Trends and tools in industrial cyber security - 2025

Why follow trends in industrial cybersecurity

The industrial world, although lagging behind the High-tech sector, is subject to the technological evolution of equipment and machines. While innovative, this evolution multiplies security vulnerabilities and increases the complexity of securing industrial machines. Today, factories face unprecedented challenges without having the necessary skills or training.

Interconnection of IT/OT equipment

The interconnection of IT/OT equipment refers to the combined use of equipment from both IT (Information Technology) and OT (Operational Technology) domains. This convergence is increasingly observed in industrial infrastructures for various reasons:

• Improved visibility and decision-making: Integrating OT data (machines, sensors) with IT systems (ERP, CRM) provides a comprehensive, real-time view of operations;
• Optimized performance and efficiency: Reducing downtime and enhancing predictive maintenance;
• Cost reduction: Better resource management, process automation, and fewer human errors.

A tense geopolitical context

Conflicts between nations are not new. However, the techniques and technologies used have evolved over time. Today, gaining a digital advantage over an adversary is a major strength. Nation-state cyberattacks, orchestrated by state-sponsored organizations, are increasingly common. Sabotage missions and digital espionage linked to state strategic interests are at the heart of modern society.

Advanced Persistent Threats (APT) are also closely monitored by governments, particularly the ANSSI (French National Cybersecurity Agency). These attacks specifically target entities with the goal of breaching them.

Protecting your critical infrastructures helps safeguard both your organization and your country's strategic interests.

Access to malicious cyber tools

The widespread availability of tools and scripts on the internet, especially the dark web, facilitates malicious behavior even by insignificant actors. Today, it is possible to test a script on an industrial device acquired on the market at low cost. Anyone outside the company's network represents a threat to the entire production chain.

Nearly mandatory regulatory strengthening

States and groups of states are requiring critical entities to adopt security measures within their infrastructures. While most regulations and standards are not yet mandatory, some are becoming so—particularly the NIS2 directive, which directly affects essential and important entities in Europe. EU member states had until October 2024 to transpose the NIS2 directive into national law. In 2025, its implementation continues, with EU oversight ensuring consistent and effective application.

The four major trends in industrial cybersecurity for 2025

Securing industrial innovation

Industrial innovation introduces numerous major changes that help manufacturers optimize factory production. However, these innovations also allow malicious users to exploit still unknown cyber vulnerabilities (zero-day vulnerabilities). Each device added to a company's network represents a target for attackers. Trends such as IT/OT interconnection do not facilitate the isolation of these machines, thereby increasing their exposure to cyberattacks. Risk preparedness tools such as the EBIOS RM risk analysis help identify, assess, and mitigate cybersecurity risks.

The Zero Trust model

The Zero Trust model is a cybersecurity approach based on the idea that no user or asset should be implicitly trusted. In this model, every user, device, or application must prove its identity and legitimacy at each step of accessing critical resources. Unlike outdated perimeter security architectures, where everything inside the network was considered safe, Zero Trust assumes that any access attempt could be a threat, whether internal or external.

Applying the Zero Trust model in an industrial context involves:

• OT network segmentation: each machine or production line has access only to the strictly necessary resources;
• Enhanced authentication for operators, technicians, or subcontractors accessing industrial systems;
• Real-time verification of the security status of connected equipment (IoT sensors, industrial controllers);
• Continuous monitoring of data flows between IT and OT systems;
• Minimum privilege management: each role has only the rights it needs—nothing more.

Implementing the Zero Trust model, especially in complex industrial environments, often requires support from specialized experts.

Dative supports you in the progressive implementation of a Zero Trust strategy within your OT network.

EU Regulation 2023/1230 on machinery

The EU Regulation 2023/1230, which will replace Directive 2006/42/EC as of January 20, 2027, introduces enhanced cybersecurity requirements for industrial machinery. This change addresses the challenges posed by the growing integration of digital technologies into critical infrastructures.

The regulation requires that hardware and software components essential for machine compliance are protected against accidental or malicious alterations. Machines must also detect unauthorized interventions on these components.

Additionally, critical software and data must be appropriately identified and secured. Machines must have mechanisms in place to correct malfunctions, thereby preserving their intrinsic safety.

These measures ensure that industrial machinery, often integrated into critical infrastructures, remains resilient against cyber threats and human error, ensuring continuity and safety of operations.

Emerging tools for industrial cybersecurity

Network segmentation

In any industrial cybersecurity strategy, implementing classic network security solutions forms the foundation of an information system’s protection. Integrating next-generation firewalls (NGFW), capable of deep traffic analysis and real-time threat detection, helps secure critical entry points. Combined with smart switches featuring the latest control and monitoring capabilities, they create a more responsive and resilient infrastructure.

Network segmentation plays a central role: it involves isolating different areas of the industrial network (e.g., IT, OT, IoT, remote maintenance) to limit the spread of an attack in case of compromise. By partitioning data flows and defining precise access rules between segments, companies significantly reduce their attack surface.

The addition of secure remote maintenance solutions also enables managing industrial equipment remotely without introducing vulnerabilities, while ensuring connection traceability. Together, these measures provide a robust first layer of security, essential for building a defense-in-depth strategy adapted to modern industrial environments.

Assessing cyber risks in industrial environments

As industrial systems become increasingly interconnected, assessing cyber risks is a key step in ensuring operational continuity and protecting critical infrastructures. The approach can no longer be limited to occasional technical audits; it must rely on a methodical, structured analysis adapted to field specifics.

The EBIOS Risk Manager method (EBIOS RM), developed by ANSSI and widely recognized across Europe, offers a rigorous framework to identify, evaluate, and manage cyber risks in complex environments such as factories, production lines, or SCADA systems.

Real-time traffic and incident analysis

To detect threats before they impact critical systems, it is essential to implement real-time network traffic analysis. This involves deploying IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) probes capable of continuously monitoring flows, detecting abnormal behavior, and— in the case of IPS— automatically blocking suspicious actions.

These solutions allow teams to react immediately to incidents, precisely trace the origin of an attack, and continuously strengthen security. Integrated into a global cybersecurity strategy, they provide essential visibility of internal and external threats, particularly in complex industrial architectures blending OT, IoT, and IT.

Securing workstations

In many factories, Windows workstations are used daily by operators to view, control, or monitor production lines. Although essential for the proper functioning of industrial systems, these workstations often face high risks if not properly secured.

Operators often use generic accounts with elevated access levels, making physical intrusion attempts or malicious acts much easier. This not only undermines traceability but also severely compromises overall infrastructure security.

However, it is possible to harden these workstations with simple and effective solutions, such as:

• USB antivirus keys, which scan and automatically block threats at entry;
• Hardening keys, which apply industrial security policies in seconds;
• And especially the use of named accounts with limited privileges, coupled with a reinforced password policy (minimum length, complexity, regular renewal, two-factor authentication).

The ANSSI also recommends complementary best practices: updating systems, disabling unused ports, strictly controlling external devices, and systematically logging access.

By applying these measures, manufacturers can drastically reduce their attack surface while ensuring better access control and resilience to cyber threats.

Conclusion

In the face of increasingly sophisticated threats, industrial cybersecurity must continuously evolve. Recent trends show a rise in AI, behavioral detection, and OT Zero-Trust implementations.

Adopting “secure by design” tools is essential to sustainably protect critical industrial environments. Staying informed about innovations helps anticipate vulnerabilities before they escalate into major crises. Every industrial actor has a role to play in building proactive, agile, and resilient cybersecurity.

Explore our solutions to strengthen the security of your industrial systems today.