Today’s threat landscape demands a proactive OT security strategy

By John Fokker and Mo Cashman · November 18, 2025

Overview:

The operational technology (OT) security landscape is undergoing rapid transformation, marked by an escalation in advanced threats. As reported in Trellix’s November Operational Technology Threat Report, between April 1 and September 30, 2025, organizations operating in industrial control systems (ICS) saw over 272,000 detections, with critical infrastructure sectors being particularly vulnerable. This period saw a notable increase in coordinated attacks by state-sponsored actors and ransomware groups, such as the Sandworm Team and Qilin, targeting the OT sector. The primary sectors included manufacturing, transportation, utilities, and energy industries. Manufacturing accounted for 41.5% of all detections, reflecting the sector's critical role in global supply chains and inadequate OT security measures.

Traditional cyber adversaries have adapted their tactics, specifically targeting OT systems that are integral to national and economic security. The most significant trend defining the current OT threat landscape is the strategic focus on the IT/OT boundary, exploiting insufficient network segmentation. IT-to-OT pivoting can occur through compromised engineering workstations, shared credentials, and exploitation of remote-access solutions. Organizations must adopt robust security measures to safeguard their OT environments.

A proactive approach to OT security

As organizations integrate digital technologies into their operations, they become attractive targets for attackers. The goal of such attacks is designed to disrupt critical infrastructure or valuable manufacturing processes, highlighting the need for organizations to adopt a proactive approach to OT security. Threat actors not only exploit technical vulnerabilities but also employ social engineering tactics to manipulate human behavior. As such, proactive defense against OT threats starts in IT and requires a defense-in-depth OT security strategy. Key areas of an OT security strategy include:

• Architecture hardening
• Supply chain security
• Training and readiness
• Collaboration and intelligence sharing

Architecture hardening

To address IT-to-OT pivoting, organizations should implement robust network segmentation in accordance with ISA/IEC-62443 standards with dedicated security zones for OT networks and controlled access points between IT and OT environments. Deploy network detection and response to prevent lateral movement. Harden endpoints with anti-malware and integrity control software to prevent unauthorized software or changes. Organizations should also leverage the NIST Cybersecurity Framework, incorporating OT-specific controls, with a focus on asset inventory, risk-based vulnerability management, and incident response procedures. Leveraging threat intelligence as a core part of the OT security strategy will enhance incident detection and response capabilities. Implement and operationalize monitoring systems, such as SIEM, to provide visibility into both IT and OT environments. By analyzing intelligence and reducing exposure, organizations can better prepare for coordinated attacks.

OT supply chain security

Organizations have a complex supply chain with multiple types of OT solutions system providers. These systems can introduce new vulnerabilities and extend the attack surface. A comprehensive risk assessment of the supply chain is imperative for operational resilience. Organizations should also impose strict security requirements on vendors, ensuring they maintain a robust security posture that aligns with the organization's own security objectives. To adequately address supply chain risk, organizations should implement:

• Risk-based exposure management: Enrich vulnerability management data with CVE intelligence and attack path analysis, ensuring that the most important patches are applied first.
• Zero-trust vendor access: Treat all external connections—including those from long-term integrators or OEMs—as untrusted. Enforce granular, time-bound credentials, device control, and session monitoring for all remote maintenance.
• Software assurance and SBOM visibility: Require vendors to provide software bills of materials (SBOMs), validate digital signatures, and monitor for tampered or outdated components in updates.
• Vendor accountability: Embed cybersecurity clauses into supplier contracts, mandating secure update practices, vulnerability disclosure, and immediate reporting of incidents that could affect OT environments.
• Network segmentation and continuous monitoring: Ensure supplier-facing gateways are isolated from production networks, and maintain visibility over outbound traffic that could signal unauthorized data exchange or command activity.

Enhanced training and readiness

Human-risk management is a critical component of OT security. Regular training sessions that coach employees on emerging threats, phishing attempts, and the safe handling of sensitive information can significantly reduce risk. Furthermore, involving employees in security best practices and readiness testing fosters a culture of resilience in the entire organization.

Collaboration and intelligence sharing

Organizational cybersecurity is a shared responsibility between suppliers, IT, and OT security teams. The threat landscape extends across sectors, and as such, a collaborative approach to intelligence sharing among organizations can enhance collective defense strategies. Public-private information sharing, industry forums, and security alliances can serve as valuable resources for exchanging insights on emerging threats and best practices for fortifying defenses.

Conclusion

OT is increasingly targeted by cybercriminals, making it essential for organizations to prioritize proactive OT security defense. This involves a combination of hardened defensive measures, increased visibility across the environment, cultural awareness, supply chain diligence, and collaborative efforts across industries. By addressing these multifaceted strategies, organizations can better safeguard their operational technologies and critical infrastructure against emerging threats. As the digitalization of industrial environments continues, those proactive in enhancing their operational resilience will be better positioned to navigate the complexities of OT security.

For more information, read the complete Trellix OT Threat Report.

Find out how Trellix can help you protect your OT environments.

Discover the latest cybersecurity research from the Trellix Advanced Research Center: https://www.trellix.com/advanced-research-center/