OT Security Poses Inherent Risks for Manufacturers TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsVulnerabilities & ThreatsCritical Site Takeover Flaw Affects 400K WordPress SitesCritical Site Takeover Flaw Affects 400K WordPress SitesbyElizabeth Montalbano, Contributing WriterNov 5, 20253 Min ReadApplication SecurityRisk 'Comparable' to SolarWinds Incident Lurks in Popular Software Update ToolRisk 'Comparable' to SolarWinds Incident Lurks in Popular Software Update ToolbyNate Nelson, Contributing WriterNov 5, 20254 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsLibraryNewslettersPodcastsReportsVideosWebinarsWhite papers Partner PerspectivesSEE ALLICS/OT SecurityNews, news analysis, and commentary on the latest trends in cybersecurity technology.Operational Technology Security Poses Inherent Risks for ManufacturersOperational Technology Security Poses Inherent Risks for ManufacturersOperational Technology Security Poses Inherent Risks for ManufacturersDespite increased awareness, manufacturers continue to face an onslaught of attacks.Arielle Waldman, Features Writer, Dark ReadingNovember 5, 20255 Min ReadFrom supply chain risks and breaches to employees' physical safety, the manufacturing industry is no stranger to operational technology (OT) security challenges. The good news? Experts say awareness has increased among manufacturers. But whether that will lead to improvements is difficult to say.    OT controls the processes and equipment necessary for manufacturers. It's built to last, but that also means there's legacy technology — unsupported and difficult to update — on the factory floor. A lack of visibility around an overwhelming number of assets presents heightened concerns as well. And then comes the human factor.  "People are the biggest risk to computer systems, period," says Almog Apirion, CEO and co-founder of Cyolo, which provides secure remote privileged access for industrial and OT systems. Abundant Access Points Equals Abundant ProblemsIndeed, human risk leads to bad access. Manufacturing companies must secure a wide range of assets and access to them. The number of access points continue to grow with mergers and acquisitions, with acquired companies bringing in their own vendors and using their technology, Apirion says. For most companies, gaining visibility across access points is almost impossible now, he adds.On top of those security headaches, it's also difficult to keep track of users and who has or needs access to which technologies — especially when multiple users are granted permission to the admin account.Related:Critical Claroty Authentication Bypass Flaw Opened OT to AttackIt makes incident response investigations much more difficult.  "We hear from more and more customers that something happened during the weekend at 3 a.m., and it's Operator 1 or Admin 1, but they don't know who it is because they have so many different people associated with it," Apirion explains. In another case, Apirion observed one user who had to perform seven logins to gain access. If users must do that to do their jobs, they'll likely bypass the system, he warns.Prioritizing IT Over OTAnother hurdle is how manufacturing companies operate in a variety of environments. Technologies can be connected to the cloud or even offline, requiring different security measures around identity and segmentation. The old perception that if technology is not reachable, it's not "breach-able" is now obsolete, says Apirion, emphasizing how IT and OT have become hyperconnected.   While effective OT security is vital, focus oftentimes revolves around IT instead. "Security around IT is more developed even though companies are making money off of manufacturing stuff," Apirion says.Related:Bombarding Cars With Lasers: Novel Auto Cyberattacks EmergeCan Manufacturers Keep Up With a Growing Attack Surface? OT security problems often stem from pressures the industry faces to lower costs, increase supply chain efficiencies, and adopt technologies to scale, explains Kory Daniels, chief security and trust officer at LevelBlue."Organizations want to increase AI adoption, go faster, reach more markets, and be more competitive, and that's putting a strain on security teams on keeping up with, 'Do we know how are attack surface is evolving?" Daniels tells Dark Reading. That requires companies to keep a good inventory of their OT input, asset health, knowing what's interconnected and corporate-connected, and how much open source is being leveraged to increase manufacturing capabilities. "Companies need to consider the manufacturing supply chain process of moving things from supplies and goods across an ecosystem of partners," Daniels says.But challenges exist on so many different fronts. First, OT means taking technology that was never designed to be Internet-facing and making it so. Second, certain skills are required to handle and support OT, but the skills of the workforce who understand those processes are shrinking. The ability to implement effective and timely patch protocols in very sensitive environments is another critical concern. Patching for manufacturers requires downtime — a luxury the industry cannot afford.Related:The Fight Against Ransomware Heats Up on the Factory Floor"Once you even identify the security risks, what do you do about them?" Daniels asks. "And how do you do it in a way [that] the company is making informed risk decisions versus just by default accepting the risk out of fear of what else you will disrupt or break?"  Rising Awareness, but Security Stays the Same Despite burgeoning and continued OT security problems, Apirion has observed that awareness is improving. Recent incidents like the ransomware attack against Asahi served as a wake-up call to the industry, he says. On top of prolonged production disruptions, in the most recent update, Asahi warned that personally identifiable information "may have been subject to unauthorized data transfer" as well. The breach highlights both financial and supply chain risks."Supply chains are an attack vector but also the other direction is that they're going to carry and suffer from implications," Apirion explains. "If I supply Ashai goods, and they're losing to the competition, I'm going to lose money and fire employees. Everything is interconnected." Ashai isn't alone. A recent LevelBlue report stated that 28% of manufacturing executives confirmed their organization has suffered a breach in the past 12 months. And thirty-seven percent said they experienced a "significantly higher volume of attacks."LevelBlue's Daniels agrees that the industry has become more aware. Prominent attacks like the one against Colonial Pipeline or, more recently, Jaguar Land Rover highlights how damaging fallout can become. Now conversations around OT resiliency have become more commonplace in the boardroom or as an executive topic. Daniels would like to see that expand across the industry. Whether OT security is improving, however, remains to be seen. "I think one of the hardest parts with this, in terms of, 'Are we getting better,' is how do we measure better outcomes?" Daniels asks. "It's difficult to quantify if we're getting better, unless it's based on how many breaches." What Can Manufacturers Do?An identity-focused security strategy is vital to curb OT security challenges for manufacturing because of the legacy systems, Apirion recommends. Governance should also play an important role to help ensure security is not excluded from project requirements as the board gets excited about new technology adoption to reach broader markets or to increase efficiency — especially as AI increasingly enters the mix, Daniels says. He calls for a strategy where employees know who to reach out to in any situation, roping in security, compliance, and IT teams.   "Illuminate the entire OT estate because you cannot defend what you can't see and what you don't know," Daniels urges.Read more about:CISO CornerAbout the AuthorArielle WaldmanFeatures Writer, Dark ReadingArielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.   See more from Arielle WaldmanMore InsightsIndustry ReportsIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025Miercom Test Results: PA-5450 Firewall WinsSecurity Without Compromise Better security, higher performance and lower TCOThe Total Economic Impact™ Of Palo Alto Networks NextGeneration FirewallsAccess More ResearchWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeFEATUREDCheck out the Black Hat USA Conference Guide for more coverage and intel from — and about — the show.Latest Articles in DR TechnologyAI App Spending Report: Where Are the Security Tools?Nov 4, 2025|4 Min ReadAn 18-Year-Old Codebase Left Smart Buildings Wide OpenOct 30, 2025|4 Min ReadCloud Outages Highlight the Need for Resilient, Secure Infrastructure RecoveryOct 30, 2025|4 Min ReadMicrosoft Security Change for Azure VMs Creates PitfallsOct 29, 2025|4 Min ReadRead More DR TechnologyDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

Operational Technology (OT) security presents inherent risks for manufacturers, a challenge exacerbated by increased awareness but not necessarily translating into improved outcomes according to experts. This overview, primarily sourced from Dark Reading and Informa Tech’s digital business combine, highlights the core issues and potential approaches. The manufacturing industry, with its reliance on OT – encompassing the processes and equipment necessary for production – is increasingly vulnerable to cyberattacks. A key contributing factor is the legacy nature of OT systems, characterized by unsupported, older technology, which creates a significant attack surface. This is compounded by a lack of visibility across a rapidly expanding number of assets and a critical human element.

The core risks are multi-faceted. Firstly, the human factor represents the single greatest risk, with operators and administrators frequently granting excessive access rights, leading to “bad access” and potential breaches. The proliferation of access points, driven by mergers and acquisitions that bring in new vendors and technologies, further complicates security efforts. Secondly, the industry’s drive for efficiency and growth – encompassing AI adoption, market expansion, and increased manufacturing capabilities – creates pressure to accelerate timelines, which often compromises security protocols. Thirdly, the increasing integration of OT with IT systems – a trend known as “hypertension” – exposes legacy OT systems to vulnerabilities previously irrelevant. This interconnectedness demands a unified security strategy that addresses both traditional IT and OT concerns.

Despite rising awareness, many manufacturers struggle to translate that awareness into tangible security improvements. The difficulty in measuring “better” outcomes is a significant obstacle; simply recognizing the risks is insufficient. A key impediment is the lack of standardized metrics for evaluating security effectiveness. Many companies still rely on a reactive, rather than proactive approach, frequently responding to breaches rather than anticipating and preventing attacks.

Experts emphasize the necessity of adopting an identity-focused security strategy as a vital tool to mitigate these risks. This approach recognizes that controlling access is paramount, especially given the extensive use of legacy systems. However, successful implementation relies on more than just access control. A strong governance framework is needed to ensure security considerations are integrated into all aspects of project development, particularly when new technologies are being adopted. This means proactively addressing security concerns alongside efficiency and growth initiatives.

Furthermore, manufacturers need to illuminate their entire OT estate, focusing on gaining comprehensive visibility and understanding of all interconnected assets. Simply recognizing the security risks is not enough; illuminating the OT estate means knowing where vulnerabilities exist and having the tools to address them. This proactive approach complements the focus on identity control, creating a robust defense-in-depth strategy. Ultimately, the industry must move beyond simply acknowledging the risks and towards actively measuring and demonstrating improvements in OT security posture. The ability to quantify security effectiveness will be crucial for justifying investments and driving continued progress.