06 Feb 2026
From IT security to OT: The next step in cyber resilience
As a consultant at PuraSec, I see that cybersecurity within SaaS and IT organisations has now largely matured. Concepts such as Zero Trust, cloud security and continuous monitoring are the norm there. That same expertise is now shifting to sectors such as industry, construction and infrastructure. With that, the necessary focus on Operational Technology (OT) is growing.
The vulnerability of connected systems
OT environments are increasingly linked to IT networks and cloud platforms, even though they were often not originally designed with security in mind. Take, for example, the Machinery Directive, which was recently converted into the Machinery Regulation: security is only addressed to a limited extent in this regulation. This makes these sectors vulnerable to disruptions and security risks.
Just as the IT sector went through earlier, OT is now on the eve of a necessary professionalisation process.
In industry, this process mainly concerns lifecycle planning and the controlled modernisation of production lines. Many factories currently rely on outdated technology, which leads to an increased risk of both technical failure and cyber incidents. This has made the factory floor a serious target for attack. A ransomware attack that shuts down a production line not only causes millions of euros in damage, but also enormous damage to reputation.
Translating IT to the factory floor
The professionalisation of OT requires specific measures that we are familiar with from IT, but translated to the operational reality:
- Network segmentation: Working with zones & conduits in accordance with the IEC 62443 standard.
- Monitoring: Monitoring security without disrupting production processes.
- Security Governance: Setting up policy and management, as we did years ago for IT security.
- Scalable architectures: Standardisation of OT architectures and data structures across multiple locations, similar to how ERP (Enterprise Resource Planning) systems streamline core processes such as purchasing and production planning.
From physical operation to digital risks
We are seeing this transition in practice with our customers. Processes that were previously operated manually and physically on site are being digitised to enable remote management. This offers enormous opportunities, but completely changes the risk profile: what was previously only physically accessible can now, in theory, be hacked from the other side of the world.
To mitigate this risk, we support organisations right from the design phase of their digitisation process. By integrating security directly into the technical design, engineers can take the right measures before the systems go live.
Ready for the future
The lesson from the IT world is clear: security must be included from the initial design stage (security by design). With a thorough OT cybersecurity approach, production processes remain secure, available and compliant with standards such as IEC 62443 and the NIS2 directive.
At PuraSec, we are focusing our IT security expertise on the OT world this year. Driven by challenging projects with our customers, we help organisations to make their industrial environments secure and future-proof. We are now also providing our consultants with specific training in this area to further develop this expertise.
OT security is no longer a thing of the future; it is the essential next step in cyber resilience. PuraSec is happy to support you in this.
- Jessica Meijboom, Security Consultant at PuraSec
