There’s a not-so-dirty little secret in industry: despite advances in both AI and cybersecurity, the greatest cyber threats still come from social engineering and the exploitation of industry control systems (ICS).
The evolution of AI and generative AI (GenAI) has not produced as many novel threats as once feared. But the technologies have become force multipliers for traditional schemes, dramatically accelerating and expanding the scale, proliferation, and even the authenticity of threats. Once rudimentary social engineering schemes like email phishing, which relied on individual attacks, are now high-powered, more authentic and able to target far more victims than ever before – autonomously.
According to a 2025 report from DeepStrike, the “weaponization” of AI for phishing schemes “has driven a surge in attack sophistication and volume, with some metrics showing a 1,265% increase in phishing emails since the launch of generative AI tools. Defenses are struggling to keep pace, as attackers increasingly bypass traditional MFA and exploit the human element, which is involved in over 60% of all breaches.”
“Automation and AI are making it so much easier on cyber criminals,” agreed Matt Castonguay, chief revenue officer for Hitachi Cyber, which operates Security Operation Centers and provides a range of cybersecurity services. “If you’re just someone in your basement trying to hack people, there’s only so much work you can do by yourself. Now you’ve got your AI, you’ve got your ransomware-as-a-service, you’ve got your botnets. You could scan 100,000 companies, 50,000 companies, in a day and find a whole bunch of vulnerabilities.”
“The AI doesn’t discriminate,” he added, “it’s just going to go and pick on everyone that it can.”
For more companies across industries, from energy to mobility, what’s needed to slow the increasing threat landscape is a deliberate, comprehensive assessment plan based on industrial domain expertise; one that examines industrial systems on two tracks: policy vulnerabilities and technical weaknesses.
Policy penetration
The reality for industrial companies today is that the isolated, “air-gapped,” plant is a thing of the past. Everything from cloud services and AI to edge computing are connecting more factories to the cloud than ever before. As these interconnections spread, often without recognition of potential policy breaches, the once seemingly impenetrable industrial company grows more exposed.
“Many people assume new technology presents the biggest risk,” says Castonguay. “More often, the new tech exposes vulnerabilities in older systems that were considered secure before.”
ICSs, the information systems used to manage industrial processes, typically refers to “supervisory control and data acquisition (SCADA) systems used to control geographically dispersed assets, distributed control systems (DCS), and smaller control systems using programmable logic controllers (PLC) to control localized processes,” says the National Institute of Standards and Technology.
For decades, ICSs were air-gapped or completely isolated from any network. A device controlling a conveyor belt or rail switch, for example, was designed for one purpose: to follow simple instructions reliably. Security wasn’t built into the system because remote accessibility wasn’t built into it.
However, that isolation has become an illusion over time. Many ICSs have been augmented with ad-hoc channels that allowed system integrators or contractors to configure files and patch software. As a result, these channels have become pathways to be exploited.
To be sure, in an era of Industry 4.0 and smart grids, true isolation is now obsolete. Consider the proliferation of IoT. Factories, power plants, railroads, and other industrial operations are aggressively integrating AI and IoT devices to boost efficiency, enable real-time monitoring, and improve performance.
And the proliferation isn’t slowing. The number of connected IoT devices worldwide is expected to balloon from around 21 billion in 2025 to more than 50 billion in just 10 years, according to market research firm IoT Analytics. Each connection point links back to infrastructure that often predates modern security practices by decades.
“So we do the assessment,” Castonguay says. “If we find something that’s critical, we will flag it to be corrected right away. But if not, we conduct a remediation report with a gap analysis. We say, ‘here are all the issues that you have and here they are sorted by priority.’ Any minor concerns, we advise they update their security policy.”
The technical vulnerability
Warning signs about the vulnerability of legacy ICS have been flickering for years. As far back as 2008, a 14-year-old in Poland built a homemade infrared device to take control of a tram track switch. He derailed several trams, injuring multiple passengers. In this case, the ICS required no authentication at all.
“Security wasn’t considered when these systems were built,” Castonguay says. “Today it must be applied to every process, both retroactively and proactively.”
In addition to exposing new vulnerabilities, AI provides bad actors with better hacking tools, such as automated malware, encryption, and ransomware management, much of which can be acquired as-a-service for a monthly fee.
“The bad actors aren’t just fishing with one line, but casting a net,” Castonguay says. “They can scan 100,000 companies in a day and find a whole bunch of vulnerabilities.”
When a previously unknown security flaw is discovered and disclosed (a zero-day vulnerability drop), attackers can exploit it within hours. In contrast, updating the ICS across a factory or rail network can take weeks or months.
“It takes a lot longer to patch your systems than it takes for a hacker to scan for vulnerabilities,” Castonguay says.
Ironically, traditional attack methods remain effective. Despite years of security training, people still click suspicious links and reuse passwords. What’s changed, Castonguay says, is AI’s ability to make phishing attempts far more convincing, such as crafting emails that mimic legitimate contracts or vendor communications with alarming accuracy.
As AI enhances bad actors’ toolkit, targets are not governed by the size of the operation nor industry. “No organization is too small to be targeted anymore,” Castonguay warns.
And the urgency is real. Attackers aren’t waiting for defenses to catch up. “The fishermen never sleep,” Castonguay says, “and their nets are getting larger and more sophisticated every day.”
The two-pronged approach to plugging gaps
Identifying the weak points in decades-old industrial systems requires a systematic approach; a comprehensive assessment that examines industrial systems for both policy vulnerabilities and technical weaknesses.
- Policy audits determine which individuals have access to various systems, rather than simply examine security documents. It’s not uncommon for such audits to discover that former employees have active system access, sometimes, administrators whose credentials can unlock every machine in a facility. They can also find generic accounts like “jira_admin” with elevated privileges across multiple systems. “Just because you’re the administrator of one system doesn’t mean you should have access to all the systems on the network,” Castonguay says. “Each system should have its own Identity and Access Management policies.”
- Technical assessments include things like red teaming or penetration testing, which systematically attempt to breach systems using the same methods attackers might use, all conducted with client permission. Assessments can take as little as two days for a small operation or up to a month for larger, multi-site systems.
Another key aspect to Hitachi Cyber’s approach is its ability to pull in expertise from across Hitachi Group companies when necessary. Hitachi’s heritage in industrial equipment and operational technology (OT), as well as its decades of development and deployment of data and AI solutions, provides Hitachi Cyber with unmatched, deep domain expertise in mission-critical systems – the systems that support the world’s social infrastructure.
“A key advantage of ours is the ability to tap into Hitachi for industry-specific expertise when needed,” Castonguay says, “and likewise, to bring our expertise to bear on industrial challenges Hitachi discovers in the market. AI can scan a million devices quickly. But the differentiator is the human expertise to know what these results actually mean.”
But there’s one more step to Hitachi Cyber’s industrial security strategy: early warning audits. According to Castonguay, most organizations pursue assessments like these only after a breach or when insurance companies mandate them. But successful companies apply a proactive approach, conducting regular security audits and penetration testing to address vulnerabilities before they are exploited, making industrial cybersecurity as routine as home inspections.
For more, visit: Hitachi Cyber | Cybersecurity & Performance Analytics Solutions
And for more Hitachi AI perspectives, visit AI Resource Center – Hitachi Digital
Hitachi Cyber is a global leader in advanced cybersecurity and performance analytics solutions, serving clients in over 50 countries for more than 50 years. With its innovative approach and 24/7 operations, it delivers tailored solutions to safeguard organizations against evolving threats and drive confident growth.
Read More from This Article: From air-gapped to wide open: the rising risks in industrial cybersecurity
Source: News