OT and Smart Factory Cybersecurity Risk in Industrial Environments
Industrial and manufacturing organizations continue to face significant operational technology (OT) security risk as connected control systems, IoT devices, and legacy infrastructure expand the attack surface. A Siemens Energy report cited by TechRepublic, based on Ponemon Institute survey data, found that 77% of respondents said an OT security compromise in the past 12 months led to loss of confidential information or operational disruption, while 52% said a successful exploit against their industrial control systems is likely within the next year. Respondents also estimated that 41% of OT attacks go undetected, with many organizations taking more than a month to detect incidents and an average of seven months to recover.
The broader picture is that smart factories are still struggling with basic cyber resilience as modernization outpaces security controls. In an interview with Help Net Security, Packsize CSO Troy Rydman said unmanaged IoT devices, outdated legacy systems, and human-targeted attacks such as phishing and social engineering remain major weaknesses in factory environments. He also highlighted the persistent tradeoff between production uptime and security requirements, underscoring that industrial operators are still balancing business continuity with the need to reduce exposure across connected devices and older operational systems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
ESET survey finds 78% of UK manufacturers suffered cyber incidents
An ESET survey of 500 senior UK manufacturing decision-makers found that 78% experienced a cyber incident in the previous 12 months. The report said 53% of affected firms lost revenue, 75% suffered at least one day of full or partial shutdown, and many major incidents caused losses of at least £250,000.
Rydman urges training and risk alignment to protect production uptime
Rydman recommended clear risk-threshold discussions, stakeholder alignment, employee training, and a security-aware culture to reduce human-error-driven attacks while balancing cybersecurity with operational continuity.
Packsize CSO warns smart factory attack surface is expanding
Packsize CSO Troy Rydman said smart factory risks are growing fastest through internet-exposed IoT, legacy infrastructure, embedded subsystems, and unmanaged devices connected to cloud and SaaS platforms.
TechRepublic reports 77% of OT environments suffered breaches
TechRepublic highlighted survey findings that industrial sectors including manufacturing, oil and gas, utilities, and petrochemicals continue to face persistent OT cybersecurity weaknesses, with third parties identified as a major attack vector.
Ponemon survey finds widespread OT security compromises
A Siemens Energy report based on a Ponemon Institute survey found that most respondents experienced OT-related security compromises in the previous year, with many incidents leading to confidential data loss or operational disruption.
Colonial Pipeline cyberattack disrupts fuel operations
A cyberattack on Colonial Pipeline in 2021 became a major example of how attacks on industrial and operational technology environments can cause real-world disruption.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
78% of UK manufacturers have experienced a cyber incident in the last year - and more than half have taken a revenue hit | IT Pro
itpro.com
Open sourceIndustrial Systems Under Siege: 77% of OT Environments Suffer Cyber Breaches
techrepublic.com
Open sourceWhat smart factories keep getting wrong about cybersecurity - Help Net Security
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Security Risks and Best Practices for Industrial and Energy OT Systems
Operational technology (OT) environments, including industrial control systems (ICS) and energy infrastructure such as solar farms, are increasingly exposed to cyber threats due to expanded connectivity and legacy protocols. Attackers are exploiting insecure-by-design protocols like Modbus, which are commonly used in solar panel systems and other industrial assets, to remotely manipulate devices and disrupt operations. Research highlights that with open ports and free tools, threat actors can quickly identify and control exposed OT assets, such as string monitoring boxes in solar farms, leading to rapid and large-scale power disruptions. The use of AI-driven automation further accelerates reconnaissance and exploitation, outpacing traditional human monitoring and response capabilities. To mitigate these risks, security experts recommend a combination of pragmatic, low-disruption controls tailored for operations teams. These include segmenting networks, enforcing robust access controls, and integrating OT telemetry into observability stacks to improve visibility and resilience. Maintaining high data hygiene in IIoT environments is also critical, as clean and reliable telemetry reduces false positives, supports accurate predictive models, and enables faster root cause analysis. Securing programmable logic controllers (PLCs) and other critical OT components is essential not only for data protection but also for ensuring physical safety and operational continuity, as compromised devices can lead to equipment damage or safety hazards.
Mar 21, 2026
Rising OT Threat From Credential Abuse and 'Living-off-the-Plant' Techniques
Security reporting and expert commentary warn that **operational technology (OT)** environments remain highly exposed due to fragile access controls and that attacker capability is trending toward more dangerous, process-aware operations. Lessons drawn from the 2015 **Ukraine power grid** disruption emphasize that remote connectivity, vendor access, and broad VPN permissions can become the “soft underbelly” of critical infrastructure, with recurring real-world examples of disruption tied to **misused remote access and stolen credentials** (including the **Colonial Pipeline** shutdown following a compromised password). The core takeaway is that OT systems are no longer “too specialized” to be targeted, and that common enterprise intrusion paths—credential compromise and remote access abuse—continue to translate into operational impact when they bridge into industrial environments. Separately, OT-focused threat analysis highlights early signs that attackers are gaining the “process comprehension” historically missing from many intrusions into industrial systems. A forthcoming RSA Conference 2026 presentation is expected to demonstrate **“living-off-the-plant”** techniques—analogous to living-off-the-land in IT—where adversaries leverage native industrial tooling and legitimate functions inside plants to blend in and potentially manipulate physical processes. The reporting argues that “security by obscurity” (attackers’ unfamiliarity with bespoke/legacy OT) has limited the severity of many incidents so far, but that this advantage is eroding as adversaries become more comfortable operating within industrial environments, increasing the risk of more consequential OT attacks.
Mar 21, 2026
Enterprise Risk from Unmanaged and Diverse xIoT and OT Devices
Enterprises are increasingly exposed to cybersecurity risks due to the proliferation of unmanaged and diverse extended Internet of Things (xIoT) and operational technology (OT) devices within their networks. Research analyzing over 10 million devices across 700 organizations found that two-thirds of networked devices are not traditional IT assets, but rather include network gear, OT, IoT, and medical equipment. Common high-risk device types such as VoIP phones, IP cameras, point-of-sale systems, and uninterruptible power supplies are often widespread yet remain unmanaged, creating significant security blind spots. The diversity of device functions, vendors, and operating system versions further complicates risk management, making it challenging for security teams to identify, patch, and mitigate vulnerabilities effectively. Manufacturers, in particular, face heightened OT security challenges due to legacy technology, lack of asset visibility, and the growing number of access points resulting from mergers and acquisitions. The complexity of managing access permissions, especially with multiple users sharing admin accounts, increases the difficulty of incident response and overall security posture. Despite increased awareness of these risks, the combination of device diversity, legacy systems, and human factors continues to present substantial obstacles to securing enterprise and manufacturing environments against cyber threats.
Mar 21, 2026