OT & IoT Systems Under Attack!

Cyber threats against critical infrastructure are evolving faster than ever—and outdated OT and IoT systems are a prime target. In this episode of Securing the Future, Jesse Meadors and Ramin Lemay sit down with Liran Chen, a cybersecurity veteran with 25+ years of experience, to discuss the growing risks and what security leaders must do NOW to stay ahead.

🔥 Topics Covered in This Episode:

• The 24+ billion IoT device problem and why it’s a hacker’s paradise
• How outdated OT systems (from hospitals to power grids) create massive security gaps
• Real-world cyber threats targeting critical infrastructure—ransomware, espionage & nation-state attacks
• Why AI is both a security risk and a potential solution for OT security
• Actionable strategies to secure unmanaged devices & legacy systems

📢 Who should watch/listen?

If you’re a CISO, IT/OT security leader, or risk management professional, this episode is packed with critical insights you can’t afford to miss!

‍

🎙️ Podcast Summary:

• Explosion of IoT/OT Devices:
  • Estimated 24B+ devices today, expected to reach 30B+ in 5 years.
  • Many are "unmanaged" – they lack operating systems or agents and run outdated firmware.
• Attack Surface Expansion:
  • IoT devices are often unpatched, unsecured, and have long life cycles (e.g., MRI machines running Windows XP).
  • This creates persistent vulnerabilities across industries.
• Examples of Risk:
  • Home treadmills and smart devices can be silently compromised.
  • Healthcare devices expose patients to both data and life safety risks.
  • Cars, building automation systems, and medical machinery are now all IoT-connected and attackable.
• Industry Maturity Levels:
  • Financial sector: Better resourced and aware but highly targeted.
  • Healthcare: Most challenging due to regulations (HIPAA, FDA), device longevity, and complex environments.
  • Manufacturing: Slower to adopt IT-OT convergence practices.
• Common Attack Vectors:
  • Default passwords like “admin/12345” still prevalent.
  • Lack of MFA, segmentation, and outdated firmware are widespread issues.
  • State-sponsored actors (e.g., Volt Typhoon) exploit vulnerabilities in routers, VPNs, and OT gateways.

‍

🛠️ Solutions and Strategies:

1. Asset Inventory: Start with visibility – know every device, what it’s running, and where it’s located.
2. Vulnerability Management: Use tools to identify firmware/software flaws (e.g., SBOM – Software Bill of Materials).
3. Segmentation: Adopt models like Purdue to isolate networks and reduce lateral movement.
4. Compensating Controls: Firewalls, secure remote access, and intrusion prevention for legacy systems.
5. Collaboration: Encourage IT and OT teams to work together, share knowledge, and align on security.

‍

🤖 Role of AI:

• Helps prioritize risks by analyzing massive datasets (asset inventories, threat intel).
• Future use: Predictive cybersecurity – anticipate which devices will be targeted based on context.
• Long-term potential: Automate patching, password rotation, or segmentation actions with minimal human input (though availability risk must be managed carefully).

‍

💡 Final Advice from Liron Chen:

• “Go back to the basics.”
  • Visibility, vulnerability awareness, and asset management.
  • Focus on process and maturity rather than seeking a silver bullet.
  • Walk with your peers, share knowledge, and evolve security culture.

‍