Articles about Operational Technology

Operational technology (OT) can often be a cybersecurity weak spot for enterprises, relying as it does on older hardware and operating systems that are hard to update.

It’s no surprise then that a new report from Fortinet shows there has been a significant increase in the global trend towards corporations planning to integrate cybersecurity under the CISO or other executives.

Continue reading →

A new report from Claroty finds that 89 percent of healthcare organizations have medical devices vulnerable to ransomware-linked exploits and insecure internet connectivity.

Based on analysis of more than 2.25 million Internet of Medical Things (IoMT) devices and 647,000-plus OT devices across 351 healthcare organizations, the report finds 99 percent have at least one known exploited vulnerability (KEV) in their networks, while 78 percent of hospitals have OT devices with KEVs, including building management systems, power supplies, and temperature controls.

Continue reading →

Over the past year, more than 50 percent of organizations have experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited are internet-accessible devices (33 percent) and transient devices (27 percent), often used to bypass traditional defenses.

A new report from the SANS Institute, in partnership with OPSWAT, shows that while 55 percent of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience.

Continue reading →

A new study from Omdia finds that 80 percent of manufacturing firms experienced a significant increase in overall security incidents or breaches last year, but only 45 percent are adequately prepared in their cybersecurity.

The survey of over 500 technology executives worldwide shows a heightened risk of cyber attacks comes as manufacturers move to leverage IT such as cloud, AI, and Internet of Things (IoT) as part of their digital transformation -- a process defined as Industry 4.0.

Continue reading →

Analysis of close to one million operational technology (OT) devices by Claroty's Team82 research group finds that 12 percent contain known exploited vulnerabilities (KEVs), and 40 percent of the organizations analyzed have a subset of these assets insecurely connected to the internet.

The report uncovered over 111,000 KEVs in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with 68 percent of these being linked to ransomware groups. The manufacturing industry was found to have the highest number of devices with confirmed KEVs (over 96,000).

Continue reading →

In cybersecurity, the divide between IT (Information Technology) and OT (Operational Technology) remains a problem that practitioners, vendors, and consultants must navigate daily. The differences between these two mindsets -- one rooted in the world of delivering data and maintaining software, the other firmly planted in the realm of continuous uptime of industrial systems -- can lead to conflicting priorities and misunderstandings. Even as the industry strives to align these domains, this divergence is still evident, as I was reminded just this week.

During my usual morning LinkedIn browsing, I stumbled upon a post featuring the “Top 50 People in ICS/OT Cyber Security You Need to Follow”. At first glance, I panicked. My immediate assumption was that the list featured individuals responsible for securing operational environments -- the unsung heroes safeguarding critical infrastructure around the globe.

Continue reading →

Reported security incidents in critical infrastructure worldwide have grown by 668 percent since 2022 according to a new report from Forescout.

There have been 10 percent more incidents for critical infrastructure sectors than in 2023 and more than half of all incidents (57 percent) affected critical infrastructure sectors. Network infrastructure devices (routers, firewalls, VPNs, etc.) are the second largest category and increased from three percent (2022) to 11 percent (2023) and now 14 percent (2024).

Continue reading →

With a constant power struggle between attackers and defenders cybersecurity is a fast-moving area. That makes it notoriously hard to predict what might happen, but that doesn't stop us trying. Here are what some industry experts think the cybersecurity world has in store for 2025.

Sasha Gohman, VP, research at Cymulate, thinks ransomware will become obsolete. "Ransomware may become obsolete due to the fact that decrypting your important files may become a feasible task with quantum computing. On the other hand, ransomware operators may then choose to encrypt your important files with quantum-resilient encryption."

Continue reading →

A new survey of IT and security leaders working within critical infrastructure industries reveals that 80 percent of organizations experienced an email-related security breach over the past year, and 63.3 percent of respondents say their email security approach needs to be improved.

The report from infrastructure protection company OPSWAT based on a study by Osterman Research finds that despite advancements in cybersecurity, 48 percent of organizations lack confidence in their existing email security defenses, leaving them vulnerable to potentially devastating cyberattacks.

Continue reading →

Remote access tools are creating cybersecurity risks and operational burdens for operational technology (OT) systems, according to a new report.

The study, from the Claroty Team82 threat research team, using data from more than 50,000 remote-access-enabled devices shows that the volume of remote access tools deployed is excessive, with 55 percent of organizations having four or more and 33 percent having six or more.

Continue reading →

Operational technology (OT) systems have long been common in industries such as manufacturing, utilities, and healthcare. However, as these systems now increasingly integrate with IT networks, they are becoming the responsibility of the Chief Information Security Officer (CISO). As a result, CISOs in these sectors need to secure OT systems alongside traditional IT systems. This added responsibility has significantly increased the demands on security leaders.

Now, to safeguard both IT and OT systems, CISOs must possess the right knowledge and resources. Understanding the complexities of OT systems is necessary for the protection of vital operations and infrastructures, however it can be difficult to separate genuine expertise from sales hype. 

Continue reading →

The convergence of IT and OT (Operational Technology) networks has been instrumental in driving operational efficiency and innovation across industries. As businesses are rapidly heading towards Industry 4.0, the benefits of this integration are clear.

However, with digital transformation comes the risks of a constantly expanding threat landscape. The merging of IT and OT environments has amplified the risk of wide-scale disruptions and sophisticated attacks like ransomware, extending from digital to physical infrastructures. These concerns are also evident in the growing demand for OT security, as the market is projected to reach $38.2 billion by 2028.

Continue reading →

There is an increasing level of crossover and connectivity between IT, operational technology (OT) and IoT assets, which raises the risk of cyberattacks originating in IT systems and then spreading into OT environments.

To help businesses address this risk Tenable is launching a new exposure management platform that provides holistic visibility into assets across IT and OT environments.

Continue reading →

A new report from Cyolo and the Ponemon Institute reveals that third-party access to operational technology environments is significantly expanding the attack surface.

According to the study, 73 percent permit third-party access to OT environments, with an average of 77 third parties per organization granted such access.

Continue reading →

Industrial control system and operational technology environments are becoming increasingly interconnected and complex, offering efficiency and innovation. However, this also exposes organizations to heightened vulnerabilities from relentless cyber threats.

The latest SANS 2023 ICS/OT Cybersecurity Survey, sponsored by critical infrastructure protection specialist OPSWAT, shows the three items of utmost importance for ICS security programs in 2023 have been identified as network visibility, risk assessments, and transient device threat detection.

Continue reading →