“The threat landscape for industrial control systems (ICS), operational technology (OT), and the Industrial Internet of Things (IIoT) is poised for significant evolution in 2025. It is likely more sophisticated attacks will leverage AI for increased accuracy – rather than using the technology to create malicious code – with the aim of making attacks harder to detect and defend against.

“Geopolitical events will translate into increased targeting of critical infrastructure, particularly in sectors like water/wastewater and utilities, with space/satellite systems also becoming prime targets. And in addition, the rise of wireless connectivity through drones, autonomous systems, and other devices will create more opportunities for exploitation, especially given the potential for misconfigurations and insecure deployments.

“While the adoption of secure remote access and best-of-breed security solutions is a positive trend, cost pressures and the need to scale will likely lead to significant churn in the OT security market. This transition period could introduce new vulnerabilities as organisations switch between solutions.

“Finally, the increasing reliance on hybrid SaaS models, while offering benefits, will also expand the attack surface for threat actors as more OT environments integrate with the cloud. Staying ahead of these evolving threats will require a proactive and adaptable security posture.”

Will the ICS/OT/IIoT industries improve in delivering secure products?

“While there will be some improvements, progress in delivering inherently secure ICS/OT/IIoT products is expected to be slow. Although traditional OT now offers multiple secure options, many repurposed IT/IoT and even consumer-grade devices are still being used in OT environments.

“Regulations and standards like the Cyber Security Act and Security of Critical Infrastructure (SOCI) will now require suppliers to provide a statement of compliance for devices supplied to the Australian market. 

“This will help mitigate some of the risks posed by less secure products, but overall, significant improvement in the inherent security of the products themselves will be gradual.”

Attack Surface Management

“The attack surface in industrial environments will increase. This is due to the growing number of IoT devices being deployed as part of digital transformation initiatives and the increased use of wireless communication. Additionally, as traditional IT environments strengthen their defences, industrial environments become a logical next target for attackers, further contributing to the expanding attack surface.”

Threat Intelligence – Will the importance of threat intelligence change in 2025? 

“The importance of threat intelligence will not diminish, but its application will evolve and become more critical in 2025. Automation in threat intelligence management will streamline analysis, reducing delays caused by manual processes. More accurate and curated IT and OT-specific threat intelligence feeds will further enhance the value of this information by reducing noise and information overload, allowing security teams to focus on actionable threats. As such, threat intelligence will be increasingly impactful as it becomes more efficient and relevant to specific industrial environments.”

Will adversaries attempt to manipulate or "poison" threat intelligence data?

“Adversaries are unlikely to attempt to manipulate or “poison” threat intelligence data in the near term (2025). This type of sophisticated manipulation is a longer-term strategy typically associated with state-sponsored APT groups and is less likely to be profitable for ransomware actors focused on more immediate financial gain.”

Expanding attack surfaces in non-traditional sectors highlight the urgent need for broader cybersecurity awareness and proactive defence:

“Cybersecurity is no longer just for IT. All industries, including entertainment, hospitality, and building management, to name just a few – are increasingly vulnerable. Interconnected systems, even those controlling air conditioning or elevators, are potential attack vectors. Attacks now target reputation as well as operations, and there is an urgent need for broader cybersecurity awareness and proactive security measures, especially for often-overlooked systems.”

Threat intelligence sharing is crucial for effective cybersecurity and requires greater public-private and international collaboration:

“Real-time threat intelligence sharing is crucial as cyber attacks continue to become more sophisticated – leveraging AI for speed and scale. To progress cyber security strategies, sharing intelligence and collaboration is key.

The recent amendments to the Cyber Security Act, states that any impacted entity may voluntarily report information in relation to ‘significant cyber security incidents’. The Australian Government may use any information shared, this could open the doors to greater information sharing between public and private entities.

While progress is being made, greater international collaboration is key. Nozomi contributes by sharing its own threat intelligence and integrating multiple feeds into its Guardian solution.”

Evolving cybersecurity regulations, including recent amendments to the Cyber Security Act, are driving higher global standards and increased international collaboration:

“New Australian cybersecurity regulations such as the Cyber Security Act and the Security of Critical Infrastructure (SOCI) are setting a global standard and will impact organisations worldwide in 2025. Even companies that are not Australian will likely face stricter requirements through supply chain pressure. Early adoption will offer a competitive advantage as global businesses prioritise secure partners.”

OT cybersecurity faces challenges from increasing regulations and budget constraints, but the market continues to grow amidst rising competition:

“Tight budgets, increased regulation, and a crowded vendor landscape are key challenges the OT cybersecurity industry will face in the coming months. Despite this, the market continues to grow, driven by rising cyber risk awareness and a growing attack surface.”

Automation, driven by AI, is crucial for addressing the growing volume of vulnerabilities, but OT adoption faces hurdles:

“Automation is essential for addressing the growing complexity of cybersecurity, and in particular AI-driven solutions in OT. While concerns about operational disruption persist, increasing automation adoption is crucial for managing vulnerabilities and evolving threats. AI should empower, not replace human expertise, and it will increase efficiencies in tasks like threat hunting and vulnerability assessment.”

Rapidly transforming cybersecurity landscape driven by AI, cloud migration, automation, and evolving supply chain risks:

“Generative AI, cloud migration, and the rise of 5G/LoRaWAN are the top three technologies that will reshape the cybersecurity landscape in 2025, creating both opportunities and vulnerabilities. Automated incident response and robust supply chain security will therefore be crucial to address the evolving threat environment. Protecting AI systems themselves is also paramount.”

ADDITIONAL COMMENTS

“Drone and satellite vulnerabilities are rapidly expanding the cybersecurity attack surface. Organisations must incorporate these ‘airspace’ threats into their security strategies. As we enter 2025 and beyond, research into these threat vectors and mitigation strategies is vital.”