Widespread gaps in OT security systems, numerous areas begging for improvement: Fortinet

Widespread gaps in OT security systems, numerous areas begging for improvement: Fortinet

New data from Fortinet disclosed that industrial control environments continue to be targeted by cybercriminals – with 93 percent of operational technology (OT) organizations experiencing an intrusion in the past 12 months. It also revealed that OT activities lack centralized visibility, which increases security risks. OT security intrusions significantly impact organizations’ productivity and bottom line, and ownership of OT security is inconsistent across organizations. Furthermore, OT security is gradually improving, but security gaps exist in many organizations.

In a report titled, ‘2022 State of Operational Technology and Cybersecurity Report,’ Fortinet found that only 13 percent of respondents have achieved centralized visibility of all OT activities. Additionally, only 52 percent of organizations can track all OT activities from the security operations center (SOC). The lack of centralized visibility contributes to organizations’ OT security risks and weakens security posture.

The Fortinet report found that 93 percent of OT organizations experienced at least one intrusion in the past 12 months, and 78 percent had more than three intrusions. As a result of these intrusions, nearly 50 percent of organizations suffered an operation outage that affected productivity, with 90 percent of intrusions requiring hours or longer to restore service. Additionally, one-third of respondents saw revenue, data loss, compliance, and brand value impacted due to security intrusions.

OT security management falls within a range of primarily director or manager roles, ranging from the director of plant operations to manager of manufacturing operations, according to the Fortinet report. Only 15 percent of survey respondents say that the CISO is responsible for OT security at their organization.

The report found that when asked about the maturity of their organization’s OT security posture, only 21 percent of organizations have reached level 4, including leveraging orchestration and management. Notably, a larger proportion of Latin America and APAC respondents have reached level 4 compared to other regions, Fortinet revealed.

More than 70 percent of organizations are in the middle levels toward having a mature OT security posture. At the same time, organizations face challenges with using multiple OT security tools, further creating gaps in their security posture. The report found that a vast majority of organizations use between two and eight different vendors for their industrial devices and have between 100 and 10,000 devices in operation, adding complexity.

This year’s Fortinet report is based on a survey of more than 500 global OT professionals conducted in March. The survey targeted people holding leadership positions responsible for OT and OT security, from managers to C-level executives. Respondents represent a range of industries that are heavy users of OT, including manufacturing, transportation and logistics, and healthcare.

Fortinet said the benefits of integrating IT/OT networks are great since they include productivity, efficiency, responsiveness, and profitability enhancements. However, the enhanced connectivity has also brought the unintended consequence of making OT networks vulnerable to cyberattacks. IT/OT interconnectedness has allowed threat actors to attack the cyber-physical systems of no-longer air-gapped OT environments, resulting in many serious incidents.

It also assesses that cyberattacks have increased with OT systems over the past decade in that they have become more vulnerable to attacks from off-site. While OT systems were traditionally air-gapped from IT systems, these two infrastructures are almost universally integrated today. OT and IT networks have converged, and industrial processes have been digitized. Thereby, OT systems are now connected to the internet and theoretically accessible from anywhere. 

As OT systems increasingly become targets for cybercriminals, C-level leaders recognize the importance of securing these environments to mitigate risks to their organizations, the Fortinet report said. Industrial systems have become a significant risk factor since these environments were traditionally air-gapped from IT and corporate networks, but now these two infrastructures are becoming universally integrated. With industrial systems now being connected to the internet and more accessible from anywhere, organizations’ attack surface is increasing significantly.

With the IT threat landscape becoming more sophisticated, connected OT systems have also become vulnerable to these growing threats. This combination of factors is moving industrial security upward in many organizations’ risk portfolio. As a result, OT security is a growing concern for executive leaders, increasing the need for organizations to move toward full protection of their industrial control system (ICS) and supervisory control and data acquisition (SCADA) systems.

Additionally, a significant increase in the attack surface for industrial organizations and the ubiquity of Industrial-Internet-of-Things (IIoT) devices extend that attack surface even further. At the same time, connected OT systems are vulnerable to an IT threat landscape that is advancing.

Fortinet also identified that the Russian invasion of Ukraine and related events had spotlighted OT security. In April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with its counterparts in Australia, Canada, New Zealand, and the United Kingdom, warned that Russian state-sponsored actors have stepped up their efforts in response to damaging sanctions imposed by the West. As a result, the agencies urge those responsible for critical infrastructure networks to ‘prepare for and mitigate potential cyber threats—including destructive malware, ransomware, DDoS attacks, and cyber espionage—by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity.’

Indeed, an increase in attacks attributed to Russia has materialized, and Ukrainian organizations have borne the brunt, Fortinet said. But organizations in the rest of the world are anything but immune, with seven in 10 critical national infrastructure (CNI) providers in the U.K. reporting an increase in cyberattacks since the beginning of the war. ​​

With the growing spotlight on OT security, companies in many industries are scrambling to provide security for increasingly vulnerable OT systems, Fortinet revealed. Research for Fortinet by Westlands Advisory “finds that investment in IT/OT and OT-specific security technologies totaled $6 .9 billion for all of 2022. And these investments are increasing more quickly than spending on IT-only cybersecurity, with a projected compound annual growth rate (CAGR) of 21% for OT security and 16% for OT/IT cybersecurity between now and 2027,” it added.

While this increased investment is a very good sign, the Fortinet report finds that, by and large, the organizations represented in this year’s survey still have a considerable distance to go to protect their OT systems adequately.

The Fortinet report also offered insights on how best to handle OT vulnerabilities and strengthen an organization’s overall security posture. Some best practices for OT organizations include employing solutions that offer centralized visibility of all OT activities, consolidating security vendors and solutions, and deploying network access control (NAC) technology.

In April, threat intelligence firm Skybox Security detected that OT vulnerabilities jumped 88 percent, from 690 in 2020 to 1,295 in 2021. At the same time, OT assets are increasingly connected to networks, exposing critical infrastructure and other vital systems to potentially devastating breaches. OT systems support energy, water, transportation, environmental control systems, and other essential equipment.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related