Shownotes
A real-world case study shows how a single phishing email led to credential and MFA compromise, creating an urgent question for any industrial organization: Did the attacker reach the OT environment?
Dino and Jim walk through how OT visibility, secure remote access controls, and continuous monitoring enabled rapid validation of what happened. They were able to prove the breach did not impact control systems and avoid an expensive, safety-driven shutdown of a continuous manufacturing process.
The episode connects technical controls to executive outcomes, including resilience, duty of care, and the financial reality that “not knowing” can be as costly as an actual compromise.
Chapters:
- (00:00:00) Why continuous manufacturing makes “abundance of caution” shutdowns so costly
- (00:01:00) What “OT continuous monitoring” means and why it matters in real incidents
- (00:03:00) Safety and connected environments: why “it can go boom” changes the stakes
- (00:05:00) Baselines: defining “normal” so abnormal behavior is actionable
- (00:07:00) Incident story: phishing email leads to credential and MFA compromise
- (00:09:00) What the team validated: tracing access and confirming OT was not impacted
- (00:10:00) Lessons from Colonial Pipeline: inability to validate can force shutdowns
- (00:11:00) OT reality check: Windows assets, HMIs, historians, and engineering workstations
- (00:13:00) Secure OT remote access: why VPN-only access is not sufficient
- (00:16:00) The payoff: avoided downtime, avoided product loss, and avoided disruption
- (00:19:00) Executive view: duty of care, liability, compliance, and protecting enterprise value
- (00:23:00) The “air gap” myth and why defense-in-depth is the only practical path
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
