Survey uncovers critical OT security challenges

Fortinet has released its global 2022 State of Operational Technology and Cybersecurity Report. While industrial control environments continue to be a target for cyber criminals – with 93% of Operational Technology (OT) organisations experiencing an intrusion in the past 12 months – the report uncovered widespread gaps in industrial security and indicated opportunities for improvements.

Key findings of the report include:



OT activities lack centralised visibility, increasing security risks. The Fortinet report found that only 13% of respondents have achieved centralised visibility of all OT activities. Additionally, only 52% of organisations are able to track all OT activities from the security operations centre (SOC). At the same time, 97% of global organisations consider OT a moderate or significant factor in their overall security risk. The report findings indicate that the lack of centralised visibility contributes to organisations’ OT security risks and weakened security posture.


OT security intrusions significantly impact organisations’ productivity and their bottom line. The Fortinet report found that 93% of OT organisations experienced at least one intrusion in the past 12 months and 78% had more than three intrusions. As a result of these intrusions, nearly 50% of organisations suffered an operation outage that affected productivity with 90% of intrusions requiring hours or longer to restore service. Additionally, one-third of respondents saw revenue, data loss, compliance and brand-value impacted as a result of security intrusions.


Ownership of OT security is not consistent across organisations. According to the Fortinet report, OT security management falls within a range of primarily director or manager roles, ranging from the Director of Plant Operations to Manager of Manufacturing Operations. Only 15% of survey respondents say that the CISO holds the responsibility for OT security at their organisation.

OT security is gradually improving, but security gaps still exist in many organisations. When asked about the maturity of their organisation’s OT security posture, only 21% of organisations have reached level 4, which includes leveraging orchestration and management. Notably, a larger proportion of Latin America and APAC respondents have reached level 4 compared to other regions. More than 70% of organisations are in the middle levels toward having a mature OT security posture. At the same time, organisations face challenges with using multiple OT security tools, further creating gaps in their security posture. The report found that a vast majority of organisations use between two and eight different vendors for their industrial devices and have between 100 and 10,000 devices in operation, adding complexity.


OT Security is a Corporate-Level Concern


As OT systems increasingly become targets for cyber criminals, C-level leaders recognise the importance of securing these environments to mitigate risks to their organisations. Industrial systems have become a significant risk factor since these environments were traditionally air-gapped from IT and corporate networks, but now these two infrastructures are becoming universally integrated. With industrial systems now being connected to the internet and more accessible from anywhere, organisations’ attack surface is increasing significantly.



With the IT threat landscape becoming more sophisticated, connected OT systems have also become vulnerable to these growing threats. This combination of factors is moving industrial security upward in many organisations’ risk portfolio. OT security is a growing concern for executive leaders, increasing the need for organisations to move toward full protection of their industrial control system (ICS) and supervisory control and data acquisition (SCADA) systems.



Best Practices to Overcome OT Security Challenges


Fortinet’s global 2022 State of Operational Technology and Cybersecurity Report indicated ways organisations can address OT systems’ vulnerabilities and strengthen their overall security posture. Organisations can address their OT security challenges by:



Establish Zero Trust Access to prevent breaches. With more industrial systems being connected to the network, Zero Trust Access solutions ensure that any user, device or applications without proper credentials and permissions are denied access to critical assets. To advance OT security efforts, Zero Trust Access solutions can further defend against both internal and external threats.


Implementing solutions that provide centralised visibility of OT activities. Centralised, end-to-end visibility of all OT activities is key to ensuring organisations strengthen their security posture. According to Fortinet’s report, top-tier organisations – which make up the 6% of respondents who reported no intrusions in the past year – were more than three times as likely to have achieved centralised visibility than their counterparts who suffered intrusions.


Consolidating security tools and vendors to integrate across environments. To remove complexity and help achieve centralised visibility of all devices, organisations should look to integrate their OT and IT technology across a smaller number of vendors. By implementing integrated security solutions, organisations can reduce their attack surface and improve their security posture.


Deploying network access control (NAC) technology. Organisations that avoided intrusions in the past year were more likely to have role-based NAC in place, ensuring that only authorised individuals can access specific systems critical for securing digital assets.

Hibernian FC is delighted to announce an innovative multi-year partnership with Acronis, the global leader in cyber protection, and Dunedin IT, one of Scotland's most trusted and experienced technology and connectivity providers providing end-to-end services.
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
Despite the uptick in conversations about the importance of a secure password, half of the country’s workforce have a memorable word written in a notepad on their desk – with an astonishing 95% storing it on an easily accessible device.
Orange Cyberdefense will work with NightDragon portfolio companies to infuse technology into high-value security services to help customers stay ahead of threats.
Kyndryl and Veritas Technologies have formed a global partnership to help enterprises protect and recover their critical data across multi-cloud environments.
John B. Sanfilippo and Son, Inc (JBSS), one of the largest nut producers in the world, has adopted Cyren Inbox Security to proactively combat ransomware threats and meet evolving cybersecurity insurance requirements.
A global IT security and compliance survey of 800+ IT professionals found that the rate of IT security incidents increases the more Microsoft 365 security features are used. Conducted by Hornetsecurity, a leading security and backup solution provider for Microsoft 365, the survey findings were released at Infosecurity Europe 2022, being held this week at ExCel London.
A community effort designed to give back to aspiring cybersecurity professionals and increase industry-wide diversity through knowledge sharing and networking.