As we enter 2025, cybersecurity leaders in critical infrastructure industries—pharmaceuticals, manufacturing, and utilities—face the growing challenge of protecting operational technology (OT) environments against increasingly sophisticated cyberattacks. These critical industries are not only the backbone of our modern economies but also prime targets for a new wave of cybercriminals—some nation-state-backed actors—seeking to cause disruption, take down critical infrastructure, and extort their targets.
As we advance into this dangerous new era, ARIA outlines five New Year’s resolutions that OT cybersecurity leaders should prioritize in 2025.
1. Calculate Your Cost and Risk Profile
Cyberattacks on OT are not only increasing in frequency but also in their financial impact. In the past three years, we have tracked more than 700 sophisticated attacks specifically targeting OT environments. The 2023 attack on Clorox, for example, forced the cleaning products giant to switch entirely to manual production scaling back output significantly for several months, leading to a 28 percent drop in sales and over $50 million in losses.
Companies must therefore have the ability to quantify the potential cost of an attack, as well as the likelihood of it happening. ARIA estimates that, for a company with $120 million in annual revenue, a production disruption lasting two months could result in a risk cost of $1.5 million. Every company should seek to put a dollar value on their own cyber risk—and prioritize their cybersecurity investments accordingly.
2. Understand Your Attack Surface
It can be difficult to fully assess the attack surface in OT environments. Some legacy devices can be decades old and not designed to connect with the outside world. Because these devices are often difficult to update without taking critical systems offline, they are typically left unprotected or else rely on IT-focused cybersecurity solutions that are ill-suited for OT environments.
This mix of legacy and modern technologies—many of which were never intended to integrate into current security frameworks—exponentially increases the attack surface, creating numerous entry points for new attacks. Additionally, many OT devices are continuously connected to wider networks, often with direct or indirect links to IT systems. It is therefore essential for companies to prioritize the risk assessment of the OT environment for potential outages, for weeks at a time.
3. Assess Your Current Defenses
Companies with modern cybersecurity defenses may assume their OT is fully protected. Unfortunately, we know this is not the case. While active defenses (such as endpoint protection and NGAV) are designed to block known attacks, they have been proven to be ineffective against zero-day exploits, supply chain attacks, and nation-state-backed cyberattacks. In fact, after the CrowdStrike inadvertent attack on their base of customers, these solutions also present significant risk if set to take untested cloud updates. Meanwhile, passive defenses, such as intrusion detection systems (IDS) and firewalls, can identify suspicious activity but do not actively prevent attacks or limit lateral movement. They also fail to address threats that come through trusted third parties, such as suppliers and contractors.
ARIA calculates that active defenses only block around 20 percent of today’s OT attacks, while passive defenses only prevent around 15-30 percent, leaving OT exposed to the majority of today’s attacks. Companies must set objectives to discover if their current defenses are fit for purpose or whether they’ve been lulled into overestimating their effectiveness.
4. Implement Zero Trust
A Zero Trust security model is critical for OT environments, which means not only every user, but every application should be verified before being granted access to run. Unlike traditional cybersecurity frameworks, which often assume every application that appears is trustworthy, Zero Trust in OT operates under the assumption that no application can be trusted by default. This is the only way to eliminate the risks associated with insider attacks and compromised third-party access.
Meeting the Zero Trust principles requires a lock-down mechanism that protects critical infrastructure applications from a variety of attacks—wherever they come from. This means using AI-based countermeasures to immediately stop attacks as they land, locking down vulnerable systems before damage can occur. Cloud-based solutions that rely on pushing down signatures and IOC updates for known attacks cannot protect devices against the fast-evolving, polymorphic malware of this decade. Companies must therefore resolve to find and deploy solutions that meet the unique demands of OT systems without taking them off-line—while delivering on the Zero Trust promise.
5. Maximize Your Resources
There’s another reason NGAV and EDR tools are not fit for purpose. They are complicated to deploy in constrained OT environments, requiring significant human resources to operate. Installing an update that has not been thoroughly tested can have disastrous consequences, as evidenced by the global outage caused by the faulty Crowdstrike update last summer. But these human-led processes can quickly become untenable as they move to an operationally intensive mode of testing updates weekly, requiring near full-time skilled IT resources available to ensure the reliability of updates before deploying.
Companies focused on production output cannot afford to spend millions of dollars a year on specialist staff or contract services in addition to paying for the cybersecurity tools they already use. Nor can they afford to take their systems down for long periods. Instead, companies must seek to deploy solutions that are easy to manage, fully automated, and capable of protecting critical systems with minimal human intervention.
By committing to these five resolutions in 2025, cybersecurity leaders can ensure they are taking the necessary steps to protect their organizations from this new era of attacks targeting OT environments.
At ARIA Cybersecurity, we’re addressing the unique challenges of OT with our AZT PROTECT™ solution. AZT PROTECT is a comprehensive AI-driven defense system that protects all your OT endpoints from– both known and unknown zero-day attacks. It never requires updates and provides continuous protection from the latest code-level attacks on your critical applications and protects legacy systems back to Windows XP SP2.
Contact ARIA today to learn how AZT PROTECT can help your organization achieve its cybersecurity goals and safeguard its revenue in 2025.