Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, on July 20, announced the findings of its 2020 State of Operational Technology and Cybersecurity Report. The survey finds that operational technology (OT) leaders are highly respected in their organizations and that their teams are vital to their companies’ bottom lines. Cybersecurity continues to be an integral part of their daily work and that work continues to be a struggle.
The survey of OT leaders conducted by Fortinet indicates that only eight percent of respondents had seen no intrusions over the past 12 months. The finding also shows a significant percentage of organizations have not extended some elements of basic security hygiene into their OT environments.
A deeper look into the data highlights:
OT Infrastructures Still Lack Core Cybersecurity Protection: The majority of responding organizations reported that they had been largely unsuccessful at preventing cybercriminals from exploiting their systems. Among those surveyed, it was also found that:
90 percent have experienced at least one intrusion in the past year
72 percent have experienced three or more intrusions in the past year
26 percent have experienced six or more intrusions in the past year
The impact of these exploitations was also noted by respondents, with more than half 51 percent documenting lost productivity, 37 percent seeing operational outages impacting revenue, and 39 percent having their physical safety put at risk—a significant concern considering the inherent dangers of industrial facilities.
OT leaders also noted the commonality of specific attack methods, including malware (60 percent), phishing (43 percent), hackers (39 percent), ransomware (37 percent), denial-of-service (
OT Infrastructures Still Lack Core Cybersecurity Protection: The report also revealed gaps in many OT infrastructures that include security. For roughly 40% – 50% of those organizations surveyed, the following protocols and security features were missing:
Half of them do not have a Technical Operations Center (TOC)
Half of them do not have a Security Operations Center (SOC)
More than half do not have a Network Operations Center (NOC)
47 percent yet to implement Internal network segmentation
59 percent yet to implement Network access control
While more than half 58 percent of organizations are seeing their budgets increase in 2020, it should also be noted that 15 percent are instead seeing a decrease in funding, which could be attributed to COVID-19-related revenue losses.
OT Leaders Have Broad Responsibilities That Often Include Cybersecurity: OT leaders typically report to higher-ranking individuals within the organization, such as a VP, COO, or the CEO. The overwhelming majority (80 percent) are also regularly involved in making cybersecurity decisions, with half having the final say in those decisions. 64 percent of OT leaders have also taken on the responsibility of embedding security within the operations process, and 71 percent are regularly involved in IT cybersecurity strategy.
Because cybersecurity is a top priority for these individuals, trends show that matters related to OT security will soon become the responsibility of the CISO, if they are not already. The inevitability of this shift is highlighted by the fact that most 61 percent respondents stated that they expect their CISO to take on all OT security responsibilities in the coming year. This is likely due to the increased risk of connected OT systems and their impact on business continuity.
OT Leaders Still Struggle with Security Measurements and Analysis: The survey found that between 36 percent and 57 percent of organizations lack consistency when it comes to measuring items on a list of standard metrics. Among the most commonly tracked and reported areas are vulnerabilities (64 percent), intrusions (57 percent) and cost reduction resulting from cybersecurity efforts (58 percent). Conversely, less than half of organizations (43 percent) are known to report on tangible risk management outcomes, and 39 percent to 50 percent do not routinely share basic cybersecurity data with senior executive leadership.
Respondents also cited security analysis, monitoring, and assessment tools as among the most essential features in security solutions, with the majority 58 percent ranking these specific attributes in the top three. Despite the prioritization of these features, however, 53 percent reported that security solutions hinder operational flexibility and half reported that they create more complexity.
Rajesh Maurya Regional Vice President, India & SAARC at Fortinet said, “OT leaders find it challenging to deploy the right security tools and keep up with increasingly sophisticated cyber threats that await their newly-connected systems. As OT systems lose their air gaps and become integrated with IT systems, OT leaders will need to reinforce security awareness by Implementing best practices, bolster their systems with centralized visibility and take a proactive approach to security to turn the tables on cybercriminals and help protect their critical OT infrastructures”.