A startling figure has emerged from recent global OT security research that should keep every plant manager awake at night. On average, it takes an industrial organisation 42 days to even realise that an intruder has breached their Operational Technology (OT) network. In a world where automated assembly lines and power grids operate in milliseconds, a six-week head start for an attacker is an eternity. This prolonged exposure represents the difference between a minor IT hiccup and a catastrophic, headline-grabbing operational failure.
To understand why forty-two days is such a terrifying metric, one must look at the financial fallout of downtime. Industry benchmarks suggest that for a mid-sized manufacturing facility, the cost of an unplanned outage can range from £15,000 to over £80,000 per hour.
If an attacker spends six weeks silently mapping your control loops, manipulating sensor data, or preparing a ransomware payload, they aren't just stealing data—they are preparing to hold your entire physical production hostage. Consequently, by the time a detection alert finally pops up on a dashboard, the accumulated risk often translates into millions of pounds in lost revenue and long-term reputational damage.
This dangerous reliance on monitoring rather than proactive locking was made clear during the cyberattack on the Municipal Water Authority of Aliquippa. Attackers took control of a Programmable Logic Controller (PLC) used to regulate water pressure by taking advantage of the most basic entry point: a factory-set, default password. While many believe that "seeing" the network is enough to prevent such events, this incident proved that even advanced monitoring is useless if the front door is left unlocked.
Indeed, visibility is merely the digital equivalent of a CCTV surveillance camera—it records the theft but does nothing to lock the door. In OT environments, by the time an "anomaly" is detected and verified, the adversary has often already mapped the control loops and positioned themselves for operational impact. The attackers in Aliquippa were "authorised" by the system because they had the right credentials; thus, the monitoring tools saw a "normal user" doing "normal work" until the pumps actually stopped.
The failure of passive defence is further compounded by the evolution of threat actors. The most sophisticated groups tracked this year—such as AZURITE or SYLVANITE—are no longer just "hacking" systems; they are "logging in" using legitimate, yet stolen, credentials. When an attacker uses a valid engineer’s password to access a workstation, even the most advanced behavioural analytics struggle to flag the activity as malicious until it is far too late to intervene.
This is why the conversation in 2026 is shifting fundamentally. True resilience in OT does not come from watching the intruder but from a bulletproof authentication layer that dictates who can enter. Modern industrial environments require a shift toward Dynamic Identity. Static passwords and traditional Multi-Factor Authentication (MFA) often fail in OT due to connectivity issues or the risk of credential theft. The solution lies in a "Zero Trust Access" approach where the identification itself is dynamic and independent of the network's state.
Ultimately, by focusing on the authentication phase, organisations can move from a reactive posture to a preventative one. When the identity used to access a PLC or a Human-Machine Interface (HMI) is generated in real-time and valid for only one use, the attacker’s stolen credentials become useless instantly. We must stop asking how we can see them after they enter and start ensuring it is physically impossible for an unauthorised user to enter in the first place. The goal for every OT leader is clear: stop merely watching the door and start locking it so securely that even the most patient observer cannot find a way in.
--------------------
swIDch will continue its quest to innovate and pioneer next-generation authentication solutions. To stay up-to-date with the latest trends sign up to our newsletter and check out our latest solutions.