“State of CPS Security 2025: OT Exposures” Reveals the OT Device Exposures Most Coveted for Exploitation by Adversariesย
Claroty, the cyber-physical systems (CPS) protection company, today released a new report revealing the exposures that are most coveted for exploitation by adversaries in operational technology (OT) devices. Based on analysis of almost one million OT devices, theย “State of CPS Security 2025: OT Exposures”ย report found over 111,000 Known Exploitable Vulnerabilities (KEVs) in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with more than two-thirds (68%) of the KEVs being linked to ransomware groups. Based on analysis of almost one million OT devices, the report uncovers the riskiest exposures for enterprises amid rising threats to critical sectors.
Also Read:ย Secure with Simplicity: Why IT Teams Need Better Backup Processes
In the report, Claroty’s award-winning research groupย Team82ย examines the challenges industrial organizations face when identifying which KEVs in OT devices to prioritize for remediation. It highlights how understanding the intersection of these vulnerabilities with popular threat vectors, such as ransomware and insecure connectivity, can help security teams proactively and efficiently minimize risk at scale. With offensive activity rising from state-sponsored threat actors, the report details the risk critical sectors face from OT assets communicating with malicious domains, including those fromย China,ย Russia, andย Iran.
“The inherent nature of operational technology creates obstacles to securing these mission critical technologies,” saidย Grant Geyer, Chief Strategy Officer at Claroty. “From embedding offensive capabilities in networks to targeting vulnerabilities in outdated systems, threat actors can take advantage of these exposures to create risks to availability and safety in the real world. As digital transformation continues to drive connectivity to OT assets, these challenges will only proliferate. There is a clear imperative for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy to ensure they can make remediation efforts as impactful as possible.”
Also Read:ย TrueData Introduces Low-Latency Identity API That Fits Into Any Data Workflow
Key Findings:
- Of the close to one million OT devices analyzed, Team82 found that 12% contain KEVs, and 40% of the organizations analyzed have a subset of these assets insecurely connected to the internet.
- 7% of the devices are exposed with KEVs that have been linked to known ransomware samples and actors, with 31% of the organizations analyzed having these assets insecurely connected to the internet.
- 12% of organizations in the research had OT assets communicating with malicious domains, demonstrating that the threat risk to these assets is not theoretical.
- The manufacturing industry was found to have the highest number of devices with confirmed KEVs (over 96,000) with over two-thirds (68%) of them being linked to ransomware groups.
[To share your insights with us as part of editorial or sponsored content, please write toย psen@itechseries.com]
