What you will learn in this article:
- Highlights from the Honeywell 2025 Cyber Threat Report and measures that organizations should consider in their OT cybersecurity strategy.
- The importance of employee education on cybersecurity practices and risk identification.
- Strategies to minimize risks associated with USB plug-and-play events and external device validation.
From transportation sector disruptions to attacks on water infrastructure, recent operational technology (OT) cybersecurity attacks demonstrate how industrial systems are no longer peripheral targets, but are now central to threat actor strategies.
The Honeywell 2025 Cyber Threat Report delivers insights into the evolving operational technology cybersecurity threat landscape driven by data from Honeywell’s global customer base. Intelligence data used in the report was primarily derived from Honeywell cybersecurity solutions from October 1, 2024 to March 31, 2025.
With persistent and growing threats like worm-based malware and USB-carried Trojan viruses as well as evolving regulations that require more frequent reporting of cybersecurity incidents, businesses must urgently modernize their OT cybersecurity strategies. Keep reading to learn more about the measures to consider in creating a holistic approach to OT cybersecurity.
Prepare with policies and procedures
Cybersecurity begins with proactive measures like creating and regularly reviewing policies and procedures. These documents should address protecting industrial control networks, threat identification and response protocols.
Setting a routine review schedule, such as monthly or quarterly intervals, helps keep policies relevant to emerging threats. Additionally, procedures help streamline threat detection allowing organizations to act faster when an attack occurs. Building functional cross-team relationships through these protocols is key; collaboration between IT, OT teams and external vendors helps build the trust needed when high-pressure incidents arise.
Educate employees on cybersecurity practices and risks
Human behavior remains one of the biggest factors in OT cybersecurity from failing to identify phishing attempts to creating weak passwords. Regular cybersecurity training helps arm employees with the knowledge to identify threats and adopt behaviors that help reduce vulnerability. Honeywell offers comprehensive cybersecurity training services tailored to all levels and specific roles to help train your team.
Minimize USB risk
USB plug-and-play events comprised 25% of the top 10 cybersecurity incidents recorded by the Honeywell Advanced Monitoring and Incident Response service in the 2025 report. USB plug-and-play events involve devices that a system automatically recognizes and configures without proper vetting (think keyboards, mice and storage drivers). Compromised external devices such as USBs often introduce malware into industrial systems — making deploying secure scanning and vendor validation systems essential.
Implement Multi-Factor Authentication (MFA)
Passwords alone are no longer enough to protect sensitive industrial systems. MFA strengthens defenses by requiring additional authentication layers — such as biometric identification or secure tokens. Honeywell helps address this growing concern with streamlined security tools, encouraging industrial organizations to identify robust password vault practices for OT access control.
Segment networks with precision
Segmenting networks is essential for preventing threat spread during breaches. By isolating systems and limiting access, segmentation follows the principle of least privilege, granting access to users, devices and applications only for what is needed to perform specific tasks. Honeywell solutions integrate safeguards through passive and active monitoring to provide complete visibility, asset management, traffic analysis and real-time threat detection.
Deploy Zero Trust Architecture (ZTA)
Every user, device and workload must be verified before accessing OT environments. Using ZTA integration frameworks, organizations can achieve seamless monitoring without compromising critical access protocols.
Conduct regular updates and audits
Outdated software and operating systems are often vulnerable targets. Conducting regular system updates, paired with robust patch management, can better protect OT environments. Auditing OT environments can visualize network traffic, enabling industrial teams to detect unusual activity long before it results in breaches.
Focus on data security
Implementing strong encryption helps protect sensitive industrial data both at rest and in transit. Honeywell solutions help organizations integrate air-gapped backups for data recovery — practices that become essential during ransomware and other types of cybersecurity attacks.
Prioritize industry standards and secure integration
Compliance frameworks like NIST 800-82, IEC 62443 or NERC CIP set the baseline for OT cybersecurity. Honeywell helps organizations align with these standards while creating confident IT/OT integration systems. Using secure data gateways and segregated telemetry controls supports operational safety while expanding access to advanced AI-powered analytics.