In a new report from Claroty titled “The Global State of Industrial Cybersecurity” the industrial cybersecurity vendor claims that while the OT/IT convergence is a good thing for business needs of those running operational technology, the same convergence in fact exposes the proponents to significant additional risk. The report examines the state of operational technology (OT) security from the perspective of 1,000 IT security practitioners who participated in an independent survey.
“While IT and OT convergence unlocks business value in terms of operations efficiency, performance, and quality of services, it can now be detrimental because threats, both targeted and non-targeted, have the freedom to maneuver from IT to OT environments and vice versa,” said Dave Weinstein, Chief Security Officer of Claroty. “Our mission is to help security practitioners to bridge the gap between IT and OT cybersecurity, ensuring that all bases are protected from cyberattack. This is even more critical in this new normal of largely remote workforces, which create additional burden on CISOs to remotely secure their production environments.”
According to the report, IT and OT security practices are converging at a rapid rate due to digital transformation and the evolving threat landscape, which presents new challenges and opportunities for CISOs. Demonstrating this, a majority in the U.S. (66%) have been trained in the differences between IT and OT networks and 65% believe they have the skills and experience required to properly manage OT network cybersecurity.
According to report, more than half of industry practitioners in the U.S. (51%) believe that today’s industrial networks are not properly safeguarded and need more protection, while another 55% believe that U.S. critical infrastructure is vulnerable to a cyberattack.
While IT security professionals are typically tasked with protecting enterprise networks, they are notably more concerned about a cyberattack on critical infrastructure (65%) compared to an enterprise data breach (35%). In addition, a strong majority (67%) believe that a cyberattack on critical infrastructure has the potential to inflict more damage than an enterprise data breach.
Regarding timing and urgency, 63% of U.S. IT security professionals expect a major cyberattack to be successfully carried out on national infrastructure within the next five years. However, 10% say that we will not ever see one, despite ample evidence of attacks targeting energy and other related sectors.
The full report can be downloaded from Claroty here.