Fortinet reports overall decline in intrusions, while OT professionals have better assessment of defenses

New Fortinet data disclosed that there may have been an overall decline in intrusions due to fewer insider breaches, but ransomware and phishing are still major threats, though cybercriminals seem to be adopting a more targeted approach. Nearly all organizations have placed the responsibility for OT (operational technology) cybersecurity under a CISO rather than an operations executive or team. It also reveals that OT professionals now seem to have a more realistic self-assessment of their organization’s OT cybersecurity defenses, as cybersecurity point products and solution sprawl may make it more challenging to apply policies and enforce them consistently across the converged IT/OT landscape.

In its report titled ‘2023 State of Operational Technology and Cybersecurity Report,’ Fortinet said that OT continues to be targeted by cybercriminals at a high rate, while the number of organizations that did not incur a cybersecurity intrusion improved dramatically year-on-year. “Rather than a decrease in cyber risk, however, this may be due to cybercriminals adopting a more targeted approach,” it added.

Though the number of intrusions experienced is declining, still 75 percent of the surveyed organizations reported they experienced at least one intrusion in the last 12 months, Fortinet disclosed. The overall decline is attributed to fewer insider breaches, not to fewer cybercriminal attacks, though ransomware and phishing are still major threats. Furthermore, nearly 80 percent of respondents reported having greater than 100 IP-enabled OT devices in their OT environment, highlighting just how significant a challenge it is for security teams to secure an ever-expanding threat landscape.

The report detected that nearly all organizations have placed the responsibility for OT cybersecurity under a chief information security officer (CISO) rather than an operations executive or team. “Organizations and OT professionals rely on a wide range of cybersecurity solutions to combat intrusions. There are indications that point products and solution sprawl may make it more challenging to apply policies and enforce them consistently across the converged IT/OT landscape,” it added.

Additionally, the number of respondents who consider their organization’s cybersecurity maturity to be at Level 4 fell from 21 percent a year ago to 13 percent at present, while those who see their cybersecurity to be at Level 3 are up from 35 percent to 44 percent. This data swing indicates that OT professionals now have a more realistic self-assessment of their organization’s OT cybersecurity capabilities. 

The report also revealed that to combat intrusions, OT professionals are fortifying the many cybersecurity and defensive features they have in place. “With the increase in features, we suspect that security audits are in decline due to the proliferation of these additional features and the more advanced solutions, such as SOAR and threat intelligence. Once these new features are firmly operational, audits will likely increase to pre-existing levels.”

Fortinet reported that intrusions from malware (56 percent) and phishing (49 percent) were once again the most common type of incidents reported, increasing by 12 percent and nine percent, respectively. Nearly one-third of respondents reported being victims of a ransomware attack in the last year, a figure that has remained unchanged from 2022. Data also disclosed that advanced persistent threats, internal network segmentation, and secure remote access have increased the most, while threat intelligence has declined as a solution.

“When a cyberattack occurred earlier this year, nearly one-third (32%) of respondents indicated both IT and OT systems were impacted—up from only 21% last year,” Fortinet reported. “To combat intrusions, OT professionals are increasing cybersecurity solutions in their industrial networks.”

Fortinet data discloses that the convergence of IT and OT networks has not occurred without drawing the attention of cybercriminals and aggressive nation-states. “Several high-profile cybersecurity attacks highlight this challenge and act as wake-up calls for all those responsible for protecting OT systems. One prime example is Russia’s continuous aggression against Ukraine’s critical infrastructure, which escalated into a physical ‘hot war’ over a year ago. But these attacks are not limited to open aggression between nation-states,” it added. 

OT systems worldwide continue to be the targets of cybercriminals, especially manufacturing, which continues to see many targeted ransomware attacks against their OT systems, the report disclosed. “Unfortunately, the percentage of organizations in this year’s survey that experienced a ransomware intrusion (32%) is the same as last year’s group (also 32%). Progress must be made in defending against these types of attacks. Given the evolution and growing sophistication of ransomware operations, it’s not surprising that 84% of organizations represented in this year’s Fortinet 2023 Global Ransomware Report survey remain ‘very’ or ‘extremely’ concerned about this threat.”

As the infrastructures of IT and OT have almost universally been integrated, Fortinet reports that the air gap that previously kept OT systems nearly invulnerable to cyberattacks is gone. “Consequently, the attack surfaces of industrial organizations have greatly expanded. Add to this the increased deployment of Industrial-Internet-of-Things (IIoT) devices with OT’s new susceptibility to the IT threat landscape and the high value of targeting production environments that increase an organization’s motivation to pay a ransom, and it is clear why protecting OT has become vital,” it added.

Fortinet identified that people who work in OT can be found in almost every major industry, including manufacturing, transportation, logistics, healthcare, pharmaceutical, oil, gas, energy, utilities, chemical, water, wastewater, and others. “And traditionally, these OT professionals have also been deeply involved in cybersecurity purchase decisions for their OT environments. However, it appears that the continued vulnerability of OT networks to cyberattacks has led to moving OT cybersecurity decisions under the CISO.” 

The data also pointed out that OT professionals are coming from the ranks of the IT team rather than those with product management work experience. “As a result, and as the survey data indicates, the C-suite and traditional security leaders, especially the CISO/CSO, are becoming more involved and invested in cybersecurity decision-making,” it added. 

This year’s surveyed OT professionals are looking for cybersecurity solutions that, first and foremost, detect known vulnerabilities, Fortinet identified. “One unique challenge OT teams face is that downtime is often far more critical than in IT environments. As a result, success in an OT network is measured less by maintaining the confidentiality and integrity of data and more by the availability of critical systems. This places a premium on response time to attacks, as illustrated by an across-the-board increase in the implementation of OT network and cybersecurity solutions.”

However, the report added that as with IT networks, “just having solutions in place is insufficient to prevent all attacks on OT networks. Part of the challenge may be linked to solution and vendor sprawl, making it more difficult to detect a threat and prevent a coordinated response.”

Fortinet identifies that some of the intrusion decreases may result from a shift in cybercriminal tactics. “However, attackers’ approaches are still effective based on the increases we’ve seen in malware and phishing. Still, given the high value of OT systems, we can foresee a shift to more highly targeted attacks,” it added. 

In conclusion, Fortinet said that survey data suggest that OT cybersecurity is improving or maturing, and incidents appear to be declining. Likewise, the risks associated with OT incidents are becoming more apparent through world events. Also, corporations are now more aggressive in their OT security posture, and IT teams are becoming more involved in industrial networks. 

“Our survey data demonstrates an across-the-board increase in various OT cybersecurity solutions,” the report said. “Operational technology cybersecurity, the ownership, and the risk and implementation of security solutions are maturing and making an impact. But there’s still a long way for most organizations to go in adequately protecting against the most common malware, such as ransomware.” 

The Fortinet report reminded organizations of best practices to develop a vendor and OT cybersecurity platform strategy, deploy network access control (NAC) technology, employ a zero-trust approach, and incorporate cybersecurity awareness education and training.

Last year, Fortinet disclosed that industrial control environments continue to be targeted by cybercriminals – with 93 percent of OT organizations experiencing an intrusion in the past 12 months. It also revealed that OT activities lack centralized visibility, which increases security risks, leading to widespread gaps in OT security systems, and numerous areas begging for improvement.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.