A release this week from networking and security provider Fortinet adds to the evidence from other reports this year that all show the threat to manufacturing OT from cyberattacks is rising sharply.
According to the 2024 State of Operational Technology and Cybersecurity Report by Fortinet, 49% of respondents in 2023 experienced an intrusion that impacted either their OT systems only or both their IT and OT systems, but this year nearly three-fourths (73%) of these organizations have been impacted. The survey data also shows a sizable year-over-year increase in intrusions that only affected OT systems (from 17% to 24%).
See also: Navigating red-alert security challenges in manufacturing
Also, nearly one-third (31%) of respondents reported more than six intrusions in the last year, compared to only 11% in 2023. All intrusion types increased compared to the previous year, except for a decline in malware, according to a release from Fortinet.
Phishing and compromised business email intrusions were the most common, while the most common techniques used were mobile security breaches and web compromise, according to the global Fortinet survey of more than 550 OT professionals, conducted by a third-party research company.
The report “shows that while OT organizations are making progress in strengthening their security posture, teams still face significant challenges in securing converged IT/OT environments,” said John Maddison, Fortinet’s chief marketing officer.
“Adopting essential tools and capabilities to enhance visibility and protections across the entire network will be vital for these organizations when it comes to reducing the mean time to detection and response and ultimately reduce the overall risk of these environments.”
Detection methods not keeping up with the threats
Though intrusions are surging, the report suggests that most organizations still have blindspots in their OT and IT environments. Respondents claiming that their organizations had complete visibility of OT systems within their central security operations, for example, have dipped since last year, dropping from 10% to 5% in 2024.
However, those reporting 75% visibility increased, which suggests that organizations are gaining a more realistic understanding of their security posture, according to Fortinet. Yet over half (56%) of respondents experienced ransomware or wiper intrusions—an increase from 32% last year—indicating there’s still room for improvement regarding network visibility and detection.
See also: Industrial OT widely vulnerable to intrusion, survey finds
Responsibility for OT cybersecurity is elevating within executive leadership ranks at some organizations, according to the Fortinet State of Operational Technology and Cybersecurity Report.
The percentage of organizations that are aligning OT security with the CISO continues to grow, increasing from 17% in 2023 to 27% this year. At the same time, there was an increase to move OT responsibility to other C-suite roles, including the CIO, CTO and COO, to upwards of 60% in the next 12 months, clearly showing concern for OT security and risk in 2024 and beyond, Fortinet added.
The findings also show that some organizations, where the CIO is not outright responsible, there is an upward shift of these responsibilities from the director of network engineering to the VP of operations role, which illustrates another escalation of responsibility.
This elevation into the executive ranks and below, regardless of the title of the individual overseeing OT security, may suggest that OT security is becoming a higher-profile topic at the board level, according to Fortinet.
Report lays out clear best practices for protecting OT
The Fortinet report offers organizations actionable steps for improving their security posture. Manufacturers can address OT security challenges by adopting the following best practices:
- Deploy segmentation. Reducing intrusions requires a hardened OT environment with strong network policy controls at all points of access. This kind of OT architecture starts with creating network zones or segments.
- Establish visibility and compensating controls for OT assets. Organizations must be able to see and understand everything that’s on the OT network. Once visibility is established, organizations must protect any devices that appear to be vulnerable, which requires protective compensating controls that are purpose-built for sensitive OT devices.
- Integrate OT into security operations and incident response planning. Organizations should be maturing towards IT-OT SecOps. To achieve this, teams must specifically consider OT with regard to SecOps and incident response plans.
- Embrace OT-specific threat intelligence and security services. OT security depends on timely awareness and precise analytical insights about imminent risks. Organizations should make sure their threat intelligence and content sources include robust, OT-specific information in their feeds and services.
Survey respondents were from Australia, New Zealand, Argentina, Brazil, Canada, mainland China, France, Germany, Hong Kong, India, Japan, Mexico, Norway, South Africa, South Korea, Spain, Taiwan, Thailand, United Kingdom, and the United States, among others.
See also: Manufacturing leads in cyberattacks for a third straight year, so what are some defenses?
Respondents represented a range of industries that are heavy users of OT, including: manufacturing, transportation/logistics, health care/pharma, oil, gas, and refining, energy/utilities, chemical/petrochemical, and water/wastewater.
Most of those surveyed, regardless of title, are involved in cybersecurity purchasing decisions. Many are responsible for OT at their organizations and/or have reporting responsibility for manufacturing or plant operations.
