Logo
Cybersecurity

Behind the Running Machines: The Cyber Threats Lurking in Your Industrial Systems

820,000 IoT devices are attacked every single day. And that figure doesn't even account for the attacks targeting industrial control systems, SCADA environments, and the operational technology networks keeping power grids humming, water flowing, and factory lines moving. ITSEC Asia, Indonesia's leading cybersecurity company, offers comprehensive OT/IoT security services built for the realities of modern critical infrastructure.

Ajeng HadeAjeng Hade
|
Jun 05, 2026
Behind the Running Machines: The Cyber Threats Lurking in Your Industrial Systems

Introduction

For years, the cybersecurity conversation has revolved almost entirely around the IT world  corporate email, enterprise software, cloud storage. But the threat landscape has shifted. Quietly, and aggressively.

Attackers have figured out something that many security teams are only beginning to reckon with: Operational Technology (OT) and Internet of Things (IoT) environments are high-value targets, and by the standards the IT world now takes for granted, they are largely undefended.

The numbers don't leave much room for optimism. Ransomware attacks in the industrial sector spiked 87% year-over-year in 2024, making manufacturing the top ransomware target for four consecutive years. In the same period, the number of ransomware groups specifically targeting OT and ICS environments grew by 60%  not because these systems suddenly became more valuable overnight, but because attackers realized how exposed they already were.

One in every four penetration tests conducted on industrial environments still finds default credentials in active use. Sixty-five percent of OT environments have insecure remote access conditions. These aren't edge cases. They are the norm.

The question, then, is no longer whether your operational environment is a target. It already is. The real question is whether your organization is prepared when an attack arrives.

Sources: IoT Hacking Statistics 2025 · DeepStrike · OT Security Trends 2025 · Zero Networks · Fortinet 2025 State of OT Cybersecurity Report

Why OT and IoT Are Not Just "IT with Different Cables"

There's a tempting assumption that OT/IoT security is simply a matter of taking standard IT security practices and applying them to a different set of devices. That assumption is exactly the kind of thinking that gets organizations into serious trouble.

OT systems  the industrial control systems, programmable logic controllers, and SCADA networks that run physical processes  were designed in a different era with a different set of priorities. Availability and reliability were everything. Confidentiality and patch cycles were secondary concerns, sometimes not concerns at all. Many of these systems were built to run for decades. And they have.

The problem is they were never designed to be connected to broader networks, let alone the internet. But connectivity happened anyway, driven by efficiency demands and the rise of Industry 4.0  and the security architecture never caught up.

When a corporate IT network and a factory floor OT environment share connectivity  even indirectly  an attacker who breaches one has a potential pathway to the other. And lateral movement in these environments can be devastatingly fast. IBM's research shows the average lateral movement time has dropped to just 29 minutes. That means an attacker who enters through a vulnerable IoT sensor can reach mission-critical operational systems in less time than it takes to finish a cup of coffee.

IoT compounds the problem further. Connected devices  from smart meters and environmental sensors to surveillance cameras and building management systems  often run stripped-down operating systems with minimal security controls, infrequent firmware updates, and no monitoring visibility. Approximately 35% of global DDoS attacks today originate from IoT botnets, and hijacked devices routinely serve as entry points for deeper intrusions into IT and OT networks.

The 2021 Oldsmar, Florida water treatment attack  where an attacker used insecure remote-access software to attempt to alter chemical levels in a public water supply  remains one of the clearest illustrations of what's at stake when OT and IoT security fails.

Sources: Forescout 2025 Threat Report · Industrial Cyber · IBM Cost of a Data Breach Report 2024 · The Reality of IoT Security in 2025 · Growth Acceleration Partners

What Is Actually Happening in the Wild Right Now

Understanding the current threat landscape isn't an exercise in paranoia. It's a prerequisite for making good security decisions.

Nation-state actors have increasingly targeted critical infrastructure for geopolitical disruption  a trend that accelerated sharply in 2024. China's Volt Typhoon campaign, which maintained persistent access to US critical infrastructure by exploiting vulnerabilities in routers and remote-access solutions, showed just how patient and methodical state-sponsored attackers can be.

The FrostyGoop malware went even further: it exploited a zero-day vulnerability in Mikrotik routers, caused a district heating utility in Lviv to be misoperated, and left 600 homes without heat in the middle of winter. These are not theoretical scenarios. They happened.

Throughout 2024, CISA issued 241 new advisories affecting 70 vendors, resulting in 619 ICS CERT vulnerability disclosures. More troubling: 71% of the vulnerabilities being exploited were not in CISA's Known Exploited Vulnerabilities catalog  meaning attackers are actively going after weaknesses that many organizations aren't even tracking.

Patch management in OT environments is genuinely difficult. Downtime windows are narrow, legacy systems may not support modern updates, and operational continuity often takes precedence over security hygiene. But the cost of that trade-off is becoming increasingly visible.

Sources: Waterfall Security OT Attack Analysis 2024 · Shieldworkz 2025 OT/ICS Threat Landscape Report · Forescout 2025 Threat Report · Fortinet 2025 State of OT Cybersecurity Report

Building a Security Posture That Actually Fits OT/IoT Realities

Securing OT and IoT environments requires a fundamentally different methodology than traditional IT security  and it starts with acknowledging the constraints rather than fighting them.

OT systems often can't be patched on a standard schedule. Many can't tolerate the kind of active scanning that IT environments handle without issue. Some run on protocols that predate modern security by decades  Modbus, DNP3, and similar standards were designed for reliability and determinism, not authentication or encryption.

Effective OT/IoT security begins with visibility. You can't protect what you can't see. A comprehensive asset inventory  knowing every device on the network, its function, its communication patterns, and its vulnerability profile  is the foundation everything else builds on. Passive monitoring approaches that observe network traffic without disrupting operations are particularly well-suited to OT environments precisely because they provide visibility without operational risk.

From there, network segmentation becomes the most critical defensive layer. Many industrial organizations still operate with insufficient segmentation between IT and OT environments, leaving mission-critical assets exposed to threats that enter through the enterprise network. Proper segmentation, enforced by industrial firewalls and implemented alongside strict remote access controls, dramatically reduces an attacker's ability to move laterally from an IT compromise into operational systems.

The baseline goal is straightforward but not trivial: a breach in the corporate environment should never automatically translate into access to the factory floor.

One broader shift reflects this growing awareness. In 2025, 52% of organizations placed OT security under the CISO  up from just 16% in 2022. OT security is no longer a niche operational concern. It's a core enterprise risk issue.

Sources: Shieldworkz 2025 OT/ICS Threat Landscape Report · Fortinet 2025 State of OT Cybersecurity Report · Zero Networks OT Security Trends 2025

Making the Right Call Before an Incident Forces Your Hand

There are two versions of this conversation. One happens proactively. The other happens in the aftermath of a breach. Organizations that wait for the second version consistently face worse outcomes  not just operationally, but financially and reputationally as well.

The average time to identify a breach across all environments reached 194 days in 2024. In an OT environment, nearly seven months of undetected attacker presence is an extraordinarily long time for damage to accumulate invisibly.

Digital forensics taught us something worth carrying into OT: organizations that rush to restore without properly investigating what happened rebuild on the same broken foundation. Wiping a compromised industrial controller without first understanding how the attacker got in, how far they moved, and what they changed leaves the door open for an identical  or worse  incident weeks later.

ITSEC Asia has spent over a decade building cybersecurity capability across financial services, telecommunications, energy, transportation, manufacturing, and other critical sectors throughout Indonesia, Singapore, Australia, and the UAE. Our OT/IoT security practice covers the full spectrum of what organizations in these environments actually need: security testing to identify and remediate vulnerabilities, cyber asset management, vulnerability management tailored to operational constraints, managed detection and response, a dedicated OT Security Operations Center, tabletop exercises that test real incident response readiness, and digital forensics and incident response capability purpose-built for OT-specific incidents.

If your organization operates industrial systems, critical infrastructure, or connected operational environments  and hasn't yet conducted a structured assessment of its OT/IoT security posture  the data from the past 18 months makes a compelling case for starting that conversation now, before an incident forces the issue.

👉 Consult with our security specialists https://itsec.asia/contact

Share this post

You may also like

Data Protection and Cybersecurity Laws in the Asia-Pacific Region
Cybersecurity

Data Protection and Cybersecurity Laws in the Asia-Pacific Region

Info

Apart from sales and trade, the majority of internet users utilize it for socializing and interacting with peers online. For instance, there were 3.8 billion social media users in January 2020, which represents a 9 percent increase from the previous year. The advancements in internet and related communication technologies enable easy access to information from anywhere on the planet. For example, an online merchant operating in Thailand can offer their services to customers residing in the European Union and the United States. In order to address the dissemination of personal information, including financial, medical, and other types of personal data, worldwide through the internet, appropriate legal regulations need to be established to protect the personal data of citizens and the digital assets of organizations while working online. Following the implementation of the General Data Protection Regulation (GDPR) in the European Union (which came into effect on May 25, 2018), which governs data protection and privacy in EU countries and regulates the transfer of personal data outside the European Union and

ITSEC AsiaITSEC Asia
|
Jul 10, 2023 11 minutes read
Cybersecurity Indonesia: Rising Cyber Threats and the Importance of a Strong Digital Security Strate
Cybersecurity

Cybersecurity Indonesia: Rising Cyber Threats and the Importance of a Strong Digital Security Strate

cybersecurity indonesia
cyber security indonesia
cybersecurity di indonesia
cyber security di indonesia
cybersecurity in indonesia
cyber security in indonesia

Indonesia is facing a growing risk of ransomware attacks, phishing campaigns, data breaches and digital infrastructure exploitation that can impact business operations, public services and customer trust. In recent years, sectors including government, financial services, manufacturing, education and digital platforms have become major targets of cyber attacks. As one of the leading cybersecurity companies in Indonesia, ITSEC Asia provides cybersecurity services designed to help organizations strengthen cyber resilience and protect against evolving digital threats. -------------------------------------------------------------------------------- WHY CYBERSECURITY INDONESIA HAS BECOME A NATIONAL PRIORITY Cybersecurity Indonesia is no longer just a technical concern. Cybersecurity has become a critical component of business resilience and national digital security. Indonesia’s fast-growing digital economy is driving organizations to adopt new technologies at a rapid pace. At the same time, cyber threats continue to evolve through: * Ransomware attacks targeting organizations * Customer and sensitive data breaches * AI-powered phishing and social engineering * Cloud infrastructure attacks * Web and mobile application exploitation * Threats against critical infrastructure Organizations across Indonesia are increasingly recognizing that cyber attacks are

ITSEC AsiaITSEC Asia
|
Mei 07, 2026 4 minutes read
Think Your System Is Secure? Penetration Testing Can Prove It
Cybersecurity

Think Your System Is Secure? Penetration Testing Can Prove It

INTRODUCTION Today, almost every organization relies on digital systems to run daily operations, from websites and cloud applications to payment systems and internal databases.  However, as digital infrastructure grows, so do cybersecurity risks. Attackers constantly look for vulnerabilities in applications, networks, and systems that they can exploit to gain unauthorized access or steal sensitive data (Cloudflare, 2024). Because of this growing threat landscape, organizations need ways to test their defenses before real attackers attempt to breach them. One of the most effective methods is penetration testing, often called pen testing, where cybersecurity professionals simulate attacks to identify security weaknesses before malicious actors do (IBM, 2024). In simple terms, penetration testing is authorized hacking designed to improve security rather than cause damage. Source: Cloudflare.com [https://www.cloudflare.com/learning/security/glossary/what-is-penetration-testing/], ibm.com [https://www.ibm.com/think/topics/penetration-testing] WHAT IS PENETRATION TESTING? Penetration testing is a cybersecurity assessment where security experts simulate cyberattacks on systems to identify vulnerabilities that attackers could exploit. These experts that are often known as penetration testers or ethical hackers use techniques similar to real attackers, but with permission from the organization and with the goal

ITSEC AsiaITSEC Asia
|
Apr 02, 2026 6 minutes read

Receive weekly
updates on new posts

Subscribe