- I test tablets for a living and this is the Samsung tablet I recommend the most
- The Cost of Ignoring Patches: How State and Local Governments Can Mitigate Damaging Security Breaches
- I turned this 98-inch TV into an immersive at-home theater system (and it's $1,500 off)
- I tested this affordable Garmin sports watch, and it shouldn't be this good for the price
- I tested the new Dreame X50 Ultra for months and here's my buying advice
Securing the Connected Factory Floor
As manufacturers strive to keep pace with changing demands and quickly evolving technologies, many are embracing digitalization and increased connectivity between information technology (IT) and operational technology (OT) environments. The upsides of this transformation include greater productivity and improved efficiency.
The downside? Unprecedented cybersecurity attacks against cyber-physical systems (CPS).
A recent Telstra survey found that 80% of manufacturing firms experienced increased security incidents in the past year, highlighting the urgent need for more effective OT/CPS security strategies. While IT systems have long been equipped with security controls, cybersecurity is still emerging as a key priority for many industrial enterprises. At the same time, cyber-threats often evolve faster than OT networks can keep up with, creating new vulnerabilities at every turn.
For these reasons, securing OT environments requires a paradigm shift – moving beyond traditional security approaches such as VPNs and perimeter-based defenses to embrace zero-trust security, identity-based access, and real-time monitoring. Critically, this shift must also acknowledge the fundamental difference between detection and protection. While detection mechanisms focus on identifying threats after they have infiltrated a network, true protection is about preventing unauthorized access in the first place, ensuring that cyber threats are stopped before they can cause harm.
Expanding Cyber Risks
Over the past decade, the manufacturing industry has rapidly integrated IoT devices, robotics, real-time analytics, and cloud-based capabilities into more traditional industrial operations. With these connected systems and devices now at the heart of many factories, the attack surface for cyber-threats is wider than ever.
As IT/OT convergence accelerates, attackers can more easily exploit IT vulnerabilities to infiltrate OT systems. Indeed, increased connectivity and data visibility within the manufacturing ecosystem – all hastened by the recent explosion of digital connectivity – have made it a prime target for cyberattacks. In fact, 2024 was the third consecutive year in which the sector experienced its highest number of attacks, comprising 25% of all hacks globally.
Among the most common OT security blind spots is overreliance on outdated network access solutions. These solutions often require only one set of credentials across numerous access points, resulting in cases where a single set of shared credentials grant a third-party vendor unrestricted access to critical systems. As a result of maliciousness or simple human error, this level of unintended privileged access could lead to catastrophic consequences, far beyond financial loss or reputational damage – consider that a cyber-attack affecting equipment in a manufacturing facility can cause serious physical consequences for workers on the floor.
Challenges in Securing OT Environments
The legacy assets present in many OT environments typically lack built-in authentication or encryption, making them easy targets for cyberattacks. But upgrading legacy systems can be costly and disruptive, leading to patchwork security solutions that create substantial gaps.
The risk posed by legacy infrastructure is compounded by the fact that manufacturers frequently depend on third-party vendors or external contractors for maintenance, software updates, troubleshooting, data storage, and more. Traditional remote access solutions, such as VPNs and jump servers, provide no visibility or control after the initial connection. Unless additional controls are implemented, third-party users who connect via such tools have veritable free rein once they’re inside the network. An oft-cited example is the 2021 Colonial Pipeline breach, a ransomware attack where hackers gained entry through a compromised VPN password.
Many industrial organizations also struggle to maintain real-time inventories of connected assets, and this issue will only continue to grow if cross-channel monitoring solutions are not put in place. According to a 2024 report from Ponemon Institute and Cyolo, as many as 73% of organizations lack an authoritative OT asset inventory. But asset inventories alone are not enough. Once an organization has full visibility into its assets, it must proactively secure them. Knowing what’s connected is only half the battle; fortifying those connections is what truly mitigates risk. Without proper asset visibility and access segmentation, a single compromised credential can provide an attacker with full access to the entire OT network.
Strengthening OT Security
So how can enterprises best mitigate growing risks without compromising on the benefits of digital connectivity?
Start with a zero-trust approach to access management for all users: i.e., implementing identity-based authentication and tightening access protocols so that they are at least as secure and restrictive for contractors and third-party vendors as they are for internal employees. This requires replacing or augmenting traditional VPNs with more advanced remote access solutions and enforcing multi-factor authentication (MFA) across all access points, including legacy OT systems. Too many companies concentrate on securing more modern applications but leave legacy infrastructure unprotected and thus highly vulnerable.
To further strengthen third-party access security, enterprises should require their vendors and third-party integration hosts to authenticate using identity-based access solutions rather than shared credentials or perimeter-based models. Session-based access controls, for instance, can automatically revoke vendor access once a task is completed, reducing the risk of lingering security gaps.
Another critical aspect of robust OT security is Remote Privileged Access Management (RPAM) – a relatively new approach to securing and controlling privileged access to essential systems, data, and resources. By enforcing the highest level of security for
privileged users, such as third-party vendors, remote workers, and anyone accessing mission-critical assets, RPAM solutions punch far above their weight when it comes to mitigating risk. However, when it comes to CPS environments, generic RPAM solutions are not enough. Secure remote privileged access for CPS must be purpose-built to meet the unique needs of these environments, ensuring that real-time industrial processes are protected without disrupting operational continuity.
Leveraging Regulation
Beyond the direct internal benefits of heightened OT security, implementing security best practices will help organizations comply with a growing list of regulations and compliance mandates. Frameworks such as ISA/IEC 62443, ISO 27001, and NIST CSF create a baseline for OT cybersecurity resilience, allowing organizations to maintain compliance while reducing the potential operational downtime caused by cyber-incidents. Many manufacturers still see compliance as a checkbox exercise but in reality, regulatory alignment can make the difference between a minor security event and a full-scale operational crisis.
Finally, there is the Purdue Model: an approach to segmenting industrial control systems (ICS) into hierarchical layers. This is done to limit access between IT and OT and, in turn, reduce cyber vulnerabilities. Network segmentation enforces strict access controls, preventing threats from spreading laterally between networks. Each zone of the Purdue Model has its own security considerations, with greater connectivity being allowed as one moves further from the most critical OT assets. By adhering to the Purdue Model, organizations can reap the benefits of connectivity while minimizing risk.
Don’t Save OT Security Until Overtime
The connectivity of modern manufacturing environments has made remote access security a top priority.
Traditional VPNs and perimeter-based defenses are no longer sufficient – manufacturers must instead adopt a proactive OT security approach, defined by zero-trust security, identity-based access and authentication, continuous monitoring and decisive action to secure assets. Only by securing access at every level and ensuring that only the right people with the right credentials can reach critical systems can manufacturers protect their most critical processes, ensure operational resilience, and mitigate costly cyber-threats.
Adopting the right secure remote access tools is about more than just meeting regulations and going through the motions of securing industrial environments – it’s about maintaining competitiveness and growth trajectories in a world where a single hack can result in disaster.
About the Author
Almog Apirion is CEO and Co-Founder of Cyolo. He is an experienced technology executive, a “recovering CISO,” and the founder of the Israeli Navy Cyber Unit. Almog has a long history of leading the cybersecurity and IT technologies domain, with a background that includes building and securing critical infrastructures at large organizations, and leading teams to success.
