Key Takeaways from the 5th Annual Fortinet State of OT and Cybersecurity Report
Fortinet has completed and published the fifth edition of our 2023 State of Operational Technology and Cybersecurity Report. This annual study provides data and results based on a worldwide survey of 570 operational technology (OT) professionals conducted by third-party research company InMoment.
The convergence of OT and IT networks is accelerating because organizations can use the data collected by physical equipment and Industrial-Internet-of-Things (IIoT) devices to identify issues and increase efficiencies. Also, this convergence results in reduced space requirements, less physical hardware, shorter deployment times, more cost savings, higher performance, and less siloed IT and OT departments.
However, with IT/OT convergence, ever-evolving and destructive cyberthreats can target previously air-gapped OT environments and keep many organizations from fully benefiting from this integration. Consequently, organizations worldwide consider OT cybersecurity more vital than ever.
2023 Key Takeaways
The recently released Fortinet report provides a comprehensive view of the current OT and cybersecurity landscape. It reveals an encouraging trend: OT organizations have significantly enhanced their cybersecurity posture. However, the report also shows the need for further improvement.
Key takeaways from the global survey include:
OT continues to be targeted by cybercriminals at a high rate
While the number of organizations that did not incur a cybersecurity intrusion improved dramatically YoY (from 6% in 2022 to 25% in 2023), there is still significant room for improvement. In fact, three-fourths of OT organizations reported at least one intrusion in the last year. Intrusions from malware (56%) and phishing (49%) were once again the most common type of incidents reported, and nearly one-third of respondents reported being victims of a ransomware attack in the last year (32%, unchanged from 2022).
Number of Intrusions in Past Year
Cybersecurity practitioners overestimated their OT security maturity
In 2023, the number of respondents who consider their organization's OT security posture as “highly mature” fell to 13% from 21% the year before, suggesting growing awareness amongst OT professionals and more effective tools for self-assessing their organizations’ cybersecurity capabilities. Respondents also indicated that when a cyberattack did occur, nearly one-third (32%) of respondents indicated both IT and OT systems were impacted—up from only 21% last year.
Maturity of OT Security Posture
The explosive growth in connected devices underscores complexity challenges for OT organizations
Nearly 80% of respondents reported having greater than 100 IP-enabled OT devices in their OT environment, highlighting just how significant of a challenge it is for security teams to secure an ever-expanding threat landscape. Survey findings revealed that cybersecurity solutions continue to aid in the success of most (76%) OT professionals, particularly by improving efficiency (67%) and flexibility (68%). However, report data also indicates that solution sprawl makes it more difficult to consistently incorporate, employ, and enforce policies across an increasingly converged IT/OT landscape. Aging systems compound the problem, with the majority (74%) of organizations reporting that the average age of ICS systems across their organization is between six and 10 years old.
How Cybersecurity Solutions Aid Success (in Top 3)
Alignment of OT security under the CISO
While nearly every organization faces an uphill battle when it comes to finding qualified security practitioners due to the growing cybersecurity skills shortage, report findings suggest OT organizations are continuing to prioritize cybersecurity. A key indicator is that nearly every (95%) organization plans on placing the responsibility for OT cybersecurity under a chief information security officer (CISO) in the next 12 months rather than an operations executive or team. The findings also reveal that OT cybersecurity professionals now come from IT security leadership rather than product management. Influence on cybersecurity decisions is shifting away from operations and to other leaders, especially CISO/CSO roles.
Cybersecurity to Be Under CISO in Next 12 Months
Global Trends
A close analysis of the 2023 report data reveals that there are some prominent global trends:
- There may have been an overall decline in intrusions due to fewer insider breaches, but ransomware and phishing are still major threats. And cybercriminals seem to be adopting a more targeted approach.
- Nearly all organizations have placed the responsibility for OT cybersecurity under a CISO rather than an operations executive or team.
- Cybersecurity point products and solution sprawl may make it more challenging to applying policies and enforcing them consistently across the converged IT/OT landscape more challenging.
- OT professionals now seem to have a more realistic self-assessment of their organization’s OT cybersecurity defenses.
After five years of surveying OT professionals, this year’s report has the positive news that OT cybersecurity now has the attention of enterprise leadership teams and C-suites. But, CISOs and their organizations still have much to do regarding cybersecurity.
Best Practices
Organizations can continue to improve on protecting their IT and OT networks by adopting these best practices outlined in this year’s Fortinet 2023 State of OT and Cybersecurity Report:
Develop a vendor and OT cybersecurity platform strategy
Consolidation reduces complexity and accelerates outcomes. The first step is to begin building a platform over time by partnering with vendors that engineer their products with integration and automation in mind to enable organizations to consistently incorporate and enforce policies across an increasingly converged IT/OT landscape. Seek to engage with vendors with a wide portfolio of solutions that can provide the basic solutions of asset inventory and segmentation and more advanced solutions, such as an OT SOC or the ability to support a joint IT/OT SOC.
Deploy network access control (NAC) technology
Solving challenges associated with securing ICS, SCADA, IoT, BYOD, and other endpoints requires advanced network access control to be part of a comprehensive security architecture. An effective NAC solution also helps to maintain complete control of an organization’s network by managing new devices that want to connect or communicate with other parts of the organization’s infrastructure.
Employ a zero-trust access approach
Implement the basic asset inventory and segmentation steps, and provide continuous verification of all users, applications, and devices seeking access to critical assets.
Incorporate cybersecurity awareness education and training
Cybersecurity training remains critical because the cybersecurity battle will require the collective empowerment of all employees to have the knowledge and awareness to work together to protect themselves and their organization’s data. Organizations should consider including nontechnical training targeted towards anyone who uses a computer or mobile device—from teleworkers to their families.
Download the report and digest all intelligence it has to offer. You’re sure to learn a great deal about the current state of OT, the continued convergence of IT and OT networks, and the best way to secure them going forward.
Learn more about how Fortinet protects OT environments in critical infrastructure sectors such as energy, defense, manufacturing, food, and transportation by designing security into complex infrastructure via the Fortinet Security Fabric.
