{"id":206456,"date":"2026-04-27T16:53:00","date_gmt":"2026-04-27T20:53:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity\/"},"modified":"2026-04-27T16:55:10","modified_gmt":"2026-04-27T20:55:10","slug":"third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity\/","title":{"rendered":"Third-Party Remote Access in OT: The Soft Underbelly of Industrial Cybersecurity"},"content":{"rendered":"<p><a href=\"https:\/\/securityboulevard.com\/2026\/04\/third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity\/\">Third-Party Remote Access in OT: The Soft Underbelly of Industrial Cybersecurity<\/a><\/p>\n<p><a href=\"https:\/\/securityboulevard.com\/2026\/04\/third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity\/\">https:\/\/securityboulevard.com\/2026\/04\/third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-27 16:53:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityboulevard.com\">securityboulevard.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\t\t\tThe post Third-Party Remote Access in OT: The Soft Underbelly of Industrial Cybersecurity appeared first on Cyolo Blog.<\/p>\n<p>\u201cWe trust our vendors. Plus, they\u2019ve always had access. What&#8217;s suddenly the problem?\u201d<br \/>\nIn many industrial environments, allowing third-party vendors, contractors, and OEMs to access sensitive OT environments\u00a0has\u00a0been standard practice for years.\u00a0What began as occasional remote support has now evolved into a core operational dependency.\u00a0Today, remote vendor access underpins maintenance, diagnostics, and uptime across manufacturing plants, energy facilities, and critical infrastructure.<br \/>\nBut while the third-party access model is widely accepted, it also introduces significant risk. This is because, rather than breaking into OT environments, today\u2019s attackers are increasingly exploiting the legitimate remote access pathways used by trusted third-party technicians.<br \/>\nThe scale of this exposure is hard to ignore. Data from a 2025 Cyolo\/Takepoint Research study shows that\u00a088% of manufacturers allow remote third-party access into OT environments, and 60% grant such access to over 100 different external parties. At the same time, the just-released 2026 Marlink Cyber Intelligence Report for Remote Operations reveals that\u00a0more than 50% of organizations rely on third-party remote access that isn\u2019t centrally monitored.<br \/>\nThis combination \u2013 widespread access with limited oversight \u2013 creates a perfect entry point for attackers and an enormous blind spot for industrial organizations.<br \/>\nAnd, unfortunately, the trouble doesn\u2019t stop there. The same Marlink research finds that\u00a0around 60% of assessed sites rely on shared IT\/OT infrastructure, while\u00a0over 70% contain undocumented or poorly secured connections to external networks. In other words, many organizations don\u2019t just have remote access \u2013 they have remote access they can\u2019t fully see or control.<br \/>\nThe result is a simple but uncomfortable reality: critical systems are being accessed remotely without visibility into who is connecting, when they&#8217;re connect, or what they\u2019re doing once inside.<br \/>\nA Shift OT Cybersecurity: Why Identity Is the New Perimeter<br \/>\nTraditional OT security strategies focus on keeping threats out. Firewalls, segmentation, and air gaps were designed to create a strong perimeter. But in highly connected environments, the perimeter has become increasingly porous.<br \/>\nAs a result, attackers have adjusted their tactics from exploiting systems to exploiting identities.\u00a0Credentials, and especially those tied to remote vendor access, are easier to steal, harder to detect, and far more effective once obtained.<br \/>\nAccording to the Marlink report,\u00a0approximately 69% of observed risks are linked to exposed or compromised credentials. Once attackers gain valid access, they don\u2019t need to behave like intruders. They can move through the network using legitimate tools, blending into normal operations and\u00a0evading traditional detection methods. In OT environments, where third-party access is both common and expected, this creates a dangerous blind spot.\u00a0<br \/>\nWhy Third-Party Access Is So Hard to Control<br \/>\nThe challenge of third-party access isn\u2019t just technical. It\u2019s operational.<br \/>\nIndustries like manufacturing and mining depend heavily on vendors to run and maintain specialized equipment. When something breaks, the priority is to restore operations quickly and prevent costly downtime. Remote access makes that possible, but it also creates a dependency: vendors need fast, reliable access with minimal friction. This operational pressure frequently leads to access being prioritized over control.<br \/>\nAt the same time, many organizations lack visibility into their own environments. The Marlink research shows that\u00a030-40% of OT assets are initially unknown or undocumented, making it difficult to define the full attack surface. Compounding the problem,\u00a0fewer than 25% of organizations have clearly assigned OT security ownership, leading to fragmented responsibility across IT, OT, and third-party stakeholders.<br \/>\nUnder these conditions, it\u2019s easy to understand why consistent control is almost impossible to enforce. Access decisions are often made locally, visibility remains incomplete, and accountability becomes unclear. Beyond this, vendor credentials may be shared for convenience, access may remain open longer than necessary, and monitoring may be limited or inconsistent.<br \/>\nIndividually, each of these gaps could be manageable.\u00a0But collectively, they create a system where control is fragmented and security is reactive rather than proactive.<br \/>\nThis is exactly what attackers exploit. Instead of relying on a single vulnerability, they take advantage of how the various gaps in protection overlap. A shared credential here, an always-on connection there, and limited monitoring across the environment \u2013 combined, they create a path to move undetected toward critical systems and assets.<br \/>\nAnd crucially,\u00a0many of these access paths are implicitly trusted. Vendor accounts often operate with fewer controls and less scrutiny than internal users, making them an ideal target. Once compromised, they provide attackers with legitimate, hard-to-detect access that appears indistinguishable from routine operational activity.\u00a0<br \/>\nSecuring Third-Party Remote Access in OT Environments: What Good Looks Like<br \/>\nStrengthening third-party access security doesn\u2019t mean blocking vendors from reaching OT systems. It means bringing their access under precise control.<br \/>\nUnsurprisingly, the shift starts with identity. Every individual accessing the OT environment needs a unique, verifiable identity with clearly defined permissions. This is a security best practice aligns with zero trust principles and standards like ISA\/IEC 62443, where access is continuously validated and never implicitly trusted.<br \/>\nFrom there, access for third parties must become dynamic rather than persistent.\u00a0Instead of standing permissions that remain open indefinitely, organizations should adopt just-in-time (JIT) access, where sessions are approved, time-bound, and automatically revoked when the job is done. This significantly reduces the window of opportunity for attackers.<br \/>\nVisibility is equally vital. If a vendor is connected to a critical system, that session should be observable in real time. OT and security teams need the ability to monitor activity, record sessions for auditing purposes, and intervene immediately if something looks wrong.<br \/>\nFinally, governance must be centralized. Remote access shouldn\u2019t be fragmented across different tools, teams, or environments.\u00a0Instead, it should be treated as a single, controlled layer \u2013 ensuring consistency, visibility, and accountability.<br \/>\nHow to Improve OT Vendor Access Security Without Disrupting Operations<br \/>\nFor most organizations, improving third-party access security doesn\u2019t require a complete transformation.\u00a0What it does require is tightening control where the impact will be most significant.<br \/>\nIf you\u2019ve read this far, you won\u2019t be shocked to learn that the ideal starting point is moving from convenience-driven access to controlled, identity-based access. When every user has their own identity, actions become traceable. When access is time-bound, exposure is reduced. And when sessions are monitored in real time, security teams gain visibility and control over what is happening inside the OT environment.<br \/>\nDespite what might be expected, these changes don\u2019t add friction. Quite the opposite,\u00a0they ensure access is available when needed, while removing unnecessary risk and preserving operational speed.\u00a0Over time, this approach transforms third-party remote access from a blind spot into a governed, observable process.<br \/>\nThe Future of OT Security: From Implicit Trust to Continuous Verification<br \/>\nThe broader shift in OT cybersecurity is clear. Security today is not about protecting a fixed perimeter but rather about controlling access in environments that are connected, distributed, and dynamic. Identity is the new control plane, and third-party access sits at its center.<br \/>\nOrganizations that adapt effectively will move away from implicit trust and toward continuous verification. They will enforce the principle of least privilege, monitor access in real time, and treat vendor connectivity as a governed process rather than an operational shortcut.<br \/>\nIn this modern model, third-party remote access becomes a controlled, observable, and accountable part of the operational environment, aligned with both security and business continuity.<\/p>\n<p>*** This is a Security Bloggers Network syndicated blog from Cyolo Blog authored by Cyolo. Read the original post at: https:\/\/cyolo.io\/blog\/third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Third-Party Remote Access in OT: The Soft Underbelly of Industrial Cybersecurity https:\/\/securityboulevard.com\/2026\/04\/third-party-remote-access-in-ot-the-soft-underbelly-of-industrial-cybersecurity\/ Publish Date: 2026-04-27&#8230;<\/p>\n","protected":false},"author":1,"featured_media":206457,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyolo.io\/img\/http\/aHR0cHM6Ly9jeW9sby1zdGF0YW1pYy5zZm8zLmRpZ2l0YWxvY2VhbnNwYWNlcy5jb20vdGhpcmQtcGFydHktcmVtb3RlLWFjY2Vzcy1pbi1vdC5qcGc\/third-party-remote-access-in-ot.jpg?w=1280&h=720&fit=crop&s=9e0c901e517eead127428b1e9e09cd09","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-206456","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206456"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=206456"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206456\/revisions"}],"predecessor-version":[{"id":206458,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206456\/revisions\/206458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/206457"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=206456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=206456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=206456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}