This is such a crucial question that many industrial operations are grappling with right now! I completely understand the dilemma - on one hand, you want to leverage IoT for predictive maintenance to prevent costly downtime and extend equipment life, but on the other hand, connecting legacy equipment that was never meant to be online feels like opening Pandora's box for cybersecurity threats.

From what I've researched, the key is implementing a layered security approach. First, network segmentation is absolutely essential - you want to isolate legacy equipment in separate zones, creating air gaps between critical systems and the internet. Think of it like having secure compartments on a ship; if one gets breached, the others remain protected.

For legacy equipment, consider using protocol gateways or retrofit solutions that act as intermediaries. These can translate old protocols to modern ones while adding security layers like encryption and authentication. It's like giving your old equipment a secure translator that only allows safe communication.

Also, focus on collecting only essential data rather than everything. Ask yourself: "What minimum data do I need for effective predictive maintenance?" This reduces your attack surface. And implement strict access controls - not everyone needs access to everything.

The reality is that you can't eliminate all risk, but you can manage it intelligently. Start with your most critical assets, implement security by design, and remember that sometimes the best approach is keeping certain legacy systems completely isolated while you gradually modernize.