Logo
Cybersecurity

Behind the Running Machines: The Cyber Threats Lurking in Your Industrial Systems

820,000 IoT devices are attacked every single day. And that figure doesn't even account for the attacks targeting industrial control systems, SCADA environments, and the operational technology networks keeping power grids humming, water flowing, and factory lines moving. ITSEC Asia, Indonesia's leading cybersecurity company, offers comprehensive OT/IoT security services built for the realities of modern critical infrastructure.

Ajeng HadeAjeng Hade
|
Jun 05, 2026
Behind the Running Machines: The Cyber Threats Lurking in Your Industrial Systems

Introduction

For years, the cybersecurity conversation has revolved almost entirely around the IT world  corporate email, enterprise software, cloud storage. But the threat landscape has shifted. Quietly, and aggressively.

Attackers have figured out something that many security teams are only beginning to reckon with: Operational Technology (OT) and Internet of Things (IoT) environments are high-value targets, and by the standards the IT world now takes for granted, they are largely undefended.

The numbers don't leave much room for optimism. Ransomware attacks in the industrial sector spiked 87% year-over-year in 2024, making manufacturing the top ransomware target for four consecutive years. In the same period, the number of ransomware groups specifically targeting OT and ICS environments grew by 60%  not because these systems suddenly became more valuable overnight, but because attackers realized how exposed they already were.

One in every four penetration tests conducted on industrial environments still finds default credentials in active use. Sixty-five percent of OT environments have insecure remote access conditions. These aren't edge cases. They are the norm.

The question, then, is no longer whether your operational environment is a target. It already is. The real question is whether your organization is prepared when an attack arrives.

Sources: IoT Hacking Statistics 2025 · DeepStrike · OT Security Trends 2025 · Zero Networks · Fortinet 2025 State of OT Cybersecurity Report

Why OT and IoT Are Not Just "IT with Different Cables"

There's a tempting assumption that OT/IoT security is simply a matter of taking standard IT security practices and applying them to a different set of devices. That assumption is exactly the kind of thinking that gets organizations into serious trouble.

OT systems  the industrial control systems, programmable logic controllers, and SCADA networks that run physical processes  were designed in a different era with a different set of priorities. Availability and reliability were everything. Confidentiality and patch cycles were secondary concerns, sometimes not concerns at all. Many of these systems were built to run for decades. And they have.

The problem is they were never designed to be connected to broader networks, let alone the internet. But connectivity happened anyway, driven by efficiency demands and the rise of Industry 4.0  and the security architecture never caught up.

When a corporate IT network and a factory floor OT environment share connectivity  even indirectly  an attacker who breaches one has a potential pathway to the other. And lateral movement in these environments can be devastatingly fast. IBM's research shows the average lateral movement time has dropped to just 29 minutes. That means an attacker who enters through a vulnerable IoT sensor can reach mission-critical operational systems in less time than it takes to finish a cup of coffee.

IoT compounds the problem further. Connected devices  from smart meters and environmental sensors to surveillance cameras and building management systems  often run stripped-down operating systems with minimal security controls, infrequent firmware updates, and no monitoring visibility. Approximately 35% of global DDoS attacks today originate from IoT botnets, and hijacked devices routinely serve as entry points for deeper intrusions into IT and OT networks.

The 2021 Oldsmar, Florida water treatment attack  where an attacker used insecure remote-access software to attempt to alter chemical levels in a public water supply  remains one of the clearest illustrations of what's at stake when OT and IoT security fails.

Sources: Forescout 2025 Threat Report · Industrial Cyber · IBM Cost of a Data Breach Report 2024 · The Reality of IoT Security in 2025 · Growth Acceleration Partners

What Is Actually Happening in the Wild Right Now

Understanding the current threat landscape isn't an exercise in paranoia. It's a prerequisite for making good security decisions.

Nation-state actors have increasingly targeted critical infrastructure for geopolitical disruption  a trend that accelerated sharply in 2024. China's Volt Typhoon campaign, which maintained persistent access to US critical infrastructure by exploiting vulnerabilities in routers and remote-access solutions, showed just how patient and methodical state-sponsored attackers can be.

The FrostyGoop malware went even further: it exploited a zero-day vulnerability in Mikrotik routers, caused a district heating utility in Lviv to be misoperated, and left 600 homes without heat in the middle of winter. These are not theoretical scenarios. They happened.

Throughout 2024, CISA issued 241 new advisories affecting 70 vendors, resulting in 619 ICS CERT vulnerability disclosures. More troubling: 71% of the vulnerabilities being exploited were not in CISA's Known Exploited Vulnerabilities catalog  meaning attackers are actively going after weaknesses that many organizations aren't even tracking.

Patch management in OT environments is genuinely difficult. Downtime windows are narrow, legacy systems may not support modern updates, and operational continuity often takes precedence over security hygiene. But the cost of that trade-off is becoming increasingly visible.

Sources: Waterfall Security OT Attack Analysis 2024 · Shieldworkz 2025 OT/ICS Threat Landscape Report · Forescout 2025 Threat Report · Fortinet 2025 State of OT Cybersecurity Report

Building a Security Posture That Actually Fits OT/IoT Realities

Securing OT and IoT environments requires a fundamentally different methodology than traditional IT security  and it starts with acknowledging the constraints rather than fighting them.

OT systems often can't be patched on a standard schedule. Many can't tolerate the kind of active scanning that IT environments handle without issue. Some run on protocols that predate modern security by decades  Modbus, DNP3, and similar standards were designed for reliability and determinism, not authentication or encryption.

Effective OT/IoT security begins with visibility. You can't protect what you can't see. A comprehensive asset inventory  knowing every device on the network, its function, its communication patterns, and its vulnerability profile  is the foundation everything else builds on. Passive monitoring approaches that observe network traffic without disrupting operations are particularly well-suited to OT environments precisely because they provide visibility without operational risk.

From there, network segmentation becomes the most critical defensive layer. Many industrial organizations still operate with insufficient segmentation between IT and OT environments, leaving mission-critical assets exposed to threats that enter through the enterprise network. Proper segmentation, enforced by industrial firewalls and implemented alongside strict remote access controls, dramatically reduces an attacker's ability to move laterally from an IT compromise into operational systems.

The baseline goal is straightforward but not trivial: a breach in the corporate environment should never automatically translate into access to the factory floor.

One broader shift reflects this growing awareness. In 2025, 52% of organizations placed OT security under the CISO  up from just 16% in 2022. OT security is no longer a niche operational concern. It's a core enterprise risk issue.

Sources: Shieldworkz 2025 OT/ICS Threat Landscape Report · Fortinet 2025 State of OT Cybersecurity Report · Zero Networks OT Security Trends 2025

Making the Right Call Before an Incident Forces Your Hand

There are two versions of this conversation. One happens proactively. The other happens in the aftermath of a breach. Organizations that wait for the second version consistently face worse outcomes  not just operationally, but financially and reputationally as well.

The average time to identify a breach across all environments reached 194 days in 2024. In an OT environment, nearly seven months of undetected attacker presence is an extraordinarily long time for damage to accumulate invisibly.

Digital forensics taught us something worth carrying into OT: organizations that rush to restore without properly investigating what happened rebuild on the same broken foundation. Wiping a compromised industrial controller without first understanding how the attacker got in, how far they moved, and what they changed leaves the door open for an identical  or worse  incident weeks later.

ITSEC Asia has spent over a decade building cybersecurity capability across financial services, telecommunications, energy, transportation, manufacturing, and other critical sectors throughout Indonesia, Singapore, Australia, and the UAE. Our OT/IoT security practice covers the full spectrum of what organizations in these environments actually need: security testing to identify and remediate vulnerabilities, cyber asset management, vulnerability management tailored to operational constraints, managed detection and response, a dedicated OT Security Operations Center, tabletop exercises that test real incident response readiness, and digital forensics and incident response capability purpose-built for OT-specific incidents.

If your organization operates industrial systems, critical infrastructure, or connected operational environments  and hasn't yet conducted a structured assessment of its OT/IoT security posture  the data from the past 18 months makes a compelling case for starting that conversation now, before an incident forces the issue.

👉 Consult with our security specialists https://itsec.asia/contact

Share this post

You may also like

What Is Cloud Security? A First Introduction for Modern Enterprises
Cybersecurity

What Is Cloud Security? A First Introduction for Modern Enterprises

INTRODUCTION: CLOUD ADOPTION IS ACCELERATING, SO ARE THE RISKS Cloud computing has been part of enterprise IT for years, but the risk landscape around it is changing faster than ever. As organizations embrace AI, remote work, and digital transformation, cloud environments have become the backbone of business operations and a prime target for attackers. Today, breaches are no longer limited to traditional data centers. Misconfigured cloud resources, stolen credentials, and unmanaged identities are now among the most common root causes of security incidents. This is why understanding what cloud security is and what it is not matters deeply for enterprises today. At its core, cloud security refers to the policies, technologies, configurations, and responsibilities that protect cloud-based systems, data, and services. This concept is inseparable from how cloud computing itself is defined:an on demand, shared,and externally managed computing model, as outlined in the NIST [https://csrc.nist.gov/pubs/sp/800/145/final]Cloud Computing Definition (SP 800-145), where responsibility is inherently distributed between the provider and the user. WHAT IS CLOUD COMPUTING? A SIMPLE ENTERPRISE PERSPECTIVE Cloud computing is not

ITSEC AsiaITSEC Asia
|
Feb 12, 2026 — 7 minutes read
Calculating the Cost of Securing Your Business
Cybersecurity

Calculating the Cost of Securing Your Business

Tips

As the strategic importance of information security continues to grow for organizations of all sizes, and the complexity of information security increases across industries, business decisions are increasingly driven by the need to protect their intellectual assets and safeguard their IT infrastructure from evolving cybersecurity threats. Securing customer records, protecting sensitive financial information, and complying with regulatory requirements can create significant pressures on IT decision-makers and their resources. While many organizations have traditionally outsourced critical elements of their IT operations to managed service providers, more and more businesses are proactively outsourcing their security functions to specialized information security service providers. This has led to a need for evaluating the benefits of outsourcing security elements and comparing them to managing these processes internally. I wrote this article to help business leaders understand the best way to approach Managed Security Service Providers (MSSPs) in the context of Total Cost Ownership (TCO), a subject that is frequently discussed and of interest to both technical and non-technical leaders. INTERNAL SOLUTIONS OR OUTSOURCING? The key to evaluating

ITSEC AsiaITSEC Asia
|
Jul 10, 2023 — 8 minutes read
Vulnerability Assessment vs Penetration Testing: What's the Difference and Why Does It Matter?
Cybersecurity

Vulnerability Assessment vs Penetration Testing: What's the Difference and Why Does It Matter?

When discussing cybersecurity assessments, two terms are often used interchangeably: Vulnerability Assessment and Penetration Testing. While both approaches aim to improve an organization's security posture, they serve different purposes and provide different types of insights. Understanding the distinction between the two is important for organizations looking to prioritize risks, strengthen defenses and make better security decisions. Rather than asking which one is better, the more relevant question is: When should you use each approach, and how can they work together? WHAT IS A VULNERABILITY ASSESSMENT? A Vulnerability Assessment is the process of identifying and evaluating security weaknesses across systems, networks, applications and other digital assets. The primary objective is to discover vulnerabilities before attackers do. WHAT HAPPENS DURING A VULNERABILITY ASSESSMENT? A typical Vulnerability Assessment may include: * Asset discovery. * Automated vulnerability scanning. * Risk classification and prioritization. * Identification of outdated software and misconfigurations. * Reporting and remediation recommendations. The result is a broad view of potential weaknesses that require attention. STRENGTHS OF VULNERABILITY ASSESSMENTS Organizations often conduct Vulnerability Assessments

ITSEC AsiaITSEC Asia
|
Jun 15, 2026 — 4 minutes read

Receive weekly
updates on new posts

Subscribe