As IT and OT environments converge, attackers are increasingly chaining vulnerabilities across both domains to reach critical industrial systems. Drawing on real-world incidents including the Lake Risevatnet dam breach and the Polish energy grid attack, Dino DiMarino and Dan Hewitt of Tenable examine how exposure management must replace traditional vulnerability management in industrial environments.

In this insightful discussion, they discuss:

• How increasing OT connectivity, default vendor credentials, poor identity practices and unmonitored remote access are enabling attackers to dwell undetected in industrial networks for months;
• Why siloed IT and OT security approaches fail against modern attackers who chain vulnerabilities across environments without regard for organizational boundaries;
• How a holistic exposure management strategy - encompassing asset visibility, change detection, identity governance and attack surface management - helps organizations prioritize and reduce risk across converged IT/OT environments.