Utilities and critical infrastructure have becoming the favorite target of state-sponsored attackers who seek to disrupt the OT environment and cyber attacks against utilities have risen 70% in 2024. These attackers typically use social engineering to compromise workstations and then move laterally into the OT environment by taking over the user’s authorized accounts. This is the advanced persistent threat’s (APT) bread and butter because identity security controls store tokens, cookies, tickets, etc. on the user’s workstation. When the workstation is compromised, attackers can simply usurp these access tokens for their own purposes without raising any suspicion. Even MFA and PAM solutions are ineffective against this common attack path because they also store access tokens on the workstation. After the user provides the 2nd factor for MFA or PAM, the attacker can take over the authenticated session. Expected Outcome: - A timeline of recent cyber attacks on utilities - Security baseline assumptions - Attacker motivations - How attackers move inside IT and OT networks - Best practices to block these types of attacks - Keystrike testimonial from Global Water Resources Intended Audience: IT, Security, and Identity and Access Management professionals from critical infrastructure organizations.