Operational technology (OT) systems control and monitor industrial processes in sectors, including energy, manufacturing, water treatment, transportation, and more. As these systems become increasingly interconnected with information technology (IT) networks, their exposure to cyber threats grows. Protecting OT environments requires a keen understanding of their unique vulnerabilities and challenges.

If you’ve ever walked into a control room at a water treatment plant or a power substation, you know OT security isn’t just about firewalls and passwords – it’s about keeping the lights on and the water clean. Unlike IT, where systems refresh every few years, OT environments often run on technology that is fit for its operational purpose. That gap creates unique security challenges.

A recent study we commissioned quantifies today’s OT security issues. The “Global Industrial Cybersecurity Benchmark 2025” from Takepoint Research surveyed 240 global operational leaders and security professionals. This study discovered:

  • Nearly 60% of organizations report low to no confidence in their OT/IoT threat detection capabilities
  • 63% of organizations require over 30 days to remediate threats – with 37% exceeding 90 days.

So, there’s a lack of really knowing today’s threats and a gap in time in fixing things once those threats are known. It’s an unfortunate reality. And one that has some serious financial and potentially life-threatening consequences

“The high time demands of critical security tasks like vulnerability prioritization, risk mitigation, and incident response are further compounded by limited staffing,” reflects Takepoint.  “While these processes require consistent, skilled attention, many organizations lack sufficient full-time OT security personnel to meet demand. This disconnect between workload and workforce not only slows response times but also increases reliance on manual workflows, underscoring the urgent need for scalable solutions, such as automation and managed services, to close the gap.”

Based on what I’ve seen in the field, here are the five most common issues that put OT environments at risk, with some advice on how organizations can realistically address them.

 

1. Legacy Systems and Outdated Technology

It’s not uncommon to find PLCs or SCADA systems running on Windows XP or even older systems. These devices were never designed with cyberattacks in mind.

  • Why it matters: Vendors may have stopped releasing patches years ago, but these systems are still running critical operations. I’ve seen cases where replacing them meant halting production – something no plant manager wants to do.
  • What you can do: Start with a complete inventory. You can’t protect what you don’t know exists. From there, segment those legacy systems, and if upgrades aren’t possible, look at compensating controls like firewalls or unidirectional gateways.

 

2. Insecure Remote Access

Remote access is essential for efficient OT operations facilitating vendor support, remote monitoring, and maintenance. However, insecure remote connections are a leading cause of security incidents.

  • Use of Default Credentials: Many OT systems are deployed with default passwords that are rarely changed, making unauthorized access easier for attackers.
  • Unsecured Communication Channels: Remote access solutions may lack encryption or utilize outdated protocols (such as Telnet or unencrypted VNC), exposing sensitive information to interception.
  • Lack of Multi-Factor Authentication (MFA): Without MFA, the risk of credential compromise rises dramatically.

Organizations must implement strong authentication controls, enforce encryption on all remote connections, monitor access logs, and ensure that remote access is only enabled when absolutely necessary.

  • Real-world example: I’ve come across plants still using default vendor passwords like “1234” on remote access portals.
  • What you can do: Enforce MFA, encrypt all remote sessions, and review access logs. Most importantly, remote access should be ‘on-demand’ and enabled only when needed, then shut down.

 

3. Poor Network Segmentation

Traditionally, OT networks were isolated (“air-gapped”) from enterprise IT networks and the Internet. Modern connectivity trends, however, have blurred these boundaries, often without adequate segmentation.

  • Flat Networks: Many OT environments have flat network architectures, where all devices can communicate freely with one another. Attackers who breach the network perimeter can easily move laterally to access critical systems.
  • Converged IT/OT Networks: The integration of IT and OT systems without proper segmentation increases the attack surface.
  • Insufficient Firewalls and Access Controls: Lack of robust network controls allows threats to spread unchecked throughout the environment.

Best practices include deploying firewalls and data diodes between IT and OT systems, segmenting networks, and limiting access using the principle of least privilege.

  • What you can do: Break the network into zones based on criticality. Protect crown-jewel assets like controllers and safety systems with additional layers. Think of it as compartmentalization on a ship – one breach shouldn’t sink the whole vessel.

 

4. Lack of Visibility and Monitoring

One of the defining challenges in OT security is the lack of comprehensive visibility into system activity and network traffic. Many organizations do not know what devices are connected or how data flows between them.

  • Absence of Asset Inventory: Without a complete and accurate inventory of OT assets, it is impossible to assess risk or detect unauthorized devices.
  • No Baseline of Normal Behavior: Organizations often lack the means to define and monitor “normal” operational patterns, making intrusion detection difficult.
  • Limited Logging Capabilities: OT devices may have limited resources for logging or may not support centralized monitoring solutions.

To improve visibility, organizations should implement OT-aware intrusion detection systems and maintain up-to-date asset inventories.

  • Real-world example: USB drives introduced without logging, engineers plugging in laptops directly to controllers, and mystery devices nobody claims ownership of…
  • What you can do: Invest in passive monitoring tools that are OT-aware. Build and maintain an asset inventory and establish a baseline of ‘normal’ operations so anomalies stand out.

 

5. Lack of Security Awareness, aka the Human Side of Security

The human element is a critical, yet often overlooked, aspect of OT security. In industrial environments, operators, engineers, and contractors may not be well-versed in cybersecurity best practices.

  • Phishing and Social Engineering: Attackers often target OT personnel with phishing emails or deceptive phone calls to gain initial access to networks.
  • Poor Password Hygiene: Weak or shared passwords are common, especially on shared workstations or remote access portals.
  • Unintentional Errors: Mistakes, such as connecting unauthorized devices, misconfiguring firewalls, or accidentally introducing malware via USB drives, can have severe consequences.

Building a strong security culture requires regular training, clear policies, and ongoing communication between IT, OT, and executive leadership.

  • Real-world example: I’ve seen malware introduced because a contractor plugged in a personal USB stick to upload configs.
  • What you can do: Regular security training tailored to OT staff is crucial. Make it practical, not theoretical. Reinforce simple steps like strong passwords, verifying requests, and knowing when to escalate suspicious activity.

The Bottom Line: We Can Help

Organizations should prioritize risk assessments, invest in appropriate technologies, foster a culture of security, and develop incident response plans tailored to the OT landscape. By taking proactive steps, industries can safeguard their operations, protect public safety, and ensure resilience against an increasingly complex threat environment.

The organizations that thrive are those that embrace this reality. They build layered defenses, foster collaboration between IT and OT teams, and approach security not as an afterthought, but as a core enabler of safe, reliable operations.

Learn more about Forescout’s OT security capabilities, customers, and technology and the Forescout 4D Platform™.

 

Real-World OT Security Proof

This isn’t theory. Our platform is actively protecting some of the most complex environments in the world. For example, in one customer, we provide visibility across 1M+ endpoints, 30,000+ switches, and 6,000+ wireless controllers.

A major energy company uncovered over 235,000 assets in just one week, revealing an 80% gap in visibility compared to previous tools.

A Florida medical center identified dozens of biomedical and environmental devices that were previously invisible – enhancing patient safety and network control.

NJ TRANSIT uses Forescout’s data to drive accurate, real-time cybersecurity decisions across a massive transportation infrastructure.

U.S. state government agency now leverages Forescout for critical situational awareness, allowing it to proactively resolve risks before they escalate.

See how we helped University Hospitals Birmingham when it consolidated four hospitals – without needing to expand security staff:

As IT and OT environments continue to converge, security leaders need simplicity, automation, and platform interoperability -not more complexity. You can’t patch what you don’t know. You can’t protect what you can’t see. And you can’t automate what you haven’t defined.

Security starts with visibility. But it scales with control.

And that’s where we lead.