The industrial sector experienced the sharpest increase of any sector in the average cost of a data breach in 2024 – rising by $830,000 per incident. At the same time, 80% of manufacturers have seen a significant increase in overall security incidents in recent years. What’s driving the increased pace and price of industrial cyberattacks? Operational technology (OT) security challenges.
While ransomware groups targeting OT rose 60% last year, only 19% of organizations felt they were completely prepared to handle OT security issues during the same period. And as OT and IT networks increasingly converge, 75% of OT attacks begin as IT breaches, adding even more complexity to the OT security puzzle.
To help organizations navigate this daunting threat landscape, we’ll dig into the OT cybersecurity trends organizations need to understand and provide best practices for addressing current threats while enhancing cyber resilience.
OT Cybersecurity: What Is It and Why Is It Important?
OT cybersecurity encompasses approaches for protecting OT systems – the hardware and software used to manage physical infrastructure in industrial settings. OT security strategies monitor and protect industrial automation, industrial control systems (ICS), cyber-physical systems (CPS), and more.
OT cybersecurity is a relatively new discipline simply because OT systems were historically not connected to the internet. But now, as industry 4.0 drives IT-OT convergence, organizations can no longer get by with one-off solutions for securing OT.
Because OT networks are prevalent in industrial settings that directly impact supply chains and critical services, OT cyberattacks can have significant knock-on effects. In the last seven years, ransomware attacks on manufacturing companies have caused downtime costing an estimated $17B. The low appetite for downtime that makes manufacturers a prime ransomware target also makes them hesitant to pause production for system changes or upgrades, leaving their networks vulnerable to cyberattacks.
OT/ICS Cybersecurity Frameworks
It’s no secret that OT attacks are on the rise, so there’s no shortage of guidelines designed to help manage OT threats. From CISA’s alert recommending immediate actions to reduce OT and ICS exposures to the NIST Cybersecurity Framework for manufacturing and the ISA/IEC 62443 Series of Standards, best practices suggest prioritizing strategies like network segmentation, identity-based access controls, and continuous monitoring.
IT vs. OT Security
While IT security focuses on protecting digital systems and data, OT security has traditionally prioritized production-level equipment managing physical systems.
However, this binary approach to OT and IT cybersecurity is quickly growing outdated. With 70% of OT systems projected to connect to IT networks in the next year – and with 75% of OT attacks starting as an IT breach – organizations must focus on securing the entire converged IT-OT network.
OT Cybersecurity Threat Landscape
OT threats are evolving rapidly. From multiplying ransomware groups to state-backed threat actors, OT networks now face attackers that are more active and opportunistic than ever. These top OT security trends from Dragos’ 2025 OT Cybersecurity Report signal that, while defenders understand the risks inherent to OT, quick action is critical for boosting cyber resilience.
Ransomware Against Industrial Organizations
Ransomware attacks in the industrial sector spiked 87% YoY in 2024, making this industry the top ransomware target for four consecutive years. In fact, manufacturing continues to defy a larger declining trend in malware as attackers exploit the industry’s reliance on legacy tech. A closer look at the rising ransomware trend suggests OT systems are a top target. 2024 saw a 60% uptick in ransomware groups impacting OT/ICS.
In other words, cyber attackers have apparently woken up to production environments’ capacity for operational disruption; they’re increasingly exploiting vulnerable remote access and flat networks to move laterally within OT.
State-Backed and Hacktivist Convergence
Within the last three years, advanced persistent threat (APT) groups and ideologically motivated hacktivists have increasingly converged. Notable threat groups like ELECTRUM, GRAPHITE, and hacktivist personas like CARR, have shared intel and infrastructure to attack OT targets. This suggests that OT cyber attackers may be leveraging hacktivists as a distraction from more sophisticated campaigns.
ICS Malware Escalation and Living-off-the-Land Attacks
Adversaries expanded their use of ICS-specific malware like Fuxnet and FrostyGoop in 2024. Living-off-the-land – a lateral movement technique using built-in tools to avoid detection – is increasingly popular, making lateral movement harder to detect in complex, hybrid environments.
Insecure Remote Access and Legacy Tech Risks
Sixty-five percent of OT environments had insecure remote access conditions in 2024; 45% of organizations with OT-heavy environments have SSH communicating to publicly routable addresses. These network security vulnerabilities make it easy for attackers to gain initial access and pivot to OT systems.
Meanwhile, one in every four penetration tests finds default credentials in industrial environments. Since OT systems and other legacy tech are notoriously difficult to secure with multi-factor authentication (MFA), default credentials are all the invitation hackers need. On top of these risks, many industrial organizations still have insufficient network segmentation across IT and OT/ICS environments, leaving mission-critical assets exposed.
OT Security Tips: How to Address Evolving Threats
To effectively protect against modern threats, OT cybersecurity requires a layered, granular approach that deliberately cuts off attacks where they start: in IT. By deploying strategies like these, organizations can limit their OT/ICS exposure without disrupting operations.
Prioritize Granular Identity and Access Controls
Identity-based segmentation reduces lateral movement by restricting access to what’s operationally necessary – and nothing more. This limits attackers’ ability to exploit over-permissioned service accounts or pivot across the network using stolen credentials, which are common entry points for ransomware. By adding network layer MFA, manufacturing organizations can further secure OT and legacy systems, enforcing just-in-time identity verification for every port, protocol, and application.
Implement Dynamic Microsegmentation
Microsegmentation means immediate breach containment – by isolating assets from one another unless explicitly allowed, a microsegmented network leaves hackers stranded instantly. Even if a compromise occurs, this technique dramatically reduces the blast radius while also countering tactics like living-off-the-land.
Maintain Network Visibility and Automatically Adapt to Changes
Modern networks are dynamic, and attackers’ tactics evolve quickly. By maintaining real-time visibility into assets and behaviors and automatically adapting security policies to address network changes, security teams can enforce the comprehensive protection that has historically evaded OT systems.
Secure Legacy Technology
OT environments are full of outdated or unsupported systems that can’t be patched. Enforcing least privilege, applying network-layer MFA, and isolating legacy assets through segmentation provide compensating controls to protect technology that can’t be updated or eliminated.
Build a Zero Trust Architecture
Zero Trust helps defenders contain threats even when attackers use valid credentials, a common tactic in many APT and ransomware campaigns. By removing implicit trust between users, devices, and applications, Zero Trust architectures block unauthorized movement and reduce the likelihood of a single compromised asset becoming an environment-wide crisis.
How Zero Networks Blocks OT Cyber Threats
Zero Networks makes it simple to stop lateral movement, blocking hackers instantly to ensure they never make it to vulnerable OT assets – and we do it without agents, manual rules, or downtime. Here’s how Zero’s solution combats rising OT threats:
- Applies identity-based segmentation across the entire converged network
- Learns network behavior and restricts access based on operational needs
- Automatically enforces just-in-time MFA for any port, protocol, or application
- Dynamically adapts and enforces policies as the network evolves
With Zero, industrial security teams can implement Zero Trust microsegmentation across the entire infrastructure without disrupting operations. Take a self-guided product tour to see how Zero Networks proactively safeguards OT systems.