OT environments are facing increasing cyber attacks

According to a recent global survey released by Fortinet, 31% of organisations with OT environments reported over six intrusions in the past year, a significant increase from the 11% reported the previous year.   

This alarming finding shows that despite growing efforts and investments to bolster their security posture, organisations still face significant challenges when securing integrated IT/OT environments. 

In this article, we cover the main OT cybersecurity challenges highlighted by Fortinet’s 2024 State of Operational Technology and Cybersecurity Report and provide some insights on the best practices for enhancing your OT security posture.    

Cyber Threats to Operational Technology Environments  

Traditionally kept isolated from other environments, most OT systems were not designed for today’s increased network connectivity. As organisations integrate new digital technologies into their OT environments, security challenges become more complex. 

Threats to OT environments can come from numerous sources, including terrorist groups, disgruntled employees, malicious intruders, natural disasters, actions by insiders, and unintentional actions such as human error or failure to follow established policies and procedures. Attackers are developing more sophisticated tactics and tools to penetrate OT protocols and systems.  

To ensure the safety of their OT systems, organisations must adopt essential tools and capabilities to enhance visibility and protection across the entire network, reducing the time for attack detection and response, as well as the overall risk for these environments. 

Key Findings from Fortinet Report 

1. Cyberattacks that compromise OT systems are on the rise. 

This year, 73% of organisations reported intrusions that impacted either OT systems only or both IT and OT systems, a sharp increase from only 49% in 2023. 

Findings also showed an increasing number of organisations experiencing a high volume of intrusions. Over 30% of respondents had six or more intrusions, up from only 11% in 2023. 

2. Email attacks and mobile security breaches are the main attack techniques.   

Phishing and compromised business email were the most common attack types in the last year, affecting 76% and 65% of the organisations. Additionally, ransomware and wiper intrusions saw a spike in activity, rising from 32% in 2023 to over 55% in 2024.  

Cybercriminals’ most common techniques for gaining access to OT environments were mobile security breaches and web compromises.  

These findings highlight the importance of organisations investing in cybersecurity awareness training for their team members, making them a key component of your business’s strategy to fortify your company’s defences.  

3. Organisations have experienced increased damage from intrusions. 

The damages caused by intrusions have also gotten worse for organisations. More than half of respondents (55%) reported degradation of brand awareness due to a successful attack. Findings also showed an increase in organisations that reported lost business-critical data and decreased productivity due to a breach incident.  

Given the rise in attacks and extension of their damages, nearly half (46%) of respondents indicate that they measure success based on the recovery time needed to resume normal operations. That suggests that for many organisations, quickly responding to inevitable attacks may be a more realistic target to measure their cyber resilience success.  

4. Organisations have a more mature OT security posture  

As OT threats become more sophisticated, the report suggests that most organisations still have blind spots in their environment. While there has been a decrease in organisations claiming to have complete visibility of their OT activities within central cybersecurity operations compared to the previous years, the number of organisations reporting that they have 75% visibility increased. This suggests that organisations are gaining a more realistic understanding of their security posture and becoming more aware of their blind spots.  

5. OT Cybersecurity has become a high-rank responsibility 

The percentage of organisations aligning OT security with the CISO increased to 27% this year, compared to 17% in 2023.  

Findings also indicate a growing trend of transferring OT responsibility to other C-suite roles, such as the CIO, CTO, and COO, with an expected increase to about 60% in the next 12 months. This indicates a clear concern for OT security and risk in 2024 and beyond. 

Also, in organisations where the CIO is not responsible, these responsibilities are shifted from the Director of Network Engineering to the Vice President of Operations role, illustrating another escalation of responsibility. 

This elevation into the executive ranks indicates that OT security is becoming a higher-profile topic and gaining more attention at the board level. 

Best practices to enhance OT security 

The results of the Fortinet report show us the urgent need for effective security measures. 

Based on these findings, the Nextro team has compiled the best practices to address OT security challenges and strengthen its security posture.   

Implement network segmentation 

To minimise intrusions, it’s crucial to establish a fortified OT environment with robust network policy controls at every access point. This defensible architecture begins with creating distinct network zones or segments. Additionally, teams should assess the complexity of managing these solutions and consider the advantages of an integrated or platform-based approach with centralised management capabilities. 

Enhance Visibility and Apply Compensating Controls for OT Assets 

Visibility into all assets on the OT network is essential. Once visibility is achieved, organisations must protect any vulnerable OT devices with purpose-built compensating controls. These controls should include protocol-aware network policies, system interaction analysis, and endpoint monitoring to detect and prevent the compromise of sensitive OT assets.  

Integrate OT into Security Operations and Incident Response 

Organisations should integrate OT considerations into their overall SecOps and incident response plans. This involves creating playbooks that specifically address the OT environment, ensuring comprehensive incident management and response. 

Utilise OT-Specific Threat Intelligence and Security Services 

Effective OT security relies on timely awareness and precise analysis of emerging threats. Organisations should ensure their threat intelligence and content sources are rich with OT-specific information, enhancing their ability to respond to imminent risks accurately. 

Adopt a Platform Approach to Security Architecture 

To tackle the dynamic nature of OT threats and the growing attack surface, organisations often deploy numerous security solutions from various vendors, leading to complexity. A platform-based approach can streamline this by consolidating vendors and simplifying the security architecture. A robust platform designed to safeguard both IT and OT environments enables solution integration, improving security efficacy and allowing centralised management to boost efficiency. 

With the rise of more sophisticated and complex OT security threats, organisations must adopt comprehensive and proactive cybersecurity strategies to safeguard their OT environments. 

At Nextro, we stand at the forefront of cybersecurity innovation, offering best-of-breed solutions specifically designed to protect OT and IT infrastructure effectively. Our solutions enable organisations to enhance their security and mitigate risks.  

If you would like to learn more about safeguarding your OT network, or have general networking or cybersecurity questions, please get in touch with the Nextro team today. 

To download your copy of the Fortinet 2024 State of Operational Technology and Cybersecurity here.