Close Menu
    What's New

    Foreign investment in Saudi private markets hits SR20 billion in 2025

    July 1, 2026

    UAE weather tomorrow: Temperatures to reach 49ºC on Thursday

    July 1, 2026

    DP World launches Egypt’s first integrated Logistics Distribution Centre at Sokhna Logistics Park

    July 1, 2026
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    The Gulf GazetteThe Gulf Gazette
    • Home
    • KSA
    • UAE
    • GCC
    • Technology
    • Lifestyle
    • Sports
    The Gulf GazetteThe Gulf Gazette
    Home»Technology»Identity security is critical to protect OT from next major cyber incident
    Technology

    Identity security is critical to protect OT from next major cyber incident

    Editorial TeamBy Editorial TeamJuly 1, 2026
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest WhatsApp Email

    Delinea experts outline why privileged access, third-party identities, and visibility gaps are increasing risk across critical infrastructure, and what organisations need to do to strengthen OT resilience.

    Identity security is rapidly emerging as one of the most important priorities for organisations operating critical infrastructure and industrial environments. Increased connectivity, remote access requirements, and the growing convergence of IT and operational technology (OT) have created new opportunities for attackers to exploit trusted access pathways into essential systems.

    A growing reliance on connected industrial systems, third-party access and digital transformation initiatives formed the backdrop to a webinar hosted by CPI Media Group in association with Delinea, titled From Credentials to Catastrophe: Securing OT Before the Next Colonial Pipeline.

    The session featured Andrea Scott, Product Marketing Manager; Alex FitzGerald, Product Marketing Manager; Brance Spradlin, Global Identity Specialist; and Albert Beattie, Senior Technical Partner Manager at Delinea, who examined the changing OT threat landscape and the growing role of identity in securing critical operations.

    OT security has become a business issue
    Cybersecurity threats targeting industrial environments have evolved significantly over the past decade. Traditional assumptions that OT systems could remain isolated from external threats no longer hold true in a world of remote monitoring, cloud-connected systems, predictive maintenance and third-party support services.

    Threat actors continue to exploit the gaps that exist between IT and OT environments. Many organisations still manage these domains separately, creating blind spots that attackers can leverage to move between networks and gain access to critical assets. This reality is driving a shift towards unified governance models that provide a consolidated view of cyber risk across the organisation.Boardrooms are increasingly involved in these discussions because the consequences of a successful attack extend far beyond technology.

    Production downtime, supply chain disruption, revenue loss, regulatory scrutiny and safety concerns can quickly transform a cybersecurity incident into a major business continuity event.

    Lessons from major cyber incidents
    Several high-profile attacks illustrate the risks facing industrial organisations today. The panel referenced incidents such as Triton, which targeted safety systems at a petrochemical facility in Saudi Arabia, Shamoon’s destructive attack on Saudi Aramco, the Colonial Pipeline breach in the United States and the activities of the Volt Typhoon threat group. Each incident demonstrated how trusted access, compromised credentials or poorly governed identities can become entry points into critical environments.

    One of the strongest messages from the discussion was that attackers increasingly rely on legitimate credentials rather than sophisticated malware. Valid accounts allow malicious actors to blend into normal operational activity, making detection significantly more challenging.

    Put simply, many modern attacks begin not with a breach of the perimeter but with access that appears legitimate.

    Identity has become the new control plane
    Network segmentation remains an important component of OT security. However, the speakers argued that identity has become the most effective lens through which organisations can understand and manage risk.

    Every engineer, contractor, vendor, administrator, application, machine identity and service account represents a potential access pathway. Growth in automation, cloud services and artificial intelligence is accelerating this challenge, creating a rapidly expanding population of non-human identities that require the same level of governance as human users.

    Visibility into who has access, what they can do, when they can perform actions and how quickly permissions can be revoked has become essential. Organizations that fail to govern identities consistently across IT and OT environments leave dangerous gaps that can be exploited by attackers.

    Third-party access remains a major challenge
    Third-party access emerged as one of the most significant concerns discussed during the webinar.

    Industrial operations frequently depend on equipment manufacturers, contractors, service providers and maintenance teams that require remote connectivity to critical systems. Many organisations continue to provide access through persistent VPN connections and shared accounts, often with limited oversight once access has been granted.

    Problems often arise when vendor relationships end but accounts remain active. Dormant credentials can persist for months or even years, creating unnecessary exposure and expanding the organisation’s attack surface. Limited visibility into vendor activity further compounds the challenge.

    According to the panel, stronger governance of third-party access represents one of the fastest and most effective ways to reduce OT identity risk.

    Roadmap to stronger OT identity security
    Building a mature identity security programme does not require organisations to replace existing infrastructure or undertake disruptive transformation projects.

    The speakers described a maturity journey that begins with basic visibility and progresses towards comprehensive governance. Early-stage environments often rely on shared credentials and have limited auditing capabilities. More advanced organisations implement privileged access management, just-in-time authorisation, session monitoring, multi-factor authentication, role-based controls and identity governance processes.

    The desired end state is a zero-trust model in which access is granted only when needed, credentials remain protected from users, privileged sessions are monitored and recorded, and permissions are automatically revoked once work has been completed.

    Delinea outlined three core pillars for achieving this outcome: protecting privileged credentials, securing remote access through brokered connections rather than traditional VPNs, and providing comprehensive visibility into privileged activity through monitoring, auditing and session recording.

    Visibility should come first
    A consistent recommendation from all panellists centred on visibility. Organisations need a clear understanding of the identities operating within their OT environments before they can effectively manage risk. Discovery of privileged accounts, vendor access pathways, service accounts and remote sessions provides the foundation for stronger governance and better decision-making.

    Quick wins can often be achieved by focusing on high-risk areas such as third-party access and privileged accounts. Improved visibility enables organizations to move from assumptions to evidence-based risk management while creating the groundwork for a broader identity security strategy.

    Identity security is no longer solely an IT concern. Modern industrial environments depend on trusted access to maintain operations, support innovation and drive efficiency. Organisations that can govern those identities effectively will be better positioned to protect critical infrastructure, strengthen resilience and reduce the likelihood of the next operationally disruptive cyber incident.

     


    Source: Tahawul Tech

    Previous ArticleRoof collapse kills 14 children at Pakistan tuition center
    Next Article Nazaha investigates 385 suspects, arrests 130 in June anti-corruption cases

    Related Posts

    Perk opens Middle East office in ADGM

    July 1, 2026

    81% of UAE organisations expect AI to push network capacity to its limits within three years

    July 1, 2026

    GovTech Innovation Forum & Awards 2026 celebrates leaders shaping UAE’s digital future

    July 1, 2026
    Latest Posts

    Foreign investment in Saudi private markets hits SR20 billion in 2025

    July 1, 2026

    UAE weather tomorrow: Temperatures to reach 49ºC on Thursday

    July 1, 2026

    DP World launches Egypt’s first integrated Logistics Distribution Centre at Sokhna Logistics Park

    July 1, 2026

    Perk opens Middle East office in ADGM

    July 1, 2026
    Don't Miss

    Austria’s inflation rate up by 0.9% to 3.1% in March

    By Editorial TeamApril 1, 2026

    VIENNA,1st April, 2026 (WAM) — Austria’s inflation rate rose by 0.9% to 3.1% in March,…

    Saudi FM, UN chief discuss regional developments in phone call

    April 1, 2026

    Saudi, Greek defense ministers discuss repercussions of Iranian attacks

    April 1, 2026
    2026. All rights reserved.
    • KSA
    • UAE
    • GCC
    • Technology
    • Lifestyle
    • Sports

    Type above and press Enter to search. Press Esc to cancel.