Visit our Content Hub!
Access free downloadable content curated by our editors.

Cybersecurity Risk 101: The Difference Between IT and OT Attacks

There are two categories of cyberattacks that increase cybersecurity risk and create a potential avenue for cybercriminals to access the organization.

The difference between IT and OT cybersecurity attacks.
The difference between IT and OT cybersecurity attacks.

According to “2021 Cybersecurity: Assess Your Risk,” a new report from PMMI Business Intelligence, Information Technology (IT) attacks “specifically target the enterprise IT systems at a manufacturer, seeking to gain entry through vectors such as email, a CRM system, or an ERP program, which can span across an operation.”

Operational Technology (OT) attacks “are designed to exploit the systems that are directly on the plant floor. An OT attack can originate through vectors such as individual sensors on the production line, SCADA/HMI panels, or even unsecured PLCs.” Said one CEO of a software security partner, “There have also been malware attacks on motion and vision systems on the plant floor, therefore it is imperative that manufacturers know their updates are only coming from trusted suppliers.”

While the IT and OT networks in an organization are distinct and separate entities, they can be connected to some extent, causing vulnerabilities to both ends of the operation. An example of this type of cybersecurity risk would be having access to an ERP system directly on the plant floor.

More on OT: Safeguarding Robots and Components

There are detected vulnerabilities in both robotics and smart components on individual machines, and those that are connected to the enterprise network, or even directly to the internet. Robotics can be programmed with malicious code in hopes of disrupting production and potentially damaging the surrounding environment, while components like PLCs can be accessed to gain real-time visual surveillance of an operation.