expert
OPINION
The threat landscape increases with every new technology layer – new vulnerabilities, attack surfaces and intrusion methods.
treated as a black box: sensitive, legacy-bound and not to be tampered with.
However, the nature of threat actors has evolved. We now see that OT environments – those responsible for energy grids, water utilities, manufacturing plants and transportation systems – have become primary targets. These systems control real-world processes and affect real lives. Any compromise can have catastrophic consequences – not just business disruption but national or international fallout.
Also, OT environments are notoriously difficult to update. Many are still running on decades-old systems, like Windows XP because downtime could halt production. Yet, these legacy systems were never designed with cybersecurity in mind. They are vulnerable by default.
There also is a shortage of knowledge and capability regarding securing OT. It’ s a completely different discipline from IT security. You need tools designed for industrial protocols and people who understand engineering and cyber. That’ s a rare combination.
This is why Positive Technologies has been working in the OT space for over 10 years now. Especially with increasing geopolitical tensions, we’ ve seen that threat actors – particularly advanced persistent threat( APT) groups – aren’ t always financially motivated.
Their aim is disruption on a national level. Unfortunately, OT is a prime target for that kind of attack. Thus, the focus on OT security isn’ t just important – it’ s now essential.
However, the tide is turning. We’ re seeing more organisations invest in dedicated OT SOCs( Security Operations Centres), more awareness campaigns and more vendors – like us – offering integrated solutions tailored to this space.
How can organisations stay ahead of AI-powered threats?
AI and Machine Learning have become indispensable in modern cybersecurity – not because they’ re buzzwords, but because they solve a real problem: data overload. The volume of logs, alerts, threat intelligence feeds and anomaly signals that security teams must analyse is staggering. No team of analysts, no matter how skilled, can manually process everything in real-time.
We are using AI to support our experts – not replace them. Our AI capabilities help sift through the noise, identify genuine threats, prioritise responses and offer recommended actions. It’ s about accelerating the response loop and giving security professionals time to focus on what matters.
That said, we must be cautious about overpromising what AI can do. It’ s a powerful tool, but it must be embedded wisely. It won’ t stop an attack on its own, but it can ensure that the right people see the right warning signs at the right time – and that can make all the difference.
How should businesses secure applications against fast-evolving, intelligent attacks?
Application security is a perfect example of where a proactive mindset is needed. Many businesses still treat security as a final checklist item – something you do just before an app is released. This is too late.
We advocate a DevSecOps approach – security built into every development lifecycle stage. That means scanning for vulnerabilities as the code is written, training developers on secure coding practices and automating testing throughout the pipeline.
Fixing vulnerabilities in the early stages is more secure and vastly more cost-effective. If a security flaw is caught just before launch – or worse, postlaunch – it becomes a major headache. But if the developer sees it in real-time and addresses it immediately, it never becomes a problem.
Our message to businesses is clear: treat security as part of the development process, not an afterthought.
Can you share a real-world example where PT Network Attack Discovery helped stop a cyberthreat?
One common scenario concerns hidden threat actors – individuals or groups that breach a network and lie dormant for extended periods. There’ s a misconception that hackers are always fast and aggressive. In reality, many prefer to stay undetected for months or even years.
In one case, a client noticed a massive spike in their cloud bill. Upon investigation, we discovered that their infrastructure had been compromised. Attackers had spun up a separate, cloned
42 WWW. INTELLIGENTCISO. COM