Cyber criminals leveraging OT security gaps, study finds

Cyber criminals are continuing to target industrial control environments and the Fortinet data has found that OT activities lack centralised visibility, increasing security risks.

Only 13 per cent of survey respondents have achieved centralised visibility of all OT activities and just 52 per cent of organisations surveyed confirmed they are able to track all OT activities from the security operations centre (SOC). The lack of centralised visibility contributes to organisations' OT security risks and weakened security posture with 97 per cent of global organisations identifying OT a moderate or significant factor in their overall security risk.

PLCs designed without security, continued intrusions, a lack of centralised visibility across OT activities, and growing connectivity to OT, according to John Maddison, EVP of products and CMO at Fortinet, are some of the critical challenges these organisations need to address.

"Security converged into the OT networking infrastructure, including switches and access points and firewalls, is essential to segment the environment.

"This, combined with a platform that spans OT, converged OT/IT and IT provides end-to-end visibility and control.

"This year's global State of OT and Cybersecurity Report demonstrates that while OT security has the attention of organisational leaders, critical security gaps remain," Maddison said.

Fortinet's State of Operational Technology and Cyber Security Report is based on a survey of more than 500 global OT professionals conducted in March 2022. The company surveyed people in leadership positions responsible for OT and OT security, including managers to C-level executives that represent a range of industries that are heavy users of OT in the manufacturing, transportation and logistics, and healthcare industries.

The Fortinet researchers also found that 93 per cent of OT organisations experienced at least one intrusion in the past 12 months and 78 per cent had more than three intrusions, which have significantly impacted organisations' productivity and their bottom line. Nearly 50 per cent of organisations suffered an operation outage that affected productivity with 90 per cent of intrusions requiring hours or longer to restore service. As a result of these security challenges, respondents reported revenue and data loss, compliance, and brand-value impacted.

VIEW ALL

While director or manager roles are responsible for security management, the data revealed that only 15 per cent of survey respondents say that the CISO holds the responsibility for OT security at their organisation. Industrial systems have become a significant risk factor since these environments were traditionally air-gapped from IT and corporate networks, but now these two infrastructures are becoming universally integrated.

To mitigate risks to their organisations, most C-level leaders recognise the importance of securing these environments. With industrial systems now being connected to the internet and more accessible from anywhere, organisations' attack surface is increasing significantly. However, only 21 per cent of organisations have reached level four maturity of their organisation's OT security posture, which included leveraging orchestration and management. Notably, a larger proportion of Latin America and APAC respondents have reached level four compared to other regions, with more than 70 per cent of organisations falling in the middle levels toward having a mature OT security posture.

A vast majority of organisations use between two and eight different vendors for their industrial devices; have between 100 and 10,000 devices in operation. By using multiple OT security tools, organisations have created more gaps in their security posture.

For organisations to address OT systems' vulnerabilities and strengthen overall security posture, Fortinet suggests establishing zero-trust access to prevent breaches. To advance OT security efforts, zero-trust access solutions can defend against both internal and external threats by ensuring any user, device or applications without proper credentials and permissions are denied access to critical assets.

Centralised, end-to-end visibility of all OT activities is key to ensuring organisations strengthen their security posture and integrating across environments by consolidating security tools as well as vendors are essential.

To remove complexity and implement centralised visibility of all devices, Fortinet also suggests that it is best practice for organisations to integrate their OT and IT technology across a smaller number of vendors. By implementing integrated security solutions, organisations can reduce their attack surface and improve their security posture.

Organisations that avoided intrusions in the past year had most likely deployed network access control (NAC) technology the Fortinet data also revealed. Having a role-based NAC in place is designed to ensure that only authorised individuals can access specific systems critical for securing digital assets.

Top-tier organisations that made up 6 per cent of respondents who reported no intrusions in the past year, had likely achieved centralised visibility compared to their counterparts who suffered intrusions.

[Related: ‘Unsustainable stress levels’ driving cyber security workers to quit]