Fortinet Survey Reveals Critical OT Security Challenges Throughout the World

By
Author: Editorial Team HostingJournalist
-

Fortinet

While cyber criminals continue to target industrial control settings – with 93 percent of Operational Technology (OT) firms having an intrusion in the last 12 months – Fortinet’s recent global survey has discovered extensive weaknesses in industrial security and identified chances for improvement.

This year’s State of Operational Technology and Cybersecurity Report commissioned by Fortinet is based on a March 2022 poll of over 500 worldwide OT experts. From managers to C-level executives, the poll addressed those in leadership roles responsible for OT and OT security. Manufacturing, transportation and logistics, and healthcare are among the industries that heavily employ OT, according to the respondents.

Photo John Maddison, Executive Vice President of Products and CMO at Fortinet
“This year’s global State of OT and Cybersecurity Report demonstrates that while OT security has the attention of organizational leaders, critical security gaps remain,” said John Maddison, Executive Vice President of Products and CMO at Fortinet.

“This year’s global State of OT and Cybersecurity Report demonstrates that while OT security has the attention of organizational leaders, critical security gaps remain,” said John Maddison, Executive Vice President of Products and CMO at Fortinet. “PLCs designed without security, continued intrusions, a lack of centralized visibility across OT activities, and growing connectivity to OT are some of the critical challenges these organizations need to address. Security converged into the OT networking infrastructure, including switches and access points and firewalls, is essential to segment the environment. This combined with a platform that spans OT, converged OT/IT and IT provides end-to-end visibility and control.”

Key findings of the study include:

  • OT activities lack centralized visibility, increasing security risks – According to the Fortinet research, just 13 percent of respondents had consolidated visibility of all OT operations. Furthermore, just 52 percent of businesses can track all OT actions from their security operations center (SOC). 97 percent of worldwide enterprises, on the other hand, perceive OT to be a substantial or important influence in their total security risk. According to the conclusions of the survey, a lack of centralized visibility adds to OT security concerns and a reduced security posture in enterprises.
  • OT security intrusions significantly impact organizations’ productivity and their bottom line – According to the Fortinet survey, 93 percent of OT firms had at least one intrusion in the previous 12 months, with 78 percent having more than three. Nearly half of the firms had an operating outage as a result of these attacks, with 90 percent of intrusions requiring hours or more to restore service. In addition, one-third of respondents said that security breaches had a negative impact on revenue, data loss, compliance, and brand value.
  • Ownership of OT security is not consistent across organizations – According to the Fortinet research, OT security management is largely carried out by directors or managers, ranging from the Director of Plant Operations to the Manager of Manufacturing Operations. Only 15 percent of survey respondents claim their organization’s CISO is in charge of OT security.
  • OT security is gradually improving, but security gaps still exist in many organizations – Only 21 percent of firms have reached level 4, which involves utilizing orchestration and management, when questioned about the maturity of their OT security posture. In comparison to other regions, Latin America and APAC have a higher number of responders who have attained level 4. More than 70 percent of companies are in the intermediate stages of developing a mature OT security posture. Simultaneously, enterprises encounter difficulties in deploying different OT security products, thus compromising their security posture. According to the survey, the great majority of companies utilize between two and eight distinct suppliers for their industrial devices, with between 100 and 10,000 devices in use, adding to the complexity.

OT Security: A Corporate-Level Concern

As OT systems grow more attractive to cybercriminals, C-level executives would understand the significance of safeguarding these settings to reduce risk to their companies. Since these settings were previously air-gapped from IT and corporate networks, industrial systems have become a key risk concern, but these two infrastructures are now becoming generally connected. Organizations’ attack surface is growing considerably as industrial systems become increasingly connected to the Internet and more accessible from anywhere.

Connected OT systems have been subject to these expanding dangers as the IT threat landscape has become more complex. This confluence of variables is pushing industrial security up the priority list in many firms’ risk management plans. Executive leaders are becoming increasingly concerned about OT security, necessitating a shift toward comprehensive protection of their industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.

Best Practices to Overcome OT Security Challenges

According to Fortinet’s worldwide State of Operational Technology and Cybersecurity Report for 2022, there are several approaches for businesses to address OT system vulnerabilities and improve their overall security posture. Organizations may handle their OT security issues by doing the following:

  • Establish Zero Trust Access to prevent breachesZero Trust Access solutions would ensure that any person, device, or application without necessary credentials and authorization is denied access to vital assets as more industrial systems are linked to the network. Zero Trust Access solutions can help to strengthen OT security efforts by defending against both internal and external attacks.
  • Implementing solutions that provide centralized visibility of OT activities – Organizations must have centralized, end-to-end visibility of all OT operations in order to increase their security posture. According to the Fortinet analysis, top-tier firms – which make up the 6 percent of respondents who said they had no invasions in the previous year – were more than three times as likely to have centralized visibility as their peers who had been hacked.
  • Consolidating security tools and vendors to integrate across environments – Organizations should strive to combine their OT and IT solutions across a smaller number of providers to reduce complexity and assist obtain consolidated view of all devices. Organizations may lower their attack surface and enhance their security posture by using integrated security solutions.
  • Deploying network access control (NAC) technology – Role-based NAC was more common in organizations that had avoided incursions in the previous year, guaranteeing that only authorized employees may access essential systems for safeguarding digital assets.

Fortinet Security Fabric

Fortinet has been protecting OT environments in key infrastructure industries such as energy, defense, manufacturing, food, and transportation for more than a decade. Organizations have an easy, non-disruptive solution to verify that their OT environment is secure and compliant by incorporating security into complicated infrastructure via the Fortinet Security Fabric.

Executive Summary

Cyber criminals continue to target industrial control settings

  • 93% of OT firms had an intrusion in the last 12 months
  • Fortinet’s recent global survey discovered extensive weaknesses in industrial security and identified chances for improvement
  • Critical security gaps remain
  • PLCs designed without security, continued intrusions, a lack of centralized visibility across OT activities, and growing connectivity to OT

Key findings of the study

  • OT activities lack centralized visibility, increasing security risks
  • A lack of centralized visibility adds to OT security concerns and a reduced security posture in enterprises
  • Security breaches significantly impact organizations’ productivity and their bottom line
  • Ownership of OT security is not consistent across organizations
  • Only 21 percent of firms have reached level 4, which involves utilizing orchestration and management
  • 70 percent are in the intermediate stages of developing a mature security posture

OT Security: A Corporate-Level Concern

  • As OT systems grow more attractive to cybercriminals, C-level executives would understand the significance of safeguarding these settings to reduce risk to their companies
  • Executive leaders are becoming increasingly concerned about OT security, necessitating a shift toward comprehensive protection of their industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems

Best Practices to Overcome OT Security Challenges

  • Establish zero trust access to prevent breaches
  • Implementing solutions that provide centralized visibility of OT activities
  • Consolidating security tools and vendors to integrate across environments
  • Deploying network access control (NAC) technology
  • Only authorized employees may access essential systems

Fortinet Security Fabric

  • Fortinet has been protecting OT environments in key infrastructure industries such as energy, defense, manufacturing, food, and transportation for more than a decade

RELATED ARTICLESMORE FROM AUTHOR