The state of operational technologies and cybersecurity

Now, the convergence of operational technologies (OT) and IT networks is accelerating due to the fact organizations can use the information collected by physical gear and Industrial Web of Items (IIoT) devices to determine difficulties and raise efficiency. With significantly less siloed IT and OT departments, convergence reduces space specifications and physical hardware. Other positive aspects contain shorter deployment instances, price savings, and greater overall performance.

On the other hand, IT/OT convergence also signifies cybersecurity is even additional crucial. Ever-evolving and destructive cyberthreats can target previously air-gapped OT environments and preserve several organizations from completely benefiting from OT/IT network integration.

To achieve a extensive view of the present OT and cybersecurity landscape, Fortinet completed and published the fifth edition of our 2023 State of Operational Technologies and Cybersecurity Report. This annual study delivers information and final results primarily based on a worldwide survey of 570 operational technologies (OT) pros performed by third-celebration analysis business InMoment.

Cybersecurity improvements and challenges

The new report reveals an encouraging trend. Several OT organizations have produced important strides in enhancing their cybersecurity posture. On the other hand, the report also reveals the have to have for additional improvement. The worldwide survey consists of quite a few important takeaways.

• OT continues to be targeted by cybercriminals at a higher price. Even though the quantity of organizations that did not incur a cybersecurity intrusion enhanced considerably year-more than-year (from six% in 2022 to 25% in 2023), there is nonetheless important area for improvement. In truth, 3-fourths of OT organizations reported at least one particular intrusion in the final year. Intrusions from malware (56%) and phishing (49%) had been when once again the most widespread variety of incidents reported, and practically one particular-third of respondents reported becoming victims of a ransomware attack in the final year (32%, unchanged from 2022).
• Cybersecurity practitioners overestimated their OT safety maturity. In 2023, the quantity of respondents who take into consideration their organization’s OT safety posture as “highly mature” fell to 13% from 21% the year ahead of. This drop indicates a increasing awareness amongst OT pros and the use of additional successful tools for self-assessing their organizations’ cybersecurity capabilities. Respondents also indicated that when a cyberattack did take place, practically one particular-third (32%) of respondents indicate each IT and OT systems had been impacted, up from only 21% final year.
• The explosive development in connected devices underscores the complexity challenges for OT organizations. Almost 80% of respondents reported obtaining additional than one hundred IP-enabled OT devices in their OT atmosphere. This quantity indicates just how important the challenge is for safety teams to safe an ever-expanding threat landscape. Survey findings revealed that cybersecurity options continue to help in the results of most (76%) OT pros, specifically by enhancing efficiency (67%) and flexibility (68%). On the other hand, report information also indicates that answer sprawl tends to make it additional tough to regularly incorporate, employ, and enforce policies across an increasingly converged IT/OT landscape. Aging systems compound the challenge, with the majority (74%) of organizations reporting that the typical age of ICS systems across their organization is among six and ten years old.
• Alignment of OT safety below the CISO. Even though practically just about every organization faces an uphill battle when it comes to acquiring certified safety practitioners due to the increasing cybersecurity expertise shortage, report findings recommend OT organizations are continuing to prioritize cybersecurity. A important indicator is that practically just about every (95%) organization plans on putting the duty for OT cybersecurity below a chief info safety officer (CISO) in the subsequent 12 months rather than an operations executive or group. The findings also reveal that OT cybersecurity pros now come from IT safety leadership rather than solution management. The influence on cybersecurity choices is shifting away from operations and to other leaders, in particular CISO/CSO roles.

International trends and insights

A close evaluation of the 2023 report information reveals some prominent worldwide trends.

• Even though there might have been an all round decline in intrusions due to fewer insider breaches, ransomware, and phishing are nonetheless important threats. And cybercriminals look to be adopting a additional targeted strategy.
• Almost all organizations have placed the duty for OT cybersecurity below a CISO rather than an operations executive or group.
• Cybersecurity point merchandise and answer sprawl might make it additional difficult to apply policies and enforce them regularly across the converged IT/OT landscape.
• OT pros now look to have a additional realistic self-assessment of their organization’s OT cybersecurity defenses.

Right after 5 years of surveying OT pros, this year’s report has the optimistic news that OT cybersecurity now has the consideration of enterprise leadership teams and C-suites. But CISOs and their organizations nonetheless have significantly to do with regards to cybersecurity.

Safeguard networks by adopting ideal practices

Organizations can continue to enhance their IT and OT network protection by adopting the ideal practices outlined in this year’s Fortinet 2023 State of OT and Cybersecurity Report.

• Create a vendor and OT cybersecurity platform technique. Consolidation reduces complexity and accelerates outcomes. The very first step is to start creating a platform more than time by partnering with vendors that engineer their merchandise with integration and automation in thoughts to allow organizations to regularly incorporate and enforce policies across an increasingly converged IT/OT landscape. Seek to engage with vendors with a wide portfolio of options that can supply the simple options of asset inventory and segmentation and additional sophisticated options, such as an OT safety operations center (SOC) or the capacity to help a joint IT/OT SOC.
• Deploy network access manage (NAC) technologies. Solving the challenges linked with securing industrial manage systems (ICS), supervisory manage and information acquisition (SCADA), Web of Items (IoT), bring your personal device (BYOD), and other endpoints demands sophisticated network access manage to be portion of a extensive safety architecture. An successful NAC answer also aids to keep total manage of an organization’s network by managing new devices that want to connect or communicate with other components of the organization’s infrastructure.
• Employ a zero-trust access strategy. Implement the simple methods of asset inventory and segmentation, and supply continuous verification of all customers, applications, and devices looking for access to crucial assets.
• Incorporate cybersecurity awareness education and education. Cybersecurity education remains crucial due to the fact the cybersecurity battle will call for that all staff have the understanding and awareness to perform with each other to shield themselves and their organization’s information. Organizations must take into consideration such as non-technical education that is targeted toward everyone who makes use of a pc or mobile device—everyone from teleworkers to their households. 

To study additional about the present state of OT, the continued convergence of IT and OT networks, and the ideal way to safe them going forward, download the complete report.

Copyright © 2023 IDG Communications, Inc.