The convergence of Information Technology (IT) with Operational Technology (OT), Industrial Control Systems (ICS), and the expanding landscape of Internet of Things (IoT) and Internet of Medical Things (IoMT) devices is transforming how modern enterprises operate. As these traditionally separate networks become more interconnected, organisations have a unique opportunity to optimise their operations, gain real-time insights, and improve overall efficiency. This integration allows for streamlined processes, predictive maintenance, and enhanced data analysis capabilities, driving digital transformation across industries.

However, the integration of IT with OT, ICS, and IoT/IoMT networks also introduces significant challenges, particularly in the realm of cybersecurity. As these systems become more intertwined, the attack surface for cyber threats increases, making critical infrastructure more vulnerable to potential breaches, data manipulation, or disruptions in service. Enterprises are now faced with the challenge of protecting both their IT and OT environments while ensuring that their interconnected systems remain secure, reliable, and resilient.

In response to these challenges we conducted a survey to better understand how enterprises are approaching the integration of these diverse systems. The survey aimed to gather insights into the strategies, technologies, and best practices that organisations are adopting to secure their interconnected networks. We are particularly interested in learning about how enterprises are navigating the complexities of cybersecurity, ensuring the safe operation of their ICS and IoT devices, and maintaining the integrity of their data in an increasingly interconnected world.

The results provided some common areas of risk which require mitigation and also demonstrate varying levels of success leveraging their cybersecurity and compliance tools.

For the full report and a summary of responses, please see the OT/IoT Visibility Survey Report.

In today’s digital age, businesses must be proactive in protecting their sensitive data and networks from cyber threats. One way to do this is through the use of breach and attack simulation (BAS) tools. BAS tools are designed to test the resilience of a company’s cybersecurity policies and procedures by simulating real-world cyber-attacks. This allows businesses to identify vulnerabilities and weaknesses in their systems before a malicious actor can exploit them. However, many business leaders may be unsure of the differences between breach and attack simulation, vulnerability scanning, and penetration testing.

Vulnerability scanning is the process of identifying and assessing vulnerabilities in a company’s systems and networks. This is typically done using automated tools that scan for known vulnerabilities and provide a report on any that are found. Penetration testing, on the other hand, goes one step further by actively attempting to exploit vulnerabilities in a company’s systems and networks. This is done by a team of ethical hackers who simulate real-world attacks to identify and assess the effectiveness of a company’s cybersecurity defences.

BAS takes a different approach by simulating real-world cyber-attacks in a controlled environment. This allows businesses to test their cybersecurity policies and procedures in a realistic scenario and identify any gaps or weaknesses. One of the challenges when deploying BAS is knowing how to deploy it within different customers’ unique technical architectures, to test all the critical security policies. Kedron provides this expertise as part of their service along with ongoing support and review. This means customers get the benefit of a delivered managed service but without the higher costs of a total outsource arrangement.

Kedron offers the ThreatSim product from Keysight, a market leading BAS solution, as part of their service. Many experts in the field, such as Gartner and Forrester, have stated that Breach and Attack Simulation is essential for enterprise security teams. Gartner states that “BAS solutions are essential for enterprise security teams to test the effectiveness of their security controls and identify vulnerabilities that need to be prioritized for remediation.” Forrester notes that “BAS has emerged to provide an attackers view, with deeper insights into vulnerabilities, attack paths, and weak/failed controls, making it an essential tool for any enterprise security team looking to proactively identify and remediate vulnerabilities before they can be exploited by attackers.”

In conclusion, breach and attack simulation is an important tool that should be used in addition to vulnerability scanning and penetration testing. It allows businesses to test their cybersecurity policies and procedures in a realistic scenario and identify vulnerabilities before they can be exploited.

Read our recent Survey Report in partnership with Keysight Technologies, to learn more about how KedronUK and ThreatSim can help you business with BAS services.