in your press release comments to attribute high DDoS attacks to the fact that manufacturing IT and OT is as connected as ever ... or more. Is that the case?
See also: Shadow AI Is Already in Your Plant (and Banning It Makes It Worse)
Max Clauson: Yes, connectivity is a major factor. We can link this back to the fact that, as manufacturing adopts more AI, automation, and connected devices, IT and OT systems are being integrated and expanding the overall attack surface.
We’re also seeing a broader shift in attacker behavior. Instead of focusing only on telecom networks, they’re targeting enterprises and critical industries directly. Telecom’s share of attacks actually dropped significantly year-over-year as end-user industries moved further into the crosshairs.
Attackers know that downtime in manufacturing has an extremely costly domino effect, as network disruptions can impact production lines and expose sensitive intellectual property.
Manufacturing stands out in this environment because, while it represents a relatively small portion of total attack volume, it experienced the largest average attack size at 11.6 Gbps. In other words, even short disruptions can have an outsized operational impact.
SA: How do manufacturers adjust to the new fact of life that, with the rise of AI and IoT devices, there's so much connectivity that goes with the newer technologies? What new software strategies or safeguards would you/Zayo recommend?
MC: One of the most critical takeaways from our report is that attacks are now faster and more concentrated. Nearly 90% of attacks conclude in under 10 minutes, which means traditional, reactive approaches are simply too slow.
Manufacturers need real-time, automated mitigation that detects and responds to threats as they occur. And that capability needs to be embedded into the network itself, not treated as a separate layer. DDoS protection, SD-WAN, and managed firewall services are all examples of solutions that help manufacturers shift from a reactive to a proactive security approach.
Manufacturers also need to improve visibility and segmentation across environments, especially as more connected devices come online. As systems become more integrated, understanding how traffic flows across the network is critical to quickly identify and stop attacks.
Ultimately, the goal is resilience; ensuring operations can continue even when disruptions occur.
SA: Will you define attack volume? Is it all about attack frequency or is there something else to "volume"?
MC: When we talk about attack volume, we refer to the overall level of activity over a given period. That includes attack frequency and the total amount of traffic associated with those attacks. Attack size, on the other hand, measures the intensity of an individual event, typically in terms of bandwidth, like gigabits per second.
The research found that the average attack size grew by nearly 70% year-over-year, even as overall volume remains high. What that means for manufacturers is that they need to pay closer attention to the size and concentration of attacks, not just how often they occur.
Both metrics are critical for assessing risk and responding to attacks, especially in industries like manufacturing, where downtime directly impacts financial performance.
About the Author
Scott Achelpohl
Head of Content
I've come to Smart Industry after stints in business-to-business journalism covering U.S. trucking and transportation for FleetOwner, a sister website and magazine of SI’s at Endeavor Business Media, and branches of the U.S. military for Navy League of the United States. I'm a graduate of the University of Kansas and the William Allen White School of Journalism with many years of media experience inside and outside B2B journalism. I'm a wordsmith by nature, and I edit Smart Industry and report and write all kinds of news and interactive media on the digital transformation of manufacturing.