BrandPost: The state of operational technology and cybersecurity – Source: www.csoonline.com

Today, the convergence of operational technology (OT) and IT networks is accelerating because organizations can use the data collected by physical equipment and Industrial Internet of Things (IIoT) devices to identify issues and increase efficiency. With less siloed IT and OT departments, convergence reduces space requirements and physical hardware. Other benefits include shorter deployment times, cost savings, and higher performance.

However, IT/OT convergence also means cybersecurity is even more critical. Ever-evolving and destructive cyberthreats can target previously air-gapped OT environments and keep many organizations from fully benefiting from OT/IT network integration.

To gain a comprehensive view of the current OT and cybersecurity landscape, Fortinet completed and published the fifth edition of our 2023 State of Operational Technology and Cybersecurity Report. This annual study provides data and results based on a worldwide survey of 570 operational technology (OT) professionals conducted by third-party research company InMoment.

Cybersecurity improvements and challenges

The new report reveals an encouraging trend. Many OT organizations have made significant strides in enhancing their cybersecurity posture. However, the report also reveals the need for further improvement. The global survey includes several key takeaways.

• OT continues to be targeted by cybercriminals at a high rate. Although the number of organizations that did not incur a cybersecurity intrusion improved dramatically year-over-year (from 6% in 2022 to 25% in 2023), there is still significant room for improvement. In fact, three-fourths of OT organizations reported at least one intrusion in the last year. Intrusions from malware (56%) and phishing (49%) were once again the most common type of incidents reported, and nearly one-third of respondents reported being victims of a ransomware attack in the last year (32%, unchanged from 2022).
• Cybersecurity practitioners overestimated their OT security maturity. In 2023, the number of respondents who consider their organization’s OT security posture as “highly mature” fell to 13% from 21% the year before. This drop indicates a growing awareness among OT professionals and the use of more effective tools for self-assessing their organizations’ cybersecurity capabilities. Respondents also indicated that when a cyberattack did occur, nearly one-third (32%) of respondents indicate both IT and OT systems were impacted, up from only 21% last year.
• The explosive growth in connected devices underscores the complexity challenges for OT organizations. Nearly 80% of respondents reported having more than 100 IP-enabled OT devices in their OT environment. This number indicates just how significant the challenge is for security teams to secure an ever-expanding threat landscape. Survey findings revealed that cybersecurity solutions continue to aid in the success of most (76%) OT professionals, particularly by improving efficiency (67%) and flexibility (68%). However, report data also indicates that solution sprawl makes it more difficult to consistently incorporate, employ, and enforce policies across an increasingly converged IT/OT landscape. Aging systems compound the problem, with the majority (74%) of organizations reporting that the average age of ICS systems across their organization is between 6 and 10 years old.
• Alignment of OT security under the CISO. Although nearly every organization faces an uphill battle when it comes to finding qualified security practitioners due to the growing cybersecurity skills shortage, report findings suggest OT organizations are continuing to prioritize cybersecurity. A key indicator is that nearly every (95%) organization plans on placing the responsibility for OT cybersecurity under a chief information security officer (CISO) in the next 12 months rather than an operations executive or team. The findings also reveal that OT cybersecurity professionals now come from IT security leadership rather than product management. The influence on cybersecurity decisions is shifting away from operations and to other leaders, especially CISO/CSO roles.

Global trends and insights

A close analysis of the 2023 report data reveals some prominent global trends.

• Although there may have been an overall decline in intrusions due to fewer insider breaches, ransomware, and phishing are still major threats. And cybercriminals seem to be adopting a more targeted approach.
• Nearly all organizations have placed the responsibility for OT cybersecurity under a CISO rather than an operations executive or team.
• Cybersecurity point products and solution sprawl may make it more challenging to apply policies and enforce them consistently across the converged IT/OT landscape.
• OT professionals now seem to have a more realistic self-assessment of their organization’s OT cybersecurity defenses.

After five years of surveying OT professionals, this year’s report has the positive news that OT cybersecurity now has the attention of enterprise leadership teams and C-suites. But CISOs and their organizations still have much to do regarding cybersecurity.

Protect networks by adopting best practices

Organizations can continue to improve their IT and OT network protection by adopting the best practices outlined in this year’s Fortinet 2023 State of OT and Cybersecurity Report.

• Develop a vendor and OT cybersecurity platform strategy. Consolidation reduces complexity and accelerates outcomes. The first step is to begin building a platform over time by partnering with vendors that engineer their products with integration and automation in mind to enable organizations to consistently incorporate and enforce policies across an increasingly converged IT/OT landscape. Seek to engage with vendors with a wide portfolio of solutions that can provide the basic solutions of asset inventory and segmentation and more advanced solutions, such as an OT security operations center (SOC) or the ability to support a joint IT/OT SOC.
• Deploy network access control (NAC) technology. Solving the challenges associated with securing industrial control systems (ICS), supervisory control and data acquisition (SCADA), Internet of Things (IoT), bring your own device (BYOD), and other endpoints requires advanced network access control to be part of a comprehensive security architecture. An effective NAC solution also helps to maintain complete control of an organization’s network by managing new devices that want to connect or communicate with other parts of the organization’s infrastructure.
• Employ a zero-trust access approach. Implement the basic steps of asset inventory and segmentation, and provide continuous verification of all users, applications, and devices seeking access to critical assets.
• Incorporate cybersecurity awareness education and training. Cybersecurity training remains critical because the cybersecurity battle will require that all employees have the knowledge and awareness to work together to protect themselves and their organization’s data. Organizations should consider including non-technical training that is targeted toward anyone who uses a computer or mobile device—everyone from teleworkers to their families. 

To learn more about the current state of OT, the continued convergence of IT and OT networks, and the best way to secure them going forward, download the full report.