OT Security: APT Alarm and Italy's Industrial Lag

Italy's lag in OT security is evident: APTs silently manipulate processes and AI reduces exploit time to hours.

OT Security: APT Alarm and Italy's Industrial Lag

63% of vulnerabilities in Italian industrial systems are classified as high risk, a percentage exceeding the global average of 58%. While public debate often focuses on loud and destructive ransomware attacks, such as the incident that hit Poltronesofà S.p.A. on October 27, 2025, with data exfiltration and encryption, the most insidious threats act completely silently. State-sponsored Advanced Persistent Threats manipulate production processes without shutting down systems, and the acceleration of artificial intelligence has reduced exploit time from about 40 days in 2018 to just a few hours.

OT Vulnerabilities in Italy: A Structural Problem

Data emerging in the first months of 2026 paint a worrying picture for the nation's operational technology security. 63% of vulnerabilities in Italian industrial systems are classified as high risk, exceeding the global average of 58%. According to Davide Boglioli, technical lead of Nozomi Networks' vulnerability assessment team, "Systems are likely updated less frequently, or patching processes are not timely."

The tendency of Italian companies to neglect operational security is confirmed by Boglioli's words: "Italian companies are often smaller and less inclined to invest in security, especially if it is not directly linked to production." Once again, the main vector is not a sophisticated exploit but poor management of credentials and update processes. The problem is not technical: it is managerial.

The dynamics of the most recent cyberattacks highlight an urgent need for a paradigm shift: the attack surface has extended far beyond the traditional IT perimeter. Threats today insinuate themselves into supply chains, OT devices, communication channels between partners, and data in transit between cloud systems. For 70.1% of responding companies and entities, the Information System is essential to support activities and processes, making its digital security a priority. Of these, 10.6% provide essential services for Italy, subject to the NIS directive and new European regulations like NIS2 and DORA.

Data Manipulation and APTs: The Invisible Threat

The two main attack vectors for OT and IoT are brute-forcing credentials and data manipulation to alter operational parameters without shutting down the system. Alessandro Di Pinto, senior director of Security Research at Nozomi Networks, emphasizes that "Today, a major danger for OT and IoT security comes from quieter attacks, which exist but go unnoticed until they cause damage. And reacting at that point is too late."

Attacks follow a precise pattern: initial access, lateral movement, and manipulation, keeping a low profile to avoid detection. The history of these tactics has deep roots: between 2007 and 2010, the Stuxnet malware hit Iranian nuclear facilities, altering their operation and sending false signals to control systems.

"Within a production chain, even a minimal variation in parameters leads to a systemic defect. And this can compromise an entire supply," explained Di Pinto. State-sponsored groups pre-position themselves in critical infrastructures well in advance to activate threats during geopolitical crises. "A state never strikes critical infrastructure suddenly. It pre-positions well in advance, when everything seems quiet," added Di Pinto.

The Acceleration of Artificial Intelligence and the IoT Risk

Artificial intelligence is used to improve phishing campaigns, create credible digital identities, and guide malware behavior. This has drastically reduced the time needed between the discovery of a vulnerability and its exploitation: if in 2018 it took about 40 days, today only a few hours are enough. "We are not talking about estimates, but observed data," specifies Di Pinto.

In this context, IoT devices like cameras and smart conference rooms can become risk catalysts, creating new access points to IT workspaces and OT systems. IT/OT convergence exponentially amplifies the attack surface with each new external connection. If operational data reveals production patterns, usage rhythms, or process parameters, it can be used to plan physical attacks or industrial sabotage.

NIS2 Directive and Mitigation Strategies

The NIS2 directive represents a step forward for transparency, mandating incident reporting, but it does not provide operational guidelines on how to address threats. To protect themselves effectively, companies must rethink their entire corporate security posture in an integrated way, relying on a Managed Security Service Provider (MSSP) specializing in IoT and OT Security.

An MSSP offers specific services such as 24/7 continuous monitoring to promptly detect and respond to threats, vulnerability management for proactive identification and mitigation, and the implementation of advanced security measures like network segmentation, multi-factor authentication, and OT-specific intrusion detection solutions.

Frequently Asked Questions

What are APTs in the context of OT security?
APTs (Advanced Persistent Threats) are persistent advanced threats, often state-sponsored, that infiltrate industrial systems for espionage or manipulation. Unlike ransomware, they act silently to avoid detection.
Why has exploit time been reduced to just a few hours?
The acceleration is due to the use of artificial intelligence, which allows refining phishing campaigns and guiding malware behavior, drastically reducing reaction time compared to the roughly 40 days needed in 2018.
How does the NIS2 directive address OT security?
The NIS2 directive mandates incident reporting to increase transparency, but does not provide specific operational guidelines on how to mitigate threats to industrial systems, leaving the burden of defining defensive strategies to companies.

The information has been verified on the cited sources and updated at the time of publication.

Sources