Organizations are Called on to Enhance Their Security Posture

PRESS RELEASE

Attacks on Operational Technology: Organizations are Called on to Enhance Their Security Posture

Montréal, October 1, 2025 – As part of Cybersecurity Awareness Month, VARS, Raymond Chabot Grant Thornton’s Cybersecurity division, would like to remind companies of all sizes of the importance of strengthening their security posture. Cybercrime tools, fueled by artificial intelligence, are being provided as-a-service by criminal entities, focusing on speed of execution when targeting organizations’ vulnerabilities and increasing the success rate of malicious attacks.

At a time when geopolitical tensions are redefining organizational risks, cyberthreats are no longer limited to digital environments. These threats are aimed at paralyzing both company activities and physical assets. Whether sponsored by an adversary state or international criminal networks, attacks on Operational Technology (OT) environments and critical infrastructure are becoming more frequent and sophisticated.

What is OT and why should you bolster its protection?

The term OT refers to the technologies used to control the machines, equipment and systems that ensure the proper operation, effectiveness and regularity of a production environment on a daily basis.

Critical infrastructure refers to facilities and systems that are essential for the functioning of a society or economy. This can be found in sectors such as health, energy and transportation. The disruption of critical infrastructure activities can significantly impact a country’s economic stability and even its national security. Globally, more than $US329B¹ is at risk from OT cybersecurity incidents.

While OT environments would normally be isolated, automation and network convergence have created new vulnerabilities that can be exploited by criminal groups. According to the most recent statistics, cyberattacks on essential services and OT environments surged by 87% in 2024 compared to 2023. “Since business continuity is essential in these environments, any intrusion or disruption of activities has significant consequences. Therefore, this reality encourages an increasing number of malicious actors to target this kind of organization,” explains Maxime Boutin, VARS Co-Founder and OT Security Leader. In 2024, the number of criminal groups specifically targeting these environments increased by 60% compared to the previous year.

.¹All the figures shown in this press release are from Dragos and are based on the 2025 OT Security Financial Risk Report and the OT/ICS Cybersecurity Report. 8th Annual Year in Review 2025.

How can you better protect your business?

The risk of infiltration for these operational environments is almost inevitable. “This is due to the nature of equipment which is designed for production rather than security and has a long useful life. Many organizations overlook investing in OT security, which limits their capacity to detect attacks and ensure the visibility and continuity of their assets,” states Guillaume Caron, VARS Co-Founder and CEO. A total of 92% of organizations in the manufacturing sector struggle with incident detection.

To be in a better position to tackle these threats, “organizations must focus on the understanding and visibility of attack vectors to identify potential issues and reduce risk in a strategic manner. A robust plan requires direct involvement on the part of senior management, an analysis of the company’s cybersecurity maturity and OT components, asset evaluation and the introduction of critical control activities,” adds Mr. Caron.

The SANS Institute critical controls to reduce the risk of OT attacks are the cornerstone of key protections to maintain control over OT environments. These five essential controls are:

1. OT-specific Incident Response Plan;
2. Defensible Network Architecture;
3. Industrial Controls Systems (ICS) Network Visibility and Monitoring;
4. Secure Remote Access;
5. Risk-based Vulnerability Management Program.

About VARS and Raymond Chabot Grant Thornton

VARS, a division of Raymond Chabot Grant Thornton, selects and manages innovative cybersecurity solutions for corporations of all sizes across North America and internationally. At the forefront of the information security industry, it offers an integrated and tailored approach to protect an organization against data theft and increasingly sophisticated cyberattacks. Since 2022, VARS is the exclusive supplier of the Fédération québécoise des municipalités (FQM) providing support through its cybersecurity service offering.

Raymond Chabot Grant Thornton is a professional services firm dedicated to the success of organizations and their leaders since 1948. The firm’s professionals are committed to helping clients thrive by obtaining a deep understanding of what is important to them, their business and their industry. This knowledge, combined with a team of motivated and talented professionals, helps accelerate growth. A Quebec and Canadian leader in the areas of assurance, tax, advisory services and business recovery and reorganization, Raymond Chabot Grant Thornton boasts more than 2,900 professionals, including approximately 200 partners, working in over 100 offices across the province of Quebec and in the Ottawa and Edmundston regions.

Together with Doane Grant Thornton, another Canadian firm, and the global Grant Thornton organization, our footprint spans across close to 160 countries with 76,000 employees who provide real insight, a fresh perspective and agility to keep clients moving ahead.

– 30 –

For more information:

Gaëlle Fontaine
Advisor, Communications and Public Affairs
Raymond Chabot Grant Thornton
Phone: 438-349-0842
Email: [email protected]