By Adrian Hia, Managing Director for Asia Pacific, Kaspersky
Industrial sectors face escalating cyber threats that jeopardize operations, safety, financial stability and further technological development. In 2024, 40% of industrial organizations globally reported cyber incidents according to Kaspersky. Proactive cybersecurity measures are no longer optional but a necessity to ensure business continuity, regulatory compliance and protection against costly breaches. By implementing these measures, businesses can mitigate risks, safeguard sensitive data and maintain operational integrity in an increasingly hostile cyber environment.
Foundational security includes visibility and risk prioritization
A robust cybersecurity strategy begins with complete visibility, knowing what needs to be protected and where the greatest risks lie. In industrial environments, where IT and OT systems intersect, this requires not only a comprehensive asset inventory but also a risk assessment methodology tailored to operational realities.
An accurate, continuously updated inventory of all hardware, software and network segments is critical for understanding the attack surface. Industrial environments demand special attention to ICS components, such as Programmable Logic Controllers (PLCs), human-machine interfaces (HMIs), and SCADA servers, which require different security measures than traditional IT assets. Automated discovery tools, particularly those using passive monitoring to avoid disrupting OT processes, help maintain real-time visibility while minimizing blind spots.
With a clear asset baseline established, organizations can conduct meaningful risk assessments that allow to meet corporate risk criteria and account for both cyber and physical consequences. OT-specific frameworks, such as the Purdue Reference Model, help segment networks into security zones, while penetration testing (Black Box, Grey Box, and White Box) reveals vulnerabilities from multiple attacker perspectives. Findings should provide detailed and actionable insights into how the identified vulnerabilities and risks relate to the production process, so that an organization could implement effective security measures.
This approach enables risk-based decision-making, ensuring security controls (network segmentation, patch management, access restrictions) are applied where they matter most. By quantifying risks in operational and financial terms, businesses can align cybersecurity investments with actual threats, safeguarding both productivity and safety.
Operational protection and threat detection
Once an organization has carried out a full asset inventory and risk assessment, it’ll be in a position to protect critical assets and detect emerging threats. In OT environments, where legacy and modern systems as well as real-time operations demand specialized security approaches, organizations need solutions that defend without disruption while maintaining constant vigilance for anomalies.
Industrial endpoints, such as PLCs, engineer workstation and HMIs, require security measures tailored to their operational constraints. Many runs on outdated operating systems (e.g., Windows XP) or lack traditional IT safeguards, making them vulnerable. Effective protection includes: Safe endpoint threat prevention methods; Whitelisting to block unauthorized software execution; Air-gapped update mechanisms for offline or sensitive environments; and Tunable system resource consumption.
These controls must support industrial protocols (Modbus, DNP3) and integrate seamlessly with automation systems to avoid operational disruptions. Because OT networks are complex and heterogeneous, attackers can operate undetected until damage occurs. Advanced detection solutions compensate by: Analyzing network traffic via Deep Packet Inspection (DPI) for malicious control commands; Leveraging machine learning to identify behavioral anomalies in devices or processes; Monitoring configurations for unauthorized changes (e.g., altered PLC logic); and Providing extended detection and response capabilities for hosts and networks.
When integrated with a Security Information and Event Management (SIEM) system, these capabilities enable centralized alerting, helping teams distinguish between cyber threats and operational malfunctions. For example, unexpected traffic patterns could indicate a cyberattack, or a misconfigured device needing maintenance.
By unifying protective controls with real-time monitoring, organizations can both harden their systems against known threats and rapidly detect emerging risks. This dual approach not only meets compliance standards (NERC CIP, IEC 62443) but also minimizes downtime, ensuring that security measures enhance, rather than hinder, industrial reliability.
Security audits and compliance
To ensure detection and protection is working, organizations must conduct regular security audits. These will validate whether an organization’s cybersecurity measures align with industry standards, regulatory requirements and internal policies. In industrial sectors, audits often focus on frameworks like IEC 62443, NIST CSF, or ISO 27001, which mandate specific controls for protecting critical infrastructure.
A robust audit process includes: policy reviews to ensure cybersecurity governance is in place; technical testing (e.g., vulnerability scans, configuration checks); gap analysis against compliance benchmarks; and remediation planning to address deficiencies.
For OT environments, audits must also assess physical security, access controls and third-party vendor risks. Findings should be documented and presented to executive leadership to secure ongoing investment in cybersecurity improvements.
Network segmentation for tighter control
The final piece in the puzzle is network segmentation (zones and conduits). Done well this can isolate critical systems and limit lateral movement in case of a breach. Based on standards like IEC 62443, this approach groups assets by function and risk level (e.g., safety-critical vs. non-essential).
Key benefits include: reduced attack surface by restricting unnecessary communication; improved monitoring through traffic filtering and encryption; and compliance adherence with industry regulations. Advanced tools like SD-WAN and ICS-aware firewalls enable dynamic segmentation while maintaining operational flexibility. Continuous refinement, using real traffic data and threat intelligence, ensures the architecture evolves with emerging risks.
Working with the experts
The OT systems outlined in this article undoubtedly add another layer of complexity for already stretched security teams. This is where purpose-built platforms, such as Extended Detection and Response (XDR) solutions designed for critical infrastructure, can make a meaningful difference.
By combining network-level traffic analysis and anomaly detection with endpoint protection for both modern and legacy industrial devices, platforms like Kaspersky Industrial CyberSecurity (KICS) help organizations simplify deployment and improve response. Working with a specialist third-party provider can accelerate maturity, ensure alignment with best practices and ultimately strengthen the resilience of both operations and infrastructure.
To learn more about industrial cyber resilience and ways to enable comprehensive protection of all the assets and processes, read out interactive guide.
