Proactive Strategies Becoming a Necessity

A new report highlights the evolution of industrial attacks and the need to shift approaches.

Industrial Cyber
November 19, 2025

Trellix recently unveiled its Operational Technology Threat Report, which showed an increase in OT/ICS targeting by state-sponsored actors and ransomware groups across the manufacturing, transportation and shipping, utilities, and energy/oil and gas sectors. Additionally:

  • Manufacturing emerged as the primary target, representing 41.5 percent of all detections.
  • 61.8 percent of ransomware incidents targeted manufacturing, indicating systematic disruption of production capabilities.
  • There has been a notable increase in coordinated attacks, with state-sponsored actors and ransomware groups, such as the Sandworm Team and Qilin, targeting the OT sector.
  • The most significant trend defining the current OT threat landscape is the strategic focus on the IT/OT boundary, exploiting insufficient network segmentation. IT-to-OT pivoting can occur through compromised engineering workstations, shared credentials, and exploitation of remote-access solutions.
  • Threat actors are not only exploiting technical vulnerabilities, but also employing social engineering tactics to manipulate human behavior. 

The report stresses a proactive security strategy, which should include the following. 

  • Architecture hardening.
    • To address IT-to-OT pivoting, organizations should implement robust network segmentation in accordance with ISA/IEC-62443 standards with dedicated security zones for OT networks and controlled access points between IT and OT environments.
    • Deploy network detection and response to prevent lateral movement.
    • Harden endpoints with anti-malware and integrity control software to prevent unauthorized software or changes.
    • Leverage the NIST Cybersecurity Framework, incorporating OT-specific controls, with a focus on asset inventory, risk-based vulnerability management, and incident response procedures.
    • Implement and operationalize monitoring systems such as SIEM for visibility into both IT and OT environments.
  • OT supply chain security.
    • Enrich vulnerability management data with CVE intelligence and attack path analysis, ensuring that the most important patches are applied first.
    • Zero-trust vendor access. Treat all external connections—including those from long-term integrators or OEMs—as untrusted. Enforce granular, time-bound credentials, device control and session monitoring for all remote maintenance.
    • Software assurance and SBOM visibility. Require vendors to provide software bills of materials (SBOMs), validate digital signatures, and monitor for tampered or outdated components in updates.
    • Vendor accountability. Embed cybersecurity clauses into supplier contracts, mandating secure update practices, vulnerability disclosure, and immediate reporting of incidents that could affect OT environments.
    • Network segmentation and continuous monitoring. Ensure supplier-facing gateways are isolated from production networks, and maintain visibility over outbound traffic that could signal unauthorized data exchange or command activity.
  • Enhanced training and readiness. Regular training sessions that coach employees about emerging threats, phishing attempts, and safe handling of sensitive information can significantly reduce risks.
  • Collaboration and intelligence sharing. Public-private information sharing, industry forums, and security alliances can serve as valuable resources for exchanging insights on emerging threats and best practices for fortifying defenses. 

The report states that by addressing these multifaceted strategies, organizations can better safeguard their operational technologies and critical infrastructure against emerging threats. As the digitalization of industrial environments continues, those proactive in enhancing their operational resilience will be better positioned to navigate the complexities of OT security.

Related Stories
Lava lamps are seen through a lobby window at the headquarters of Cloudflare in San Francisco, Wednesday, Aug. 31, 2022.
Cybersecurity
Cloudflare Outage Impacts Thousands, Including IEN, Manufacturing.net, MBT
Qad Redzone Red
Cybersecurity
QAD Launches QAD Adaptive Powered with Agentic Champion AI
Industrial Cyber
Cybersecurity
Ensuring Uptime Without Sacrificing OT Security
Ep156
Cybersecurity
Security Breach: People Are Not the Biggest Risk
More in Cybersecurity
Cybersecurity
Automotive Ransomware Attacks More Than Doubled in 2025
More AI, expanded autonomous technologies and evolving threat actors are elevating cyber risks.
Automobile Cockpit, Various Information Monitors And Head Up Displays
Cybersecurity
SBOM Regs Rolled Back
The two Biden-era memoranda required agencies to obtain software security attestations before deployment.
Us Binary Flag Mirsad Sarajlic
Cybersecurity
Threats Targeting Employee Credentials Surge 389 Percent
Credentials are being stolen in as little as 14 minutes.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Shadow AI Threats Grow
Productivity pressures are pushing many to bypass safeguards, increasing exposure to data leaks.
Insider Threat Leo Wolfert
Cybersecurity
Report Shows AI-Enabled Threats As Top Concern
AI could help hackers take greater advantage of visibility shortcomings.
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Domino Effect of a Data Breach
Here are some strategies to detect breaches faster and limit their capacity for damage.
Coding
Cybersecurity
AI Won’t Replace the Cybersecurity Workforce, But It Will Redefine It
AI is framed as a multi-faceted solution, but the conversation often goes off course.
Ai Your Photo
Cybersecurity
Security Breach: Strengthening Your Weakest Links
All the little things can kill a cybersecurity strategy, but there are ways to tie them all together.
Ep157
Cybersecurity
The Rise of Identity and Data Security Dependency
Predictions on what will shape industrial cybersecurity in 2026 and beyond.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Securing the Edge in AI-Enabled Smart Factories
Growing data needs have manufacturers between a rock and a hard place.
Sase Supatman
Cybersecurity
How AI Is Transforming Cybersecurity Threats in 2026
Social engineering, deep fakes and more will benefit from the evolution of artificial intelligence.
Deepfake Orhan Turan
Cybersecurity
Inside The Mind of a Hacker
The report details how hackers are moving to a more collaborative, AI-enhanced approach.
General Cyberattack
Page 1 of 55
Next Page