The concerns about operational technology (OT) security are increasing as OT technology becomes advanced, says a recent Fortinet study.
Sixty-five percent of enterprises have experienced at least three OT system intrusions within the past year, according to the latest report from Fortinet. In startling contrast, the number was just 18% in 2019. The Fortinet’s 2020 State of Operational Technology and Cybersecurity report reveals that nearly all companies said they witnessed at least one intrusion in the same time frame.
OT network is a crucial part of the functioning of a range of sectors globally, including energy production, healthcare, transportation networks, and utilities. Hence, OT systems adopt all of the security threats IT systems face. Moreover, the OT system attack also includes the Internet of Things (IoT) devices in remote locations. The report says that 77% of companies have only partial centralized visibility on the cybersecurity of their OT environments. Around 80% of OT leaders said they regularly participate in decisions related to cybersecurity strategy while half said they have the final say in those decisions. This shows that organizations are focusing on cybersecurity and are also making necessary investments.
The report finds there is a shift that places OT security under CISOs. A little close to a quarter of enterprises said the CISO manages OT system security, up from 18% in 2019. Sixty-one percent of them expect OT security to be transferred to the CISO team in the coming year. Close to 85% of companies will have CISOs managing OT security by 2021. OT leaders are missing key areas like involved security information and event management (SIEM) solutions, found the report. Malware (60%), phishing (43%), and hackers (39%) are said to be some of the most common attacks.
Nearly half of companies lack a Technical Operations Center (TOC) and a Security Operations Center (SOC), with more than half missing a Network Operations Center (NOC). Around 60% of them see their budgets increasing in 2020; however, several OT leaders still struggle with measuring and analyzing security. It is important for organizations to use security as the foundation for OT tech rather than considering it as an afterthought. The report notes that vulnerabilities and cost reduction resulting from cybersecurity efforts often reported and tracked.
Several companies will browse and deploy OT security in 2020. They need to structure their requirements to assess an OT vendor’s maturity and suitability for meeting the guidelines from a particular regulation. That is the only way to make it work.