���ϳԹ���

In the last few years, operational technology (OT) has rapidly moved from the shadows to the front line of cyber risk. As industrial systems become increasingly connected, the line between IT and OT continues to blur, making OT environments prime targets for threat actors.

But here’s the twist: Most attacks that impact OT aren’t even OT-specific.

According to recent threat intelligence, 85% of attacks affecting OT environments originate as IT-focused attacks. And just 13% of attacks use OT-specific tactics, techniques, and procedures (TTPs)*. That means attackers often get in through known IT paths and then pivot toward industrial systems once inside, or the OT environment is affected by a loss of IT systems it relies upon.

This creates a massive exposure gap for organizations that haven’t extended their cyber strategy beyond traditional IT boundaries. So what are the main threats, what do they mean for your business, and most importantly, what can you do about it?

What Threats Face OT Systems Today?

Criminal groups, not just nation states

There’s a perception that OT threats are mostly geopolitical or state-sponsored. While those threats are real, the data tells another story: 81% of attacks affecting OT are carried out by criminal groups, with 6% linked to nation states*. These actors are financially motivated, opportunistic, and increasingly well-resourced.

Ransomware is surging

Dragos tracked an 87% year-on-year increase in ransomware attacks targeting industrial organizations**, with 80 distinct ransomware groups active in 2024 – up from 50 in 2023**. Manufacturing remains the most targeted sector, bearing 58% of attacks, followed by Transport & Warehousing (17%) and Utilities (7%).*

These aren't just abstract threats. In 2021, Colonial Pipeline, which carries 45% of the East Coast's fuel supplies, was forced to shut down its entire 5,500-mile pipeline system after ransomware attacked its IT billing systems. Despite the OT systems themselves remaining uncompromised, the company had to halt operations for nearly a week, causing fuel shortages across multiple states and economic impacts in the billions. This high-profile case demonstrates how threat actors targeting conventional IT systems can force operational shutdowns even without directly breaching industrial controls.

Vulnerabilities run deep, and they’re dangerous

OT vulnerabilities are not just common; they’re risky.

• 70% of OT vulnerabilities reside deep within the network, making detection and mitigation more complex.**
• 39% could lead to both a loss of view and loss of control – a worst-case scenario for any industrial operation.**
• And 22% of CVSS advisories relate to perimeter-facing and network-exploitable systems – prime entry points for attackers.**
  ‍

These statistics aren't merely theoretical concerns. The real-world impact of exploited OT vulnerabilities has been demonstrated repeatedly. Nation-state attackers often compromise supervisory control systems of electricity distribution companies, methodically switching off substations and sabotaging backup power supplies. The result? Hundreds of thousands of people left without power in the middle of winter. What makes such cases particularly relevant is how attackers gain initial access through spear-phishing emails targeting the IT network before pivoting to OT systems. This highlights precisely how the IT/OT security gap can be exploited with significant real-world consequences.

The Cost of Inaction

• Operational downtime: In sectors like manufacturing, shutdowns can result in millions in losses, not to mention supply chain ripple effects.
• Health and safety: Industrial systems control real-world processes. Compromised systems can lead to dangerous or even life-threatening outcomes.
• Regulatory pressure: Frameworks like NIS2, IEC 62443, and NIST SP 800-82 are raising the bar on compliance and accountability.
• Loss of trust: From shareholders and partners to the public, one breach can severely damage long-term credibility.

5 Things You Can Do Now to Protect Your OT Environment

1. Prioritize OT-focused cybersecurity training

Let’s start with people. From phishing attacks to poor incident response, your teams’ cyber readiness can affect operations' safety. Yet, most organizations don’t offer OT-specific security training to help their employees prove and improve their understanding of the OT environment and risks.

Upskilling helps bridge the gap between IT and OT teams, ensuring everyone understands the risks and how to respond. This is especially important with the convergence of both the environment and the impact IT now has on OT.

2. Conduct asset discovery and risk assessments

You can’t protect what you don’t know exists. Most OT networks have hidden assets or legacy systems that pose serious risks. A proper asset inventory and risk mapping exercise is a foundational step toward reducing exposure.

3. Implement network segmentation and strong access controls

Flat, open networks make it far too easy for attackers to move laterally. Segmentation between IT and OT, combined with strict identity and access controls, drastically reduces blast radius.

4. Develop and test OT incident response plans

Most incident response plans are still IT-centric. OT requires a different playbook that considers the impact of physical processes, safety, and time-sensitive coordination. Simulate OT-specific incidents as part of your preparedness strategy.

5. Break down silos between IT and OT teams

Security is a team sport. When IT and OT work together, you get faster detection, better response, and fewer blind spots. Create shared governance, joint threat exercises, or security champions across both domains.

OT Security Needs to Be Everyone’s Business

Attackers don’t care whether they’re entering through IT or OT. They’ll take the easiest path, often left open by poor collaboration, unclear responsibilities, or lack of awareness.

Your OT security journey doesn’t start with a patch. It starts with people.

That’s why cyber security can’t sit in silos. It’s not just a technical problem — it’s a people problem, a process problem, and a cultural one. Bridging the gap between IT and OT teams isn’t optional anymore; it’s foundational to any serious security strategy.

The good news? There are clear, practical steps every organisation can take. Start by prioritising training that brings OT into the cyber conversation. Build visibility into your assets. Segment networks to limit blast radius. Develop OT-specific incident response plans. Most importantly, the barriers between the IT and OT teams should be broken down so they can work together, not in parallel.

Immersive can help you prove and improve your organization’s cyber capabilities. Learn more about our Immersive One platform, here.

‍

Sources:

*Orange Cyberdefense 2025 Security Navigator

**Dragos 2025 OT Cybersecurity Report

***Fortinet 2025 State of Operational Technology and Cybersecurity Report

‍