OT security Fortinet

Global OT and cybersecurity report outlines key challenges for industrial organisations

4 min. read
Placeholder for Manufacturing employees factory laptopManufacturing employees factory laptop

Share

Fortinet released the 2022 State of Operational Technology and Cybersecurity Report in June. Based on a detailed survey conducted in March 2022 of more than 500 global operational technology (OT) professionals, the report’s data highlights the current state of OT security and provides a roadmap to better secure OT organisations.

The need to improve OT security is underscored in the report, which found: 93% of OT organisations experienced an intrusion in the past year, and 78% of them experienced more than three intrusions.

Air-gapped no more

Traditionally, security was not a critical consideration when programmable logic controllers (PLCs)—the brains of any industrial control system (ICS) or OT network—were designed. PLCs never verified the authenticity of message senders, and controller communications had zero encryption capability. Previously, there was no need for these security measures because an organisation’s OT network was always air-gapped from their IT network.

Now, however, the situation is quite different. OT and IT networks have converged, and industrial processes have been digitised. The benefits from the integration of these two types of networks are great. They include enhancements in productivity, efficiency, responsiveness, and profitability. Unfortunately, this new connectivity has also brought the negative unintended consequence of making OT networks vulnerable to cyberattacks. IT/OT interconnectedness has allowed threat actors to attack the cyber-physical systems of no-longer air-gapped OT environments, resulting in many serious incidents.

Report highlights

After diving into the report’s data, we can mine these key information nuggets:

  • Visibility down equals vulnerability up: The lack of centralised visibility of OT devices, applications, and users increases vulnerability. This lack of visibility contributes greatly to organisations’ OT security risks and having a weak security posture.
  • Bottom-line issues: OT security intrusions significantly impact an organisation’s productivity and its bottom line. Due to intrusions, nearly 50% of organisations surveyed suffered an operational outage that affected their productivity with 90% of intrusions requiring hours or longer to restore service. Additionally, one-third of respondents saw revenue, data loss, compliance, and brand value impacted because of intrusions.
  • Responsibility problems: Ownership of OT security is inconsistent in the surveyed organisations. Only 15% of respondents say that their CISO is responsible for OT security at their organisation. We believe having non-experts in charge of OT security is asking for trouble.
  • Complexity challenges: OT security is gradually improving, but security gaps still exist in many organisations. The report found that a vast majority of organisations use between two and eight different security vendors for protecting their industrial devices and have between 100 and 10,000 devices in operation. This complexity really challenges any security team using multiple security tools. It also creates a gap in their cyber defence and an open invitation for threats to slip through.

Best practices for protecting OT

Besides providing the latest statistics on the state of OT cybersecurity, the 2022 State of Operational Technology and Cybersecurity Report offers insights on how best to handle OT vulnerabilities and how best to strengthen an organisation’s overall security posture. Some of the key best practices for OT organisations are:

  • Employing solutions that offer centralised visibility of all OT activities: A focused, end-to-end visibility of industrial activities is paramount to organisations that require airtight security. The report reveals that the top-flight organisations that reported no intrusions in the past year—only 6% of the respondents—were more than three times as likely to have achieved centralised visibility than their counterparts who were victims of intrusions.
  • Consolidating security vendors and solutions: To remove complexity and get centralised visibility of devices, organisations should integrate their OT and IT technology and partner with fewer vendors. By using integrated security solutions, security teams can reduce their organisation’s attack surface and improve their security.
  • Deploying network access control (NAC) technology: Organisations that managed to avoid intrusions in the past 12 months were more than likely to have a NAC in place like FortiNAC. This cutting-edge security tool ensures that only authorised people can access critical systems and digital assets.

The platform approach

The 2022 report shows that there are widespread gaps in industrial systems’ security, and there are numerous areas begging for improvement. Since cybersecurity must now fully span both the IT and OT network environments to be effective, we believe that a mesh platform approach like the Fortinet Security Fabric is essential for keeping industrial organisations secure. With the centralised visibility that a mesh platform offers, OT vulnerabilities and risks can be plugged and today’s most sophisticated threats can be repelled.

Fortinet and Nomios partnership

Nomios is a Fortinet Expert Partner with advanced specialities and the distinction of multiple certified engineers on staff. Our engineers are recognised by Fortinet as technical experts and advocates of their solutions. That means you can count on Nomios for the technical know-how and hands-on experience to accurately assess your business requirements, and design, implement and manage a Fortinet-based solution to suit your needs.

icon  Manufacturing

Discover what Nomios can do for the manufacturing industry

As an industrial enterprise, you're looking for efficiency, cost reduction and insight into the latest technological trends. The developments in security and network technology are moving fast. We'd like to help you with our services dedicated to the manufacturing industry.

Get in touchDo you want to know more about this topic?

Our experts and sales teams are at your service. Leave your contact information and we will get back to you shortly.

Placeholder for Portrait of french manPortrait of french man