Network and IT teams are under great pressure to adapt and become more aware of OT. In turn, organizations are in the process of finding and employing solutions that implement security throughout their IT/OT environment to reduce overall security risk.
This is highlighted in the report “State of Cybersecurity and Operational Technology 2023”, d Fortinet, where I know reveals that this environment continues to be the target of cybercrime and that close to one in three OT organizations were victims of a ransomware attack in the last year.
“The report shows that while OT organizations have improved their overall cybersecurity posture, There is still room for improvement.” explains John Maddison, EVP Products and CMO at Fortinet.
OT organizations and their security
The main conclusions of the report are the following:
- Cybercriminals continue to attack OT networks at a high rate: While the number of organizations that did not incur a cybersecurity intrusion improved dramatically YoY (from 6% in 2022 to 25% in 2023), there is still significant room for improvement
- Cybersecurity professionals overestimate their OT security maturity: In 2023, the number of respondents who consider their organization’s OT security posture to be “very mature” dropped to 13% from 21% the year before, suggesting greater awareness among OT professionals and the use of more effective tools to self-assess the cybersecurity capabilities of their organizations
95% of organizations expect the responsibility for OT cybersecurity to shift from directors and managers to CISO in the next 12 months
- The explosion of connected devices highlights the complexity of the challenges facing OT organizations: Nearly 80% of respondents said they have more than 100 IP-enabled OT devices in their OT environment, highlighting the significant challenge for security teams to protect an ever-expanding threat landscape
- The alignment of OT security under the CISO bodes well for the industry: Although almost all organizations face an uphill battle when it comes to finding qualified security professionals due to the growing shortage of cybersecurity skillsthe report’s results suggest that OT organizations continue to prioritize cybersecurity.
Good practices to follow
Organizations can address OT security challenges by adopting the following best practices:
- Develop a security platform strategy for OT providers and environments
- Implement Network Access Control (NAC) technology
- Apply a zero trust approach
- Incorporate cybersecurity education and training