"State of CPS Security 2025: OT Exposures" Reveals the OT Device Exposures Most Coveted for Exploitation by Adversaries
NEW YORK, Feb. 4, 2025 -- Claroty, the cyber-physical systems (CPS) protection company, today released a new report revealing the exposures that are most coveted for exploitation by adversaries in operational technology (OT) devices. Based on analysis of almost one million OT devices, the "State of CPS Security 2025: OT Exposures" report found over 111,000 Known Exploitable Vulnerabilities (KEVs) in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with more than two-thirds (68%) of the KEVs being linked to ransomware groups. Based on analysis of almost one million OT devices, the report uncovers the riskiest exposures for enterprises amid rising threats to critical sectors.
In the report, Claroty's award-winning research group Team82 examines the challenges industrial organizations face when identifying which KEVs in OT devices to prioritize for remediation. It highlights how understanding the intersection of these vulnerabilities with popular threat vectors, such as ransomware and insecure connectivity, can help security teams proactively and efficiently minimize risk at scale. With offensive activity rising from state-sponsored threat actors, the report details the risk critical sectors face from OT assets communicating with malicious domains, including those from China, Russia, and Iran.
"The inherent nature of operational technology creates obstacles to securing these mission critical technologies," said Grant Geyer, Chief Strategy Officer at Claroty. "From embedding offensive capabilities in networks to targeting vulnerabilities in outdated systems, threat actors can take advantage of these exposures to create risks to availability and safety in the real world. As digital transformation continues to drive connectivity to OT assets, these challenges will only proliferate. There is a clear imperative for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy to ensure they can make remediation efforts as impactful as possible."
Key Findings:
- Of the close to one million OT devices analyzed, Team82 found that 12% contain KEVs, and 40% of the organizations analyzed have a subset of these assets insecurely connected to the internet.
- 7% of the devices are exposed with KEVs that have been linked to known ransomware samples and actors, with 31% of the organizations analyzed having these assets insecurely connected to the internet.
- 12% of organizations in the research had OT assets communicating with malicious domains, demonstrating that the threat risk to these assets is not theoretical.
- The manufacturing industry was found to have the highest number of devices with confirmed KEVs (over 96,000) with over two-thirds (68%) of them being linked to ransomware groups.
To access Team82's complete set of findings, in-depth analysis, and recommended security measures in response to vulnerability trends, download the "State of CPS Security 2025: OT Exposures" report.
Methodology
The "State of CPS Security 2025: OT Exposures" report is a snapshot of the vulnerability and exposure trends to OT devices across the manufacturing, logistics and transportation, and natural resources sectors observed and analyzed by Team82, Claroty's threat research team, and our data scientists.
About Claroty
Claroty has redefined cyber-physical systems (CPS) protection with an unrivaled industry-centric platform built to secure mission-critical infrastructure. The Claroty Platform provides the deepest asset visibility and the broadest, built-for-CPS solution set in the market comprising exposure management, network protection, secure access, and threat detection – whether in the cloud with Claroty xDome or on-premise with Claroty Continuous Threat Detection (CTD). Backed by award-winning threat research and a breadth of technology alliances, The Claroty Platform enables organizations to effectively reduce CPS risk, with the fastest time-to-value and lower total cost of ownership. Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America. To learn more, visit claroty.com.
This News is brought to you by Qube Mark, your trusted source for the latest updates and insights in marketing technology. Stay tuned for more groundbreaking innovations in the world of technology.
