Fortinet recently published their 2024 State of Operational Technology and Cybersecurity Report. According to the cybersecurity solutions provider, the report offers a look at the current state of operational technology (OT) security and highlight opportunities for continued improvement as organizations look to secure an ever-expanding IT/OT threat landscape. Some key findings from the report include:
- While significant progress has been made over the past 12 months, critical areas throughout the IT and OT network environments continue to need greater improvement.
- Cyberattacks that compromise OT systems are on the rise. In 2023, 49 percent of respondents experienced an intrusion that impacted either OT systems only, or both IT and OT systems. But this year, nearly three-fourths (73 percent) are being impacted.
- The survey data also shows a year-over-year increase in intrusions that only impacted OT systems (from 17 percent to 24 percent). Given the rise in attacks, nearly half (46 percent) of respondents indicate that they measure success based on the recovery time needed to resume normal operations.
- Nearly one-third (31 percent) of respondents reported more than six intrusions, compared to only 11 percent last year. All intrusion types increased compared to the previous year, except for a decline in malware. Phishing and compromised business email intrusions were the most common, while the most common techniques used were mobile security breaches and web compromise.
- Detection methods aren’t keeping pace with today’s threats. As threats grow more sophisticated, the report suggests that most organizations still have blind spots in their environment. Respondents claiming that their organization has complete visibility of OT systems within their central security operations decreased since last year, dropping from 10 percent to five percent.
- However, those reporting 75 percent visibility increased, which suggests that organizations are gaining a more realistic understanding of their security posture.
- More than half (56 percent) of respondents experienced ransomware or wiper intrusions—an increase from only 32 percent in 2023—indicating that there is still room for improvement regarding network visibility and detection capabilities.
- Responsibility for OT cybersecurity is elevating within executive leadership ranks at some organizations. The percentage of organizations that are aligning OT security with the CISO continues to grow, increasing from 17 percent in 2023 to 27 percent this year.
- At the same time, there was an increase to move OT responsibility to other C-suite roles, including the CIO, CTO and COO, to upwards of 60 percent in the next 12 months - showing concern for OT security and risk in 2024 and beyond.
- Some organizations, where the CIO is not outright responsible, are demonstrating an upward shift of these responsibilities from the Director of Network Engineering to the Vice President of Operations role, which illustrates another escalation of responsibility. This elevation into the executive ranks and below, regardless of the title of the individual overseeing OT security, may suggest that OT security is becoming a higher-profile topic at the board level.
The report also offers some best practices, including:
- Segmentation. Reducing intrusions requires a hardened OT environment with strong network policy controls at all points of access. This kind of defensible OT architecture starts with creating network zones or segments.
- Establish visibility and compensating controls for OT assets. Organizations must be able to see and understand everything that’s on the OT network. Once visibility is established, organizations must protect any devices that appear to be vulnerable, which requires protective compensating controls that are purpose-built for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent the compromise of vulnerable assets.
- Integrate OT into security operations. To achieve this, teams must specifically consider OT with regard to SecOps and incident response plans. One step teams can take to move in this direction is to create playbooks that incorporate the organization’s OT environment.
- Embrace OT-specific threat intelligence and security services. OT security depends on timely awareness and precise analytical insights about imminent risks. Organizations should make sure their threat intelligence and content sources include robust, OT-specific information in their feeds and services.