Cyber-Attacks On OT Firms On The Rise, Says Fortinet

Operational technology (OT) companies are stepping up their focus on cybersecurity amid a growing number of attacks, according to Fortinet’s recent State of Operational Technology and Cyber-security Report. The report found about 74% of OT organizations have experienced a malware intrusion in the past 12 months, causing damages to productivity, revenue, brand trust, intellectual property, and physical safety.

Operational technology (OT) is vital to public safety and economic well-being, controlling the equipment that runs the world’s manufacturing plants, power grids, water utilities, shipping lines, and more. The rise of OT began in the early decades of the 20th century as electrically powered machines and controls replaced steam-powered and muscle-powered equipment. OT predates the rise of information technology (IT) by many decades, and traditionally, OT and IT networks have been separated by an air gap. Recently, however, IT-based technologies such as sensors, machine learning (ML), and big data are being integrated with OT networks to create new efficiencies and competitive advantages. This increases the digital attack surface and the risk of intrusion.

To explore the state of cybersecurity in OT environments, Fortinet surveyed plant operations and manufacturing leaders at large manufacturing, energy and utilities, healthcare, and transportation organizations and found that a lack of cybersecurity contributes to risk. A total of 78% of the organisations polled have only partial centralized visibility on the cybersecurity of their OT environments, 65% lack role-based access control, and more than half do not use multi-factor authentication or internal network segmentation. Nearly two-thirds (64%) of OT leaders say that keeping pace with change is their biggest challenge, and almost half (45%) are limited by a shortage of skilled labor.

According to the study, there are several steps operations leaders can take to improve the security posture at their organisations and minimize the risks associated with downtime in the wake of an attack.

First, 62% of organizations stated intentions to dramatically increase their cybersecurity budgets this year. Additionally, organisations are also adjusting their cybersecurity strategies, with 70% stating their intention to make the CISO responsible for OT cybersecurity in the next year—currently, just 9% of CISOs overseeing OT security.

In addition to these changes already underway, organizations can implement several security tactics that have demonstrated success in critical infrastructure industries, the study recommends.