Challenges of OT cyber security 2025: Growing attack surface and inadequate strategies in the industry
The OT cybersecurity situation will remain challenging in 2025. Although only a few campaigns directly targeted industrial facilities compared to the total number of cyberattacks, the attack surface continues to grow.
At the same time, many industrial companies are still in the early stages of developing a structured and effective OT cybersecurity strategy. Rhebo has summarized the current developments in OT cybersecurity in its report "The State of OT Cybersecurity 2024/2025 - Metrics and Trends, from global and local” and enhanced it with insights from live projects at industrial companies.
In a nutshell:
- Globally, OT cybersecurity is becoming more and more essential. Cyber incidents in IT are increasingly affecting physical processes through spillover into OT. Obfuscation tactics, living-off-the-land techniques, zero-day vulnerabilities, stolen access data, and prepositioning are escalating the threat landscape. In 2024, three new OT-enabled malware programs were discovered in a single year.
- In the EU, regulation is gaining momentum: NIS2 and the Cyber Resilience Act will require over 400,000 companies to implement cybersecurity measures. However, implementation is slow. Vulnerabilities in supply chains, attacks via remote access, and a lack of transparency regarding the components used are widespread (not only in Europe).
- Germany ranks second worldwide in terms of the number of malicious actors targeting the country. Only the US faces a larger number of adversaries. Nevertheless, according to the German Federal Office for Information Security (BSI), only 31% of operators of critical infrastructure in the German utilities sector have met all the “MUST” requirements for an intrusion detection system.
- Rhebo has analyzed numerous OT networks as part of its Rhebo Industrial Security Assessments. The results show that fundamental vulnerabilities remain, opening up potential attack surfaces. They also reveal how great the need for visibility and security monitoring of legacy systems is.
The good news is that many companies want to actively improve their OT security.
But getting there requires:
- Visibility and transparency across systems and communication flows.
- Technological understanding of OT-specific risks and vulnerabilities.
- Reliable processes for detecting and evaluating security incidents.
- Partnership-based support for analysis, monitoring, and training.
In many cases, it is not so much a lack of will as a lack of clarity about how and where to start. A Rhebo Industrial Security Assessment provides visibility and transparency into OT risks and lays the foundation for an effective OT network intrusion detection system.