Cyberattacks are shifting focus to industrial systems, with new threats targeting OT and ICS networks.
A new report from the SANS Institute reveals a troubling trend: attackers are increasingly using IT network vulnerabilities to access operational technology (OT) and industrial control systems (ICS). The 2024 SANS State of ICS/OT Cybersecurity report shows that 74.4% of reported incidents involved tactics other than ransomware, indicating a shift away from traditional attacks. Ransomware still accounted for 11.7% of cases, but cybercriminals are exploring other methods to target important systems.
One in five organizations experienced at least one security breach in the last year. Initial entry points included remote access services and internet-connected devices, each linked to nearly a quarter of the incidents. Employee workstations and external media also played a part, indicating the range of tactics used.
The shift in tactics shows that industries relying on ICS and OT systems face new risks. While ransomware attacks may be less frequent, their impact is still significant. In cases involving ransomware, 38% of organizations reported disruptions in IT networks alone, while 28.6% experienced issues affecting both IT and OT environments, leading to operational and safety concerns.
Spear phishing is also on the rise. Nearly 19% of respondents reported that attackers tried to breach systems via malicious email attachments, underlining the need for stronger defenses against social engineering.
Cybersecurity experts are urging organizations to adopt a proactive, layered approach to defending both IT and OT systems. The SANS report calls for continuous monitoring and sharing of threat intelligence to improve early detection. Many in the industry are also reiterating the need for close collaboration between IT and OT teams, as these systems are often interconnected and vulnerable.
Threats to OT and ICS networks aren’t just about individual breaches—they can impact services many people and industries depend on. The findings from the SANS report prove the need for stronger security in OT environments to protect infrastructure from disruptions that could ripple through entire communities.
These networks hold fundamental operational data, and if breached, attackers could disrupt services or manipulate control systems.
Layered security across IT and OT, real-time monitoring, and training employees on phishing are necessary steps to reduce breach risks.
Cybercriminals adapt quickly, and interconnected systems add complexity. Regular updates and proactive security strategies help limit vulnerabilities but can’t eliminate them.