67c9e7d767fd1f693820abef Dreamstime M 92824317

Another new cybersecurity study shows risks to OT can’t be ignored

March 7, 2025

Paper from Palo Alto Networks and Siemens emphasizes the risks to SCADA systems and OT devices connected to the public internet.

Scott Achelpohl

What you’ll learn:

82.7% of internal exploit attempts happened in the manufacturing sector alone.
Exploitation of remote services was a leading cause of incidents in OT networks.
The Palo Alto-Siemens study joins a quarterly assessment from Reliaquest that had particular warnings about "spearphishing" and manufacturing’s ongoing nemesis, ransomware.

This is a year when cybersecurity in manufacturing will be a continual emphasis at Smart Industry. Consider this a service to our audience in 2025, since we’re barely into March and another study has shown that the issue of system and software security, particularly on the operational technology side of the house, is flashing another red alert.

The new research from Palo Alto Networks and Siemens examined the increasing risks to supervisory control and data acquisition (SCADA) systems (which use sensors to collect data on factory machine parameters like temperature, pressure, and voltage) and OT devices that are connected to the public internet.

Some of the findings from the paper, released late last month, showed:

82.7% of internal exploit attempts happened in manufacturing alone.
79.9% of detected malware in OT networks was classified as unknown, underscoring the growing challenge of identifying and mitigating novel threats.
61.9% of exploit triggers in OT networks were caused by vulnerabilities that are 6 to 10 years old.
Exploitation of remote services was a leading cause of OT network incidents, responsible for 20%.

As other research has emphasized, IT and OT convergence is widening the cyberattack surface for critical infrastructure, the Palo Alto/Siemens study points out, “making these systems increasingly vulnerable to cyberattacks with potentially severe operational and physical consequences.”

Crystal Ball 2025: Trends that will reshape private content security

Another early 2025 release from cybersecurity company ReliaQuest also brought these problems into sharp focus, sending up warnings about “spearphishing” (the fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information) and ransomware specifically.

The ReliaQuest study—taken from its Aug. 1, 2024, to Jan. 31, 2025, reporting period—saw a 130% surge in abuse of external remote services (ERS); a 24% increase in ransomware groups targeting the manufacturing sector; and spearphishing ranked as the top attack method.

As that report notes, spearphishing is an increasingly popular tactic because attackers who use this tactic can prey on the entire supply chain, “on the everyday flow of business; attackers send spearphishing emails that look routine—like a supplier requesting payment—and wait for a misstep.”

What is your company doing about cybersecurity?

About the Author

Scott Achelpohl

I've come to Smart Industry after stints in business-to-business journalism covering U.S. trucking and transportation for FleetOwner, a sister website and magazine of SI’s at Endeavor Business Media, and branches of the U.S. military for Navy League of the United States. I'm a graduate of the University of Kansas and the William Allen White School of Journalism with many years of media experience inside and outside B2B journalism. I'm a wordsmith by nature, and I edit Smart Industry and report and write all kinds of news and interactive media on the digital transformation of manufacturing.