“Threat actors are increasingly targeting OT organizations,” report

the editorial team

3 July 2024

OT organizations are making progress in hardening their security, but their cyber teams still face significant challenges in securing converged IT/OT environments. Adopting essential tools and capabilities to enhance visibility and protections across the entire network will be vital for these organizations when it comes to reducing the mean time to detection and response and ultimately reduce the overall risk of these environments, according to Fortinet’s 2024 State of Operational Technology and Cybersecurity Report.

The results represent the current state of operational technology (OT) security and highlight opportunities for continued improvement for organizations to secure an ever-expanding IT/OT threat landscape. In addition to trends and insights impacting OT organizations, the report offers best practices to help IT and OT security teams better secure their environments.

While this year’s report indicates that organizations have made progress in the past 12 months concerning advancing their OT security posture, there are still critical areas for improvement as IT and OT network environments continue to converge.

The survey found that cyberattacks that compromise OT systems are on the rise. In 2023, 49 percent of respondents experienced an intrusion that impacted either OT systems only or both IT and OT systems. This year, nearly three-fourths of organizations are being impacted. The survey data also shows a year-over-year increase in intrusions that only impacted OT systems (from 17 to 24%). Given the rise in attacks, nearly half (46%) of respondents say they measure success based on the recovery time needed to resume normal operations.

Organizations also experienced a high number of intrusions in the past twelve months. Nearly one-third of respondents reported more than six intrusions, compared to only eleven percent last year. All intrusion types increased compared to the previous year, except for a decline in malware. Phishing and compromised business email intrusions were the most common, while the most common techniques were mobile security breaches and web compromise.

Detection methods aren’t keeping pace with today’s threats. As threats grow more sophisticated, the report suggests that most organizations still have blind spots in their environment. Respondents claiming that their organization has complete visibility of OT systems within their central security operations decreased since last year, dropping from 10 to 5%. However, those reporting 75% visibility increased, which suggests that organizations are gaining a more realistic understanding of their security posture. Yet more than half (56%) of respondents experienced ransomware or wiper intrusions – an increase from only 32% in 2023 – indicating that there is still room for improvement regarding network visibility and detection capabilities.

At some organizations, the responsibility for OT cybersecurity is elevating within executive leadership ranks. The percentage of organizations aligning OT security with the CISO continues to grow from 17% in 2023 to 27% this year. At the same time, there was an increase in moving OT responsibility to other C-suite roles, including the CIO, CTO, and COO, to upwards of 60% in the next 12 months, clearly showing concern for OT security and risk in 2024 and beyond.

Findings also indicate that in some organizations, where the CIO is not responsible, the responsibility for OT security is moving upward from the director of network engineering to the vice president of operations role, which illustrates another escalation of responsibility. This elevation into the executive ranks and below, regardless of the title of the individual overseeing OT security, may suggest that OT security is becoming a higher-profile topic at the board level.

The report offers organizations actionable steps for enhancing their security posture. Organizations can address OT security challenges by adopting the following best practices:

  • Deploy segmentation.
  • Establish visibility and compensating controls for OT assets.
  • Integrate OT into security operations and incident response planning.
  • Embrace OT-specific threat intelligence and security services.
  • Consider a platform approach to your overall security architecture.

About the report

The report is based on data from a global survey of more than 550 OT professionals, conducted by a third-party research company. Most participants, regardless of title, are deeply involved in cybersecurity purchasing decisions. Many respondents are responsible for operations technology at their organization or have reporting responsibility for manufacturing or plant operations. The respondents are from Asia-Pacific, Europe, North America, and Latin America. They work in manufacturing, transportation/logistics, healthcare/pharma, oil, gas, refining, energy/utilities, chemical/petrochemical, and water/wastewater.