Episode 110

The Patching Gap Putting Industrial Operations at Risk: IT vs OT

Published on: 27th January, 2026

Craig and Dino tackle one of industrial cybersecurity's most critical challenges in this Rewind episode: the massive gap between IT and OT patching strategies.

IT organizations patch constantly—think Patch Tuesday. OT environments rarely patch at all, creating dangerous vulnerability gaps across connected networks.

The hosts explore why this disconnect exists. Production floor downtime costs are astronomical, making patching a risky business decision.

OEM restrictions complicate matters further. Many vendors won't support systems or warranties after unauthorized updates.

Managing decades-old equipment alongside modern systems creates another layer of complexity. Legacy PLCs weren't designed with patching in mind.

The consequences of not patching are mounting. Insurance companies are tightening requirements and regulatory pressures are intensifying.

Craig and Dino offer practical solutions that don't require shutting down production lines. Virtual patching technologies can protect legacy control systems without traditional software updates.

The hosts emphasize the urgent need for IT-OT collaboration. All stakeholders—including OEMs and system integrators—must be part of strategic cybersecurity conversations.

This episode is essential listening for CISOs, plant managers, and anyone responsible for protecting industrial operations. The connected world isn't waiting for OT to catch up.

Chapters:

  1. 00:00:00 - Introduction to Patching Challenges
  2. 00:01:08 - IT vs OT Patching: Key Differences
  3. 00:02:55 - Understanding the Cost of Downtime in OT
  4. 00:03:32 - Overcoming Challenges with Legacy Systems
  5. 00:05:21 - Navigating OEMs and Safety Concerns
  6. 00:06:45 - The Role of Safety in OT Patching
  7. 00:08:52 - Exploring Virtual Patching Solutions
  8. 00:13:11 - Enhancing Vendor Collaboration and Risk Management
  9. 00:16:48 - Impact of Mergers and Acquisitions on Cybersecurity
  10. 00:18:33 - Addressing Insurance and Compliance Issues
  11. 00:20:12 - Significant Consequences of Not Patching
  12. 00:23:14 - Building an Effective Collaborative Cybersecurity Strategy
  13. 00:24:03 - Conclusion and Actionable Insights

Links And Resources:

  1. Want to Sponsor an episode or be a Guest? Reach out here.
  2. Industrial Cybersecurity Insider on LinkedIn
  3. Cybersecurity & Digital Safety on LinkedIn
  4. BW Design Group Cybersecurity
  5. Dino Busalachi on LinkedIn
  6. Craig Duckworth on LinkedIn


Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for Industrial Cybersecurity Insider

About the Podcast

Industrial Cybersecurity Insider
Everything You Need to Know to 'Get Safer Sooner'
Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!

About your host

Profile picture for Hector Santiesteban

Hector Santiesteban