How to Fight Back Against OT Cyberattacks

ot cyberattack

As our world grows increasingly digital, businesses need to prepare for the potential dangers posed to their data and technology. In particular, operational technology (OT) cyberattacks are on the rise, targeting systems in manufacturing, utilities, transportation, and more. To combat the destructive financial, operational, and reputational effects of OT cyberattacks, businesses need strong OT cybersecurity systems to reduce their risk. These systems include technical, physical, and administrative controls. When combined with employee training, companies can successfully fight back against malicious hackers and retain consumer trust.

ot cyberattack

What Threats Are Your OT Systems up Against?

Attackers have several methods of gaining access to your company’s operational technology. While some attack your software directly, others prey upon your employees and rely on human error to infiltrate your systems. Here are the six major threats every business should have on its cybersecurity radar:


Ransomware is, as the name suggests, malicious software that blocks access to a computer system or threatens to release private information until a ransom is paid. Because of the modern interconnectedness of data and technology, most companies have a lot to lose when attackers hold their systems hostage. OT systems may be rendered inoperable until the company pays out thousands, sometimes millions, of dollars. 

Spear Phishing

You’ve likely come across dozens of phishing attempts in your email inbox. These emails pretend to be legitimate in order to access your account information or trick you into deploying malware. Some phishing schemes target or “spear” employees who manage OT systems in order to disrupt, damage, or lock employees out of the system.

Compromised Vendor

Your company isn’t the only one you need to watch out for—third parties can also pose serious threats if their cybersecurity is compromised. Many attackers use third parties as a jumping-off point in order to get to bigger companies with higher-level security. Even fourth parties and beyond pose a threat, depending on the level of access they have to your third party and the level of access your third party has to you.

Remote Access

In the age of “work from home,” many employees are accessing company systems and technology remotely. These remote environments are less regulated and controllable, which can create weak points for attackers to get in. Because of the rapid and unexpected boost in remote work, some companies may not know how to recognize suspicious or unauthorized remote connections.

Disgruntled Employees

Attacks to your company’s OT systems usually aren’t random. Oftentimes, the perpetrator is a disgruntled or ex-employee who already has internal access to your systems. Employees can be some of the most dangerous attackers, as while they’re usually not hardened cybercriminals, they possess a more intimate knowledge of your company’s specific systems.

Credential Stuffing

Credential stuffing is a form of cyberattack in which hackers steal usernames and passwords from one account in order to gain access to another. This is possible because a majority of users (64%) reuse the same credentials across multiple accounts. Even more alarming is that 70% of breached passwords are still in use, revealing just how lax many peoples’ password habits are.

ot attack

How Can Companies Fight Back against OT Cyberattacks?

Hackers are tricky, and their methods of infiltrating your company are growing more sophisticated every day. However, all hope is not lost. There are several steps businesses can take to maximize their protection against OT cyberattacks.

1. Regularly Update All Patches

It can be easy to hit the snooze button on your system’s patch update alerts. However, installing system updates is a necessary part of your company’s cybersecurity upkeep, as these updates keep your system current and better-protected from vulnerabilities. Once notified, set a deadline to install the update within 90 days or during your company’s next available maintenance window. Before implementing the update system-wide, try testing the patch first on a malware detection program for added security. Lastly, it’s a good idea to keep an inventory list with key system attributes to help manage your OT assets. Noting the vendor, version, and operating system will help you track and secure data across these platforms.

2. Reduce the Attack Surface

Connecting OT systems to IT networks, while useful and efficient, creates a larger attack surface for hackers to potentially infiltrate. Therefore, your company must strip away all extraneous points of access to make the attack surface as small as possible. If possible, segregate your OT and IT devices and only allow essential traffic through. That way, if attackers compromise one system, the firewall will help protect the other system’s data from harm. In addition, disable all unused services and ports, and standardize the method of remote connectivity to help detect suspicious activity. Ensure employees are trained on proper tech usage, such as never take pictures of OT equipment or check personal email/social media with company devices. Reducing your attack surface is a twofold effort from both the company itself and its individual employees.

3. Limit Access Management

With broad access, errors and malware can easily spread throughout your entire network and infect your OT systems. Therefore, your company must grant users the least amount of access necessary to perform a task. Once the task is complete or delegated to someone else, immediately revoke access from users who no longer need it. Because it can be difficult to track who has access to what and how much, keep a living document of users and their access privilege. To take this one step further, review your system logs regularly and investigate any unusual activity. Additionally, in order to prevent credential theft and unauthorized users, use strong passwords and change them after each new software installation. Good password habits paired with session time-outs and two-factor authentication will provide an added wall of security around your OT systems.

4. Assess and Train Your Third-Party Vendors

To ensure your company is externally protected from cyberthreats, select third-party vendors with a strong reputation for cybersecurity. This requires a diligent third-party risk assessment, in which your company selects a vendor that poses the least risk depending on your unique compliance requirements. After settling on a third-party vendor, your company should continually monitor and assess its risk level, preferably on an annual basis. To make sure your third parties are familiar with your OT cybersecurity practices, consider offering training or resource toolkits to keep security top of mind.

Maintaining Strong OT Cybersecurity over Time

It’s not enough to simply update a few patches or conduct a few risk assessments; protecting your OT systems from cyberattacks is a continuous process. These practices provide a strong foundation for your company’s cybersecurity program, but require regular monitoring and maintenance in order to remain effective. Otherwise, your systems and security will quickly grow out of touch with the ever-evolving technology landscape.

Additionally, don’t just rely on strong software and policies to prevent OT cyberattacks. The most important line of defense against cyberattacks is your employees. Because so many hackers target people over systems, your employees are often the ones who stop attackers in their tracks or let them slip through the cracks. Offering comprehensive OT cybersecurity training and following up with resources for your employees will help protect your company and its systems for the long haul.

Need help with your OT cybersecurity management? Reach out to see how employee training can help fill in the gaps and reduce risk.

By LHT Learning
| July 12, 2022