65% of organizations saw at least 3 OT system intrusions within the past year

As OT tech becomes more advanced, so do the cybersecurity concerns surrounding it, Fortinet found.

Engineer touching laptop check and control welding robotics automatic arms machine in intelligent factory automotive industrial with monitoring system software. Digital manufacturing operation.Industry 4.

Image: ipopba, Getty Images/iStockphoto

The majority of organizations (65%) experienced at least three operational technology (OT) system intrusions within the past year, up from 18% in 2019. Some nine out of 10 organizations said they saw at least one intrusion in the same time frame, a Fortinet report found. 

Fortinet's 2020 State of Operational Technology and Cybersecurity report, released on Tuesday, examined the massive role security plays in OT professionals' responsibilities. As OT tech becomes more advanced, so do the cybersecurity concerns surrounding it. 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

OT is critical for the function of the economy, powering factories, energy production and transmission facilities, transportational networks, and utilities worldwide. Some of the latest advancements in OT involve the convergence of its infrastructure with IT networks, improving operational efficiency and profitability, according to the report. 

However, this dependence means that the OT systems adopt all of the security threats IT systems face. Additionally, OT system attack surfaces many times also include Internet of Things (IoT) devices in remote locations. 

This threat landscape means that OT leaders have had to increasingly shift their focus to cybersecurity, more than ever before, the report found. 

OT leader responsibility to security

Some 80% of OT leaders said they regularly participate in cybersecurity decisions, and half said they have final say in those decisions. 

Along with supervising operations teams and managing production efficiency, more than half (64%) of OT leaders said that they are directly responsible for security, too. Nearly three-quarters (71%) said they are regularly involved in IT cybersecurity strategy, up from 56% in 2019, indicating the importance of keeping systems secure. 

However, there is a shift that places OT security under CISOs. Currently, 22% of companies said the CISO manages OT system security, up from 18% in 2019, and 61% said they expect OT security to be transferred to the CISO team in the coming year. 

If that continues as expected, some 83% of organizations will have CISOs managing OT security by next year.

Where OT infrastructures lack protection

While OT leaders have security features in place, some are missing key areas. An example provided in the report involved security information and event management (SIEM) solutions, which is a commonly cited security precaution. 

Even though it is considered common, nearly four in 10 said they lack this tool. Additionally, nearly half lack a Technical Operations Center (TOC) and a Security Operations Center (SOC), with more than half missing a Network Operations Center (NOC). 

Of respondents who do have a SOC, the majority (77%), said they don't have all OT activities centrally visible by the security operations team. Features that allow for zero-trust access are also absent from organizations, including internal network segmentation (47%), network access control (59%), and multifactor authentication, the report found. 

Some 58% of companies said they see their budgets increasing in 2020, but many OT leaders still struggle with measuring and analyzing security.

Vulnerabilities (64%), instructions (57%), and cost reduction resulting from cybersecurity efforts (58%) are most often reported and tracked, but the last common reported metric is tangible risk management outcomes (43%). This insight shows that OT security may not be fully integrated into the enterprise-level risk considerations, the report found. 

This integration is crucial, however, as only 8% of organizations reported having no instructions over the past 12 months. The most common attacks included malware (60%), phishing (43%), and hackers (39%), according to the report. 

Best practices for top-tier organizations 

The report offered 7 best practices for keeping OT systems safe. 

1. Keep OT activities centrally visible to security operations teams

The report found that top-tier organizations are four times as likely to have OT activities centrally visible to security operations teams. The centralized visibility is critical to having full coverage of security protection within the enterprise. 

2. Track and report on vulnerabilities 

Top-tier OT leaders are 133% more likely to track and report on vulnerabilities found and blocked, according to the report. 

Nearly half of data breaches in the past year fell on software vulnerabilities, but less than half of bottom-tier organizations successfully track and report those flaws. 

3. Place the CISO or CSO responsible for OT security

With OT becoming more connected, security of the systems must be included in the larger cybersecurity infrastructure. Top-tier organizations are twice as likely to have the CISO or CSO responsible for OT security, the report found. 

4. Give OT leaders security responsibility too

Security should be the foundation for OT tech and not considered an afterthought. Top-tier OT leaders are 25% more likely to have direct responsibility for embedding security into OT processes. 

5. Adopt a NOC

Organizations should have centralized visibility and monitoring of network activity across OT environments to guarantee optimum performance and security. Top-tier organizations are 25% more likely to have a Network Operations Center (NOC) to achieve this. 

6. Use response time as a security measurement

More than half of top-tier respondents ranked response time to security issues as either a first or second priority. These successful OT leaders are also 25% more likely to be measured by that response time. 

7. Report on compliance to executive leadership

Compliance is also a big concern for the top leaders of organizations. Top-tier companies said they mostly do regular reports, suggesting they have automated compliance reporting across the whole enterprise, allowing for real-time reporting and quicker improvements. Top-tier OT leaders are also 25% more likely to report on  compliance with industry regulations to company leadership. 

For more, check out Running a more efficient IT security operations center: How to keep tasks on target on TechRepublic.

Also see