Industrial cybersecurity at a crossroads – why closing the IT-OT security gap is a top priority

By Andrew Lintell, General Manager, EMEA at Claroty  
 
The security of operational technology (OT) environments has never been more important. As critical industries such as energy, transportation, and manufacturing have increasingly embraced digital transformation, cyber attackers exploit the increased surface to launch attacks with alarming potential for damage.  

Sophisticated attack groups like Volt Typhoon and Sandworm have infiltrated critical systems worldwide, aiming to exfiltrate sensitive data and disrupt infrastructure. IT-OT convergence, once seen as a step towards efficiency, has inadvertently offered new attack pathways to these adversaries.  

With growing regulatory demands alongside a hostile threat landscape, organisations relying on OT systems are under pressure to adopt a more proactive, unified approach to security. 

Gartner estimates that by 2027, 45% of cyber-physical system-intensive organisations will prioritise “doing” over “knowing” when it comes to security, while most will have invested in more comprehensive security platform.

 

So, what are the main priorities for organisations strengthening their OT security?

 

Meeting growing regulatory and compliance needs 

Many governments and industry regulators are enforcing stricter cybersecurity measures to strengthen OT security in the face of mounting cyber threats. The NIS2 directive enter enforcement has been one of the most significant developments, requiring most critical industries to adhere to more stringent requirements in how they assess, detect and respond to cyber risk.  

Other frameworks such as IEC 62443, and NIST CSF have also updated to place place greater accountability on organisations to protect elements such as industrial control systems (ICS), supply chains, and critical services.  

While increased regulatory demands will raise the baseline of IT security, compliance should not be viewed as a simple box-ticking exercise where the minimum will suffice. Instead, it presents an opportunity to build stronger, more resilient security frameworks with a focus on protecting both current operations and long-term business viability.  

Regulations like NIS2 have also placed an increased focus on supply chain security alongside internal operations. Research from the World Economic Forum also found that 54% of large organisations cite supply chain security as their biggest cyber resilience challenge. Enterprises will need to ensure they have the capability for third-party risk assessments, continuous monitoring, and secure remote access controls.

 

Bridging the IT-OT divide 

One of the biggest security challenges facing CPS-dependent organisations is the growing level of interconnection between OT and traditional IT, along with new additions like IoT elements.  

Attackers exploit weaknesses in one domain to move laterally across systems and evade security defences. Many organisations still rely on fragmented security strategies that are not geared to account for the different environments and leave critical gaps in protection. Standard IT management and security tools are rarely able to gain proper visibility into OT environments.  

Alongside the technical challenges, culturally IT and OT have historically operated as separate disciplines. They have usually worked in isolation and followed different processes with separate aims. IT teams typically focus on data security and compliance, for example, while OT teams prioritise safety and uptime. This can lead to friction as for example, IT-centric security processes may fail to account for OT constraints such as uptime demands.  

Both teams usually lack understanding of their counterparts, so training in both disciplines can create better awareness. Establishing a joint IT-OT task force also helps to break down silos, ensuring there is a clear line of communication for coordinating efforts.  

 

The need for visibility & asset management  

Stemming from the IT-OT conference issue, many organisations lack the right specialist tools required for full visibility into their OT environments.  

This is especially problematic for older legacy OT systems, which were often originally designed for physical safety and operational efficiency rather than cybersecurity. OT systems also tend to be more proprietary than IT, with protocols and software limited to specific vendors and models.  

As a result, essential security activities like monitoring activity and detecting anomalies can be a challenge. Even accurately identifying all assets within the network can be a difficult task.

 
We often find industrial organisations unknowingly operating devices that are insecurely connected to the internet. After assessing more than a million devices across 270 companies, we found around 10% were communicating with malicious domains – a sign of persistent compromise.  

Mitigating these risks requires a layered approach to visibility. Organisations must have a combination of comprehensive asset discovery and real-time monitoring at their disposal for the entire environment. This includes the use of OT-specific security tools designed to map industrial networks accurately.  

 

Reducing risk through cyber-physical risk management and exposure management  

While we often focus on advanced cyber threats targeting OT systems in cyber-physical operations, systems can often be breached with common vulnerability exploits. Vulnerability management is often overwhelming in the OT space due to a combination of ineffective manual processes, proprietary systems, and the demands of maintaining uptime.  

Our industry research found that around 70% of organisations had at least one known exploitable vulnerability (KEV) in their OT systems, and 12% of the one million devices assessed had an unpatched KEV. With so many assets insecurely connected to the internet, these vulnerabilities provide a direct attack path into the system.

  
Tackling this issue requires an exposure management strategy with a risk-based approach. This puts the focus on identifying which vulnerabilities pose the greatest real-world risk, rather than trying to fix an extensive list of issues all at once.  

Risk needs to be calculated based on several factors, including whether a vulnerability is being actively exploited in the wild, if an affected asset is exposed to the Internet, and whether it could disrupt essential operations if compromised. Many firms make the mistake of relying too heavily on CVSS scores. While these provide a good baseline of information, they do not account for the context of how important a vulnerability is to this specific operation. 

Ensuring that resources are directed towards mitigating the most pressing threats will significantly improve an organisation’s ability to close risks while maintaining operational stability. 

 

Securing OT for the future  

Between an increasingly hostile threat landscape and mounting regulatory pressure, no organisation can afford to treat OT security as an afterthought.  

Continued convergence with IT means previous security measures are no longer effective. 

All companies relying on OT systems must urgently move beyond outdated security models and ensure they have full visibility and control across IT, OT, and everywhere the two domains interact.  

With determined and well-resourced adversaries hunting for any cracks they can widen and exploit, the clock is ticking for unmonitored and unsecured cyber-physical systems.