By Challenge
By Industry
Featured content
From Blind Trust to Full Visibility: How to Take Control of Third-Party OT Access
Can Cybersecurity Drive Growth? The Strategic Role of Secure Remote Access in Manufacturing
Secure Your Legacy OT Systems with Zero Downtime or Disruptions
Cyolo Unveils Major New Capabilities, Expanding Secure Remote Access Coverage for OT and Cyber-Physical Systems
In late October 2025, the Canadian Centre for Cyber Security (CCCS) issued Alert AL25-016, warning that multiple industrial control systems across Canada – from water treatment facilities to agricultural sites – had been manipulated through internet-accessible devices.
Unfortunately, the threats leading to this alert are not isolated. Instead, they reveal a long-standing problem: operational technology (OT) that’s quietly – but dangerously – visible to the internet.
What’s new, however, is how rapidly attackers (and their tools) can now exploit such exposures. Now that AI-enabled scanning and automated reconnaissance are becoming the norm, the margin for error is smaller than ever. And connectivity without adequate governance is just a breach waiting to happen.
From Visibility to Vulnerability
OT exposure is a global and persistent issue. Recent research into publicly accessible operational technology, published by Cornell University, identified nearly 70,000 exposed OT devices across more than 150 countries – most using legacy, insecure protocols like ModbusTCP, EtherNet/IP, and S7. No encryption. No authentication. No patching.
Attackers today don’t need sophisticated exploits when they can directly talk to a controller, change a setpoint, or shut down a process from thousands of miles away from the target site.
And making life even easier for the bad guys, the same research found that many devices still run firmware with known vulnerabilities dating back as far as 2018.
The AI Factor: How Automation Changes the Game
What once required deep domain expertise now takes only curiosity and an internet connection.
Automated scanning tools provide searchable views into global ICS exposure. When combined with AI capabilities, these tools can classify and label exposed Human Machine Interfaces (HMIs) and SCADA dashboards in seconds.
And attackers no longer need to search blindly. AI can recognize process diagrams, equipment names, and even on-screen temperatures or flow readings – all from publicly accessible IPs. This automation dramatically shortened the time between exposure and exploitation.
The Real Problem Isn’t New Threats – It’s Old Habits
Notably, the growing frequency of alerts about OT exposure doesn’t necessarily reflect an increase in new threats. Rather, it indicates a failure to act on known ones and effectively close existing security gaps.
Each advisory, whether it’s issued by CCCS, the United States’ Cybersecurity and Infrastructure Security Agency (CISA), or the UK’s National Cyber Security Centre (NCSC), consistently emphasizes the same core principles for protecting connected industrial systems:
Identify and inventory all internet-facing and remotely accessible assets
Eliminate or restrict unnecessary exposure to the internet
Enforce strong, multi-factor authentication and access controls
Continuously monitor network activity and system logs for anomalies
Yet too many organizations still allow direct remote connections to PLCs and engineering workstations. Often this is for the sake of “convenience” or to reduce costs. Unfortunately, that convenience is now being weaponized, and what was initially seen as a cost-saving measure can turn out to be terribly expensive.
How to “Unexpose” OT: Practical Steps for Secure Connectivity
If your control systems are still visible online, start with these 5 steps:
Remove public IP assignments. Nothing should be directly reachable from the internet.
Close unnecessary ports and harden firewalls. Visibility should be deliberate, not accidental.
Implement a DMZ or segmented layer. Separate IT from OT so you can monitor and control data flow safely.
Use identity-based remote access. Authenticate every user and device before entry — ideally with multi-factor authentication (MFA) and session monitoring.
Log and review all access activity. Visibility into who connects, when, and why is non-negotiable.
How Cyolo Helps You Stay Connected (But Not Exposed)
Here’s the reality: Despite the risks of connectivity, industrial enterprises are not going to return to the previous era of isolation. Operations teams have become accustomed to remote work, and remote vendor maintenance keeps uptime high. But exposure risks still can be ignored.
This is where Cyolo comes in.
Cyolo’s remote privileged access solution acts as a secure bridge, connecting only authorized users and devices to critical OT assets through private gateways, with no public exposure.
When used alongside traditional cybersecurity defenses like segmentation, firewalls, and DMZs, the Cyolo solution helps ensure that remote work, third-party vendor access, and operational continuity remain possible – without exposing industrial networks or jeopardizing worker safety.
With Cyolo, industrial enterprises can:
Enable secure remote access even to air-gapped and legacy OT systems.
Connect third-party vendors securely to critical assets, without VPNs or agents.
Gain visability and control over remote access sessions.
Simplify compliance and oversight with identity-based access controls, logging, and advanced supervisory capabilities.
Securing OT doesn’t mean giving up the benefits of remote work or IT/OT convergence. It means connecting systems thoughtfully and intelligently, with the right controls to manage that connectivity in a safe, secure way.
Subscribe to Our Newsletter
