The report’s conclusions are based upon data gleaned from the responses to a Fortinet survey of more than 500 OT professionals working in various industries that included manufacturing, transportation and logistics, and healthcare. With 93% of OT organizations experiencing an intrusion in the past year and 78% of them experiencing more than three intrusions, OT security is ripe for C-suite attention to improve organizations’ security posture against increasingly sophisticated threats.
Recent Real-World Example of an OT Attack
Cybercriminals and rogue-nation states are increasingly targeting OT and industrial systems. A prominent example is the April 2022 Russian attack on a Ukrainian energy facility. These attackers tried to shutdown Ukrainian electrical substations. The Center for Strategic and International Studies (CSIS) Significant Cyber Incidents webpage says that: “Researchers believe the attack came from the same group…that targeted Ukraine’s power grid in 2016, using an updated form of the same malware.”
Organizations should elevate concern for OT security to a top-of-the-agenda issue, especially with the potential for cyberwar expanding beyond the two combatants and Ukraine.
Why OT Security is an Issue Now
Security was not traditionally a concern for operational technology networks because they were air-gapped from IT networks. But OT is increasingly connected to IT networks, and OT processes are being digitized. These trends have brought numerous benefits including improved productivity, efficiency, responsiveness, and greater profitability. The problem is when OT networks are interconnected with IT networks, they then become as accessible to attacks as IT networks are. The problem is compounded because the PLCs (programmable logic controllers) that run virtually all industrial control systems (ICS) or operational technology (OT) networks weren’t designed with security in mind. PLCs can’t verify the authenticity of message senders and controller communications—and they also have no encryption capability. As a result, OT networks that are no longer air-gapped from IT networks must have security capabilities to avoid breaches.
Why Securing OT Environments is a Business Imperative
Fortinet’s report uncovered critical challenges organizations are facing when it comes to their OT security, including:
- Lack of Visibility – Only a little over half (52%) of the surveyed organizations can track all their OT activities from their security operations center (SOC). Without centralized visibility into OT network activity, organizations are increasingly at risk for cyberattacks.
- Bottom-Line Impact – Nearly 50% of the organizations surveyed suffered an operation outage due to an intrusion that affected productivity. 90% of these incidents required a significant amount of time and effort to restore service. And more than 30% of respondents say their organizations lost revenue and data, had compliance issues, and took a hit to their brand’s reputation.
- Unclear Ownership Responsibility – Only 15% of those surveyed say that their CISO is responsible for OT security at their organization. OT security responsibilities fall within a range of different roles varying between manager and director positions. Not having a high-level security individual responsible for protecting OT networks can be problematic as OT security may be overlooked and not prioritized.
- The Multi-Vendor Security Holes – The Fortinet report also discovered only 7% of organizations have been successful in reducing their number of security vendors to a single one. Most organizations use between two and eight different security vendors for protecting their industrial devices. This complexity creates porous security gaps between the different vendor products that then can be exploited by attackers.
How Organizations Can Improve their OT Security
The Fortinet 2022 State of Operational Technology and Cybersecurity Report has three key recommendations on how best to secure OT networks. These are especially important as organizations are increasingly aware of the implications weak OT security has on their bottom line.
- Use security solutions that provide centralized visibility into all OT activities. The report reveals that the organizations that had no intrusions in the past year–only 6% of the respondents–were more than three times as likely to have achieved centralized visibility than their counterparts who were attack victims. In other words, chances of avoiding being breached are significantly improved if organizations employ a security solution that offers focused, end-to-end visibility into OT activities.
- Limit Your Bench to All-Star Defenders. Remove complexity and get centralized visibility of devices by consolidating the number of security vendors and point products you use. OT and IT security teams can reduce their organization’s attack surface and improve their defenses by using independently tested integrated security solutions.
- Deploy network access control (NAC) technology. Organizations that managed to avoid intrusions in the past year were more than likely to have role-based NAC. This type of security solution allows only authorized people and devices to access critical systems and digital assets.
- Implement Zero Trust Access solutions. To advance OT security, Zero Trust Access solutions can further defend against threats. Zero Trust Access solutions ensure that any user, device or application without proper credentials and permissions is denied access to critical assets.
Learn more about securing critical infrastructure and OT environments with Fortinet.
Read more about why the Fortinet Security Fabric is the industry’s highest-performing cybersecurity mesh platform.