Fortinet announced the findings from its global 2024 State of Operational Technology and Cybersecurity Report. The results represent the current state of operational technology (OT) security and highlight opportunities for continued improvement for organisations to secure an ever-expanding IT/OT threat landscape. In addition to trends and insights impacting OT organisations, the report offers best practices to help IT and OT security teams better secure their environments.
While this year’s report indicates that organisations have made progress in the past 12 months related to advancing their OT security posture, there are still critical areas for improvement as IT and OT network environments continue to converge.
Key findings from the global survey include:
Cyberattacks that compromise OT systems are on the rise. In 2023, 49% of respondents experienced an intrusion that impacted either OT systems only or both IT and OT systems. But this year, nearly (73%) Global organisations and (65%) of Indian organisations are being impacted. The survey data also shows a year-over-year increase in intrusions that only impacted OT systems (from 17% to 25%). Given the rise in attacks, nearly half (47%) of respondents indicate that they measure success based on the recovery time needed to resume normal operations.
Organisations experienced a high number of intrusions in the past 12 months. More than half (55%) of respondents reported more than six intrusions, compared to only 11% last year. All intrusion types increased compared to the previous year, except for a decline in malware. Phishing and compromised business email intrusions were the most common, while the most common techniques used were mobile security breaches and web compromise.
Detection methods aren’t keeping pace with today’s threats. As threats grow more sophisticated, the report suggests that most organisations still have blind spots in their environment. Respondents claiming that their organisation has complete visibility of OT systems within their central security operations was only 15%. However, those reporting 75% visibility increased, which suggests that organizations are gaining a more realistic understanding of their security posture. Yet more than (70%) of respondents experienced ransomware or wiper intrusions—almost double the attacks reported in 2023—indicating that there is still room for improvement regarding network visibility and detection capabilities.
Responsibility for OT cybersecurity is elevating within executive leadership ranks at some organisations. The percentage of organisations that are aligning OT security with the CISO continues to grow, increasing by twice the number in 2023 to 33% this year. At the same time, there was an increase to move OT responsibility to other C-suite roles, including the CIO, CTO and COO, to upwards of 60% in the next 12 months, clearly showing concern for OT security and risk in 2024 and beyond. Findings also indicate that some organizations, where the CIO is not outright responsible, there is an upward shift of these responsibilities from the Director of Network Engineering to the Vice President of Operations role, which illustrates another escalation of responsibility. This elevation into the executive ranks and below, regardless of the title of the individual overseeing OT security, may suggest that OT security is becoming a higher-profile topic at the board level.
Best practices
Fortinet’s global 2024 State of Operational Technology and Cybersecurity Report offers organizations actionable steps for enhancing their security posture. Organizations can address OT security challenges by adopting the following best practices:
Deploy segmentation. Reducing intrusions requires a hardened OT environment with strong network policy controls at all points of access. This kind of defensible OT architecture starts with creating network zones or segments. Teams should also evaluate the overall complexity of managing a solution and consider the benefits of an integrated or platform-based approach with centralized management capabilities.
Establish visibility and compensating controls for OT assets. Organisations must be able to see and understand everything that’s on the OT network. Once visibility is established, organizations must protect any devices that appear to be vulnerable, which requires protective compensating controls that are purpose-built for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent the compromise of vulnerable assets.
Integrate OT into security operations and incident response planning. Organisations should be maturing towards IT-OT SecOps. To achieve this, teams must specifically consider OT with regard to SecOps and incident response plans. One step teams can take to move in this direction is to create playbooks that incorporate the organisation’s OT environment.
Embrace OT-specific threat intelligence and security services. OT security depends on timely awareness and precise analytical insights about imminent risks. Organisations should make sure their threat intelligence and content sources include robust, OT-specific information in their feeds and services.
Consider a platform approach to your overall security architecture. To address rapidly evolving OT threats and an expanding attack surface, many organisations use a broad array of security solutions from different vendors, resulting in an overly complex security architecture. A platform-based approach to security can help organizations consolidate vendors and simplify their architecture. A robust security platform that is purpose-built to protect both IT networks and OT environments can provide solution integration for improved security efficacy while enabling centralized management to enhance efficiency.
“The critical nature of OT and ICS systems in infrastructure, healthcare, and manufacturing elevates their risk. This year’s OT report highlights positive signs of OT security maturing, from establishing visibility and segmentation at the basic level to leveraging orchestration and automation capabilities at the highest level. To further advance in maturity and readiness, organizations need to leverage segmentation to create defensible OT architecture, establish visibility and protective controls for OT assets, and integrate OT into security operations and incident response planning to ensure comprehensive protection and collaboration across IT, OT, and production teams.”Vishak Raman, Vice President of Sales, India, SAARC, SEA & ANZ at Fortinet