Operational Technology (OT) organizations faced more intrusions, increased ransomware attacks, and worsened impacts compared to the previous year, according to the Fortinet 2024 State of Operational Technology and Cybersecurity Report - underscoring the growing urgency of network security.
The sixth annual report was developed by Fortinet and surveyed more than 550 global OT professionals on cybersecurity practices and incidents.
"This year’s report shows that some progress has been made over the last 12 months in OT security posture and investment in essential tools and capabilities,” the study notes. “But there’s more work to be done to effectively manage an increasing number of attacks in a post-IT/OT convergence world.”
Among Fortinet’s key findings:
- Nearly one-third (31 percent) of respondents reported experiencing six or more intrusions, up from 11 percent last year.
- There was a significant decrease in organizations reporting 100 percent visibility of OT activities within central cybersecurity operations, from 13 percent in 2022 to 5 percent in 2024.
- The most common intrusion types were phishing and compromised business email, with mobile security breaches and web compromises being the most frequent techniques used.
- The negative impacts of intrusions worsened, with more than half of respondents (52 percent) seeing increased degradation of brand and loss of business-critical data.
- Responsibility for OT cybersecurity is shifting to higher executive levels, with more organizations placing OT security under a CISO.
- OT security postures are maturing, with increases in both basic (visibility and segmentation) and advanced (orchestration and automation) security levels.
- The detection and remediation of intrusions remain challenging, as fewer organizations successfully detected ransomware compared to previous years.
Looking forward, according to the report:
“To reverse these trends, there must be renewed evangelism for protecting sensitive OT systems and allocating resources for an effective, purpose-built security architecture."
The report also found:
Rising Intrusions and Ransomware Attacks in OT Systems
The 2024 report found that ransomware and wiper intrusions have surged, affecting more than half of the organizations surveyed, compared to only 32 percent in the previous year. This rise in attacks underscores the escalating threat landscape facing OT systems.
Evolving Leadership Responsibility for OT Cybersecurity
The report indicates a shift in OT cybersecurity management, with responsibilities moving from the OT director of cybersecurity to the VP/director of networking engineering/operations and the CISO. This elevation into executive leadership suggests that OT security is becoming a higher-profile issue at the board level, reflecting its growing importance and complexity, according to Fortinet’s findings.
Challenges in Detecting and Remediating Threats
The report reveals that fewer organizations are successfully detecting ransomware, with detection rates dropping from 22 percent to 13 percent, the report found. Despite an increase in monitored and reported cybersecurity metrics, intrusion detection and remediation have not improved. This disparity highlights the challenges organizations face in effectively identifying and addressing threats.
The Maturation of OT Security Postures
OT security postures have shown notable progress, with 20 percent of organizations establishing visibility and implementing segmentation, up from 13 percent last year. The highest level of maturity, leveraging orchestration and automation capabilities, also increased from 13 percent to 23 percent, according to the study. However, fewer organizations reported having 100 percent visibility of their OT systems, indicating a more realistic understanding of their security posture.
Best Practices for Enhancing OT Cybersecurity
Best practices for enhancing OT cybersecurity include deploying segmentation to create network zones and enforce controls between OT and IT networks. Establishing visibility and compensating controls for OT assets is crucial, as well as integrating OT into security operations and incident response planning. Embracing OT-specific threat intelligence and security services can provide near-real-time protection against the latest threats and vulnerabilities.
"Organizations cannot afford to forget that OT systems present extremely attractive targets for attackers,” Fortinet’s study advises.
Review the full Fortinet 2024 State of Operational Technology and Cybersecurity Report here.
Solution providers can find additional information about Fortinet’s Engage Partner Program for solution providers here.