Bridging the gap between IT and OT: Strengthening resilience through cybersecurity

The worlds of information technology (IT) and operational technology (OT) are converging faster than ever — and for manufacturers, that brings both opportunity and risk.

The line between digital systems and physical operations becomes thinner all the time as smart factories, connected devices and autonomous production systems reshape industries such as manufacturing, pharmaceuticals, transportation and oil and gas.  

While this convergence fuels productivity and innovation, it also invites an expanded array of industrial cyberthreats that can halt production, endanger safety and incur millions of dollars in damages.

Smart manufacturing initiatives and industrial internet of things (IIoT) deployments will continue to enable unprecedented levels of automation and real-time decision making in manufacturing environments.

This evolution is driving the proliferation of smart factories worldwide, where interconnected systems communicate seamlessly to optimize production workflows, reduce waste and enhance quality control.

As these intelligent manufacturing ecosystems mature, they enable manufacturers to respond dynamically to market demands, adjust production parameters in real-time and achieve levels of operational efficiency previously unattainable with traditional manufacturing approaches.

For example, a Rockwell Automation report reveals that oil and gas companies are experiencing a major shift through rapid digitalization and advanced technology integration. The industry is moving from isolated technology deployments to fully integrated digital ecosystems, with over 50% of leaders reporting that technologies like cloud computing, cybersecurity and AI are already disrupting operations.

Unfortunately, there are limits to how “smart” factories can be. Legacy systems running on outdated operating systems such as Windows XP and older Linux distributions will remain prevalent in manufacturing environments for years to come. These systems, which have operated reliably for decades, are often prohibitively expensive or operationally disruptive, given the high costs and extensive downtime required for wholesale upgrades.

The vulnerabilities inherent in these aging platforms will persist, making them attractive targets for cybercriminals. This reality is one driver of why manufacturing OEMs are now embedding cybersecurity and data resiliency capabilities directly into their industrial equipment, enabling organizations to protect legacy infrastructure without requiring disruptive system replacements.

Even as unsupported systems remain in manufacturing environments, more modern technologies are also becoming more prevalent. For instance, cloud-based analytics platforms are now essential for predictive maintenance and quality control. Why? Because cloud-based platforms can use machine learning algorithms to analyze vast amounts of sensor data from production equipment and identify patterns that indicate potential failures before those failures occur.

By processing real-time telemetry from programmable logic controllers (PLCs), SCADA systems and internet of things (IoT) sensors, cloud-based analytics enable manufacturers to shift from reactive maintenance schedules to predictive strategies that minimize unplanned downtime. For quality control, these platforms correlate production parameters with product outcomes, automatically detecting deviations from specifications and enabling immediate corrective actions.

The ability to aggregate and analyze data across multiple facilities also provides manufacturers with enterprise-wide visibility into operations, making possible continuous improvement initiatives and informed strategic decision-making.

So, there are many positives for manufacturers in the convergence of IT and OT, including the ability to produce more rapidly and with fewer errors, lower costs and less human intervention.

However, there are also major challenges. The same connectivity that drives efficiency also introduces risk. For instance, a recent ransomware attack targeting a Jaguar Land Rover (JLR) supplier severely disrupted the automaker’s global production and demonstrated how a single compromised system in the supply chain can cripple a manufacturing network. The JLR attack demonstrates why security controls must cover both IT and OT as the two technologies continue to come together.

The convergence of IT and OT has expanded the attack surface far beyond traditional factory boundaries. Modern threats target PLCs, human-machine interfaces (HMIs) and other industrial control systems (ICSs). For instance, modern ransomware variants have specifically pursued manufacturing environments, exploiting unpatched OT systems and shared IT/OT networks.

A prominent example involves malware called FrostyGoop, the first industrial control system (ICS) malware to use the Modbus industrial communication protocol to cause physical disruption to operational technology. FrostyGoop highlights the growing threat to critical infrastructure as attackers increasingly target industrial control systems.

Even trusted OEM software or third-party components can introduce hidden risks, as highlighted in real-world manufacturing breaches.

Technicians accessing systems from legacy or unmanaged endpoints can inadvertently expose critical control systems. And regulatory pressure is constant, as frameworks such as NIS2 and IEC 62443 demand risk-based security programs with documentation, monitoring and response capabilities tailored to OT environments.

Those are evergreen security risks, but Acronis research highlights several other distinct trends:

The widespread use of TCP/IP-based industrial protocols across critical infrastructure systems creates significant security risks. Protocols like Modbus/TCP, which facilitate communication between SCADA systems and PLCs in sectors including energy, water treatment, transportation and healthcare, were designed decades ago without security considerations.

These protocols often lack authentication, encryption or integrity checking mechanisms, making them vulnerable to man-in-the-middle attacks, command injection, and unauthorized control modifications. As legacy systems continue operating with these inherent protocol vulnerabilities, the attack surface for critical infrastructure remains dangerously exposed.

Sophisticated threat actors increasingly deploy remote access trojans (RATs) specifically designed to compromise industrial control systems. These malware variants establish persistent backdoor access to OT networks, enabling attackers to monitor operations, exfiltrate sensitive process data and maintain long-term control over industrial systems.

Unlike traditional IT-focused RATs, OT-targeted variants are engineered to communicate with industrial protocols, manipulate control logic and evade detection by traditional security tools. The stealthy nature of these threats allows adversaries to conduct reconnaissance for extended periods before launching disruptive attacks, making them particularly dangerous for continuous production environments where detection capabilities may be limited.

Artificial intelligence is rapidly becoming a force multiplier for cybercriminals targeting OT environments. AI-driven attack tools can automatically identify vulnerabilities in industrial systems, adapt attack vectors in real time to evade detection and optimize ransomware encryption strategies for maximum operational impact.

Machine learning algorithms enable threat actors to analyze normal operational patterns and craft attacks that blend into legitimate traffic, significantly increasing the difficulty of detection. Additionally, AI assists in automating the discovery of zero-day vulnerabilities in industrial protocols and control systems, accelerating the development of targeted exploits.

As these AI-enhanced attack capabilities become more accessible through criminal marketplaces and open-source tools, manufacturers face an increasingly asymmetric threat landscape where defenders must counter adversaries armed with advanced automation and intelligence capabilities.

With the rapid proliferation of sophisticated threats, the bottom line for manufacturers is that IT cybersecurity and OT operational continuity are inseparable goals. Every attack recovery plan must include a tested, rapid path back to production.

But strengthening OT cybersecurity requires both cultural and technical evolution. The Purdue model, still the standard for manufacturing setups, once strictly separated IT and OT layers. Now, however, it is transforming to accommodate cloud integrations and edge computing. Modern resilience strategies focus on visibility, segmentation and recovery readiness:

• Zero trust access control – Implement a zero trust security architecture that assumes no user, device or network connection is inherently trustworthy.
• Incident response planning (IRP) – Develop and maintain comprehensive incident response plans specifically tailored to OT environments, recognizing that OT incidents often involve safety considerations and operational continuity requirements that differ significantly from pure IT incidents.
• Penetration testing and risk assessments – Conduct regular penetration testing and comprehensive risk assessments designed specifically for OT environments to identify vulnerabilities before attackers can exploit them.
• Comprehensive asset visibility: Know every device, its firmware version and location within the network.
• Network segmentation: Isolate critical control systems to prevent lateral movement during an attack.
• Integrated backup and disaster recovery: Ensure that system images, configurations and data can be restored at the click of a button to resume operations rapidly.
• Patch and vulnerability management: Prioritize updates for both IT and OT systems, reducing exploitable weaknesses across hybrid environments.
• Security awareness and workforce training: Train employees to identify phishing attempts, rogue devices or unsafe maintenance practices.

Acronis Cyber Protect unifies cybersecurity, data protection and disaster recovery in a single platform, safeguarding increasingly interconnected IT/OT environments from modern threats.

As leading analysts recognize, Acronis Cyber Protect combines backup, disaster recovery, anti-malware, patch management, and endpoint protection in one natively integrated platform. This holistic approach supports organizations seeking to strengthen OT security frameworks while also enabling them to maintain uptime and performance.

That means OT operators can:

• Achieve instant recovery after cyber incidents thanks to one-click data restoration that any employee can perform — even without any IT expertise.
• Automate patching and updates without disrupting production processes.
• Deploy threat detection powered by AI to identify anomalous behavior across both IT and OT systems.
• Maintain regulatory compliance (e.g., IEC 62443, NIS 2) with centralized monitoring, reporting and protection policies.

"The seamless and reliable backup and recovery solutions offered by Acronis not only ensured the safety of our critical data, but also improved our overall business continuity," says Nicolas Jacobus Els, Technical Operations Manager, Digital Industries (Sasol). 

As IT/OT convergence accelerates, operational resilience depends on a cybersecurity approach that aligns the NIST requirements of IT — govern, identify, protect, detect, respond, recover — with OT in one unified strategy.

Manufacturers, utilities, pharmaceutical companies, power and energy providers and critical infrastructure providers know that downtime is not just an inconvenience. It’s a business risk that can cascade across global supply chains. But they must also understand that preventing downtime requires securing both IT and OT environments as they converge.

With Acronis Cyber Protect, organizations can unify IT and OT protection, recover instantly from any incident and maintain operational continuity with confidence — no matter how complex their environments become. IT/OT convergence is both inevitable and positive. And with the right defenses, it doesn’t have to compromise security.