Fortinet Global Report Reveals Wide Gaps in Industrial Security

In spite of industrial control environments continuing to be the target of cyber criminals over the years, a new report from a cybersecurity solutions company claims to have uncovered widespread gaps in industrial security, indicating a range of opportunities for improvements in the whole ecosystem. 

The Fortinet State of Operational Technology and Cybersecurity Report for 2022 says operational technology (OT) activities lacked centralized visibility making them a bigger security risk. Only 13% of the survey respondents claimed such visibility while only 52% were able to track all OT functions from the security operations center. 

At the same time, 97% of global organizations consider OT activities to be a moderate or significant factor in their overall security risk. The report says the lack of centralized visibility contributes to organizations’ OT security risks and weakened security posture.

There’s a monetary consideration too

The report highlights the fact that OT security intrusions significantly impact organizations’ productivity and their bottom line, with 93% companies experiencing at least one intrusion in the past 12 months and 78% reporting more than three. As a result of these intrusions, nearly 50% of organizations suffered an operation outage that affected productivity with 90% of intrusions requiring hours or longer to restore service. Additionally, one-third of respondents saw revenue, data loss, compliance and brand-value impacted as a result of security intrusions. 

A big challenge over streamlining OT security is the lack of consistent ownership. The report says OT security management falls within a range of primarily director or manager roles, ranging from the Director of Plant Operations to Manager of Manufacturing Operations. Only 15% of survey respondents say that the CISO holds the responsibility for OT security at their organization. 

Though OT security is gradually improving, security gaps still exist in many organizations with only 21% of organizations reaching level 4, which includes leveraging orchestration and management. Notably, a larger proportion of Latin America and APAC respondents have reached level 4 compared to other regions. More than 70% of organizations are in the middle levels toward having a mature OT security posture. 

Why it should be a C-Suite concern

As OT systems increasingly become targets for cyber criminals, C-level leaders recognize the importance of securing these environments to mitigate risks to their organizations. Industrial systems have become a significant risk factor since these environments were traditionally air-gapped from IT and corporate networks, but now these two infrastructures are becoming universally integrated. With industrial systems now being connected to the internet and more accessible from anywhere, organizations’ attack surface is increasing significantly. 

With the IT threat landscape becoming more sophisticated, connected OT systems have also become vulnerable to these growing threats. This combination of factors is moving industrial security upward in many organizations’ risk portfolio. OT security is a growing concern for executive leaders, increasing the need for organizations to move toward full protection of their industrial control system (ICS) and supervisory control and data acquisition (SCADA) systems.