Securing operational technology

Operational technology (OT) systems were long considered to be isolated from cyber-threats. Industrial control systems could previously be air-gapped from wider company networks to prevent their exposure to cyber-threats. In modern environments, however, it is rare that operational technologies are still separated in this way. 

 

Widespread digital transformation has led to the convergence of IT and OT. And while that convergence has brought about several benefits – from efficiency to innovation – it has also become the source of significant risks.

 

Cyber-attacks that initially start out in IT networks can more easily impact operational technologies, the consequences of which can be catastrophic. OT-focused attacks can grind manufacturing and production lines to a halt, and even endanger lives. This is not a rarity. Indeed, we’ve seen several attacks on OT systems in 2025, with Asahi Group Holdings – one of the world’s largest beverage producers – being one such victim. The company was forced to stop operations at several facilities in Europe and Asia for multiple days, with threat actors having targeted the company’s industrial systems as part of a ransomware campaign.

 

The Asahi attack is a prime example of the way in which vulnerabilities can intersect across IT and OT environments. Post-attack analyses revealed that the cyber-criminals involved first infiltrated the firm’s network through a compromised supplier account, before moving laterally into its OT environments.

 

OT resilience must be prioritised – across CNI and beyond

This isn’t an isolated incident. According to ENISA’s analysis of nearly 4,900 cyber-security incidents, OT threats now represent more than 18% of all identified threat categories, reflecting the growing exposure of industrial and critical systems. Further, a 2025 survey from the SANS Institute shows that 22% of organisations reported an OT cyber-security incident in the past year, with four in 10 of those incidents resulting in operational disruption.

 

There are some positives to take from this research. The SANS Institute survey, for example, shows that detection and containment have improved, with almost half of incidents now detected within 24 hours. However, in some cases, recovery remains painfully slow. Indeed, 3% can take more than a year to fully restore operations.

 

For any firms with OT, preparation is crucial for not only responding to but also recovering from cyber-attacks at speed. Concerningly, however, 43% of respondents currently don’t have a dedicated ICS/OT incident response plan in place.

 

The UK government and cyber-bodies are taking steps to improve preparedness, with a particular focus on critical national infrastructure (CNI). The Cyber-Governance Code of Practice was published earlier this year, for example, setting out clear steps that organisations must adopt to manage digital risks and safeguard their day-to-day operations. Additionally, the newly passed Cyber-Security and Resilience Bill (CSRB) increases scrutiny over OT in essential public services, making it mandatory for key suppliers (such as those providing healthcare diagnostics to the NHS or chemicals to a water firm) to meet minimum security requirements.

 

While protecting CNI is vital, the threats to OT extend to many, many more organisations – from manufacturers to logistics firms and beyond. Ransomware, remote access exploits, and increasingly sophisticated threats like AI-driven phishing and supply chain compromises are making OT prime targets for threat actors. Meanwhile, organisations are continuing to struggle to secure their environments. Many legacy OT systems simply weren’t designed with security in mind, and in turn lack basic protections, and patching can be difficult without disrupting operations.

 

A three-phased approach to improving IT/OT resilience

So, how can companies bridge the current IT/OT security gaps that they face? Critically, this should involve a phased approach, centred around three key stages.

 

First, organisations should start with a comprehensive risk assessment with the aim of identifying critical dependencies and vulnerabilities across their IT and OT environments. With these vulnerabilities mapped out, firms can, in turn, begin to embrace best practices, adopting secure-by-design principles for new systems while also standardising security controls wherever possible.

 

This should, in turn, be followed by integration and modernisation with Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solutions that can be used to unify visibility and automate responses across IT/OT.

 

Thirdly, organisations should move from being reactive to proactive. Advanced analytics and AI-driven threat hunting should be prioritised to anticipate and neutralise emerging threats. Further, firms should look to develop playbooks for converged attack scenarios and establish feedback loops to continuously improve resilience.

 

For many organisations, outsourcing SOC operations will be the most practical way forward. However, whether these phases are tackled internally or externally, the goal should be the same – to establish a SOC capable of managing both IT and OT security simultaneously.

 

Today, this is a business imperative. Without it, organisations risk falling victim to cyber-attacks that can inflict monumental damage, from disrupted services to downtime and damaged trust. 

 

---

 

Rob Demain is CEO of e2e-assure

 

Main image courtesy of iStockPhoto.com and gorodenkoff