With the convergence of OT and IT infrastructures, new and more destructive cyber threats can target previously air-gapped OT environments. Faced with expanded attack surfaces and new vulnerabilities, you need to craft solid OT security strategies for your clients. Fortinet’s 2023 State of Operational Technology and Cybersecurity Report uncovered four global trends that can help inform your OT cybersecurity strategy.
4 Global Trends in OT Security
The Fortinet report is based on data from an in-depth worldwide survey of 570 OT professionals. After extensively analyzing the data from this survey, the Fortinet team identified four global trends.
1. While ransomware and phishing are still major threats, there has been an overall decline in intrusions due to fewer insider data breaches. Keep in mind, this decline could be due to cybercriminals adopting a more targeted approach in their attacks and not a decline in cyber risk.
2. The report also finds that 95 percent of organizations have made their CISOs responsible for OT cybersecurity, taking this responsibility away from operational teams. This shift indicates that OT cybersecurity has become an organizational-wide priority, backed by the C-suite.
3. Organizations and OT professionals rely on multiple point solutions to combat cyberattacks, often resulting in solution sprawl. This approach can also make applying policies and enforcing them consistently across the converged IT/OT landscape more challenging.
4. The number of respondents who consider their organization’s cybersecurity maturity at Level 4 fell from 21 percent a year ago to 13 percent today, while those who see their cybersecurity as at Level 3 are up from 35 percent to 44 percent. This change could indicate that OT professionals have a more realistic understanding of OT cybersecurity and their organization’s OT security capabilities.
While designing and implementing a comprehensive OT cybersecurity strategy can seem daunting, the Fortinet report offers three tips put you on the right path.
1. Implement basic asset inventory and segmentation actions and then employ more advanced micro-segmentation and virtual patching solutions to protect devices against known vulnerabilities. This will provide you with provide sufficient time to patch devices properly.
2. Collaborate across IT, OT and production teams to adequately assess cyber and production risks, specifically ransomware incidents. Inform your client’s CISO of these actions to ensure proper awareness, prioritization, budget and personnel allocations.
3. Develop a vendor and OT cybersecurity platform strategy. Engage with vendors that have a comprehensive suite of solutions that can provide everything from asset inventory and segmentation to more advanced solutions such as an OT SOC or the ability to support a joint IT/OT SOC.
Download your copy of Fortinet’s 2023 State of Operational Technology and Cybersecurity Report to learn more about the challenges that your clients face in securing their OT systems and how you can help them build a strong OT security posture.
Learn more about how Fortinet protects OT environments in critical infrastructure sectors such as energy, defense, manufacturing, food and transportation by designing security into complex infrastructure via the Fortinet Security Fabric.