The 2021 State of Operational Technology and Cyber Security Report from Fortinet finds that operational technology (OT) leaders continue to face cybersecurity challenges, some of which were exacerbated by the shift to work from home due to the pandemic. The pandemic also accelerated IT-OT network convergence for most organizations, which correlates to other CEO reports that indicate pandemic-related changes have accelerated digital transformation, putting organizations years ahead of where they would have expected to be at this point.
Facing the challenge of extending the plant environment to accommodate remote work, many organizations had to increase their technology budgets to support rapid solution deployment. Seeking to benefit where possible from the many changes brought about by the pandemic, many OT leaders are looking for new ways to streamline processes and reduce future costs. Although progress is being made, there is room for improvement. Most OT organizations are not leveraging orchestration and automation and their security readiness was further taxed by the COVID-19 crisis. OT-IT network convergence coupled with an ever-increasing advanced threat landscape and coping with pandemic-related issues made it even more difficult for OT leaders to stay ahead of disruptive cyber adversaries.
The Fortinet study highlights four key insights about the current state of OT security across organizations.
Insight 1: OT leaders continue to see significant intrusions that affect the organization. Outages that affect productivity and revenue continue, and the risks to physical safety are rising.
As a group, organizations represented by the OT leaders who participated in the survey have been largely unsuccessful at preventing cybercriminals from intruding on their systems. Nine out of 10 organizations experienced at least one intrusion in the past year, which is almost identical to the results of last year’s survey. Even though the pandemic was an unusual situation, a 90% rate of intrusion represents a significant problem that should concern OT leaders.
There was a significant change in insider breach instances, which have increased to 42%. Unlike unintentional security accidents, such as an employee who clicks a bad link, bad actors have malicious intent, which means OT leaders should carefully consider who has access to their systems. Additionally, with so many employees working from home, the security issues related to home networks likely contributed to problems.
Insight 2: OT leaders were not prepared for changes related to the pandemic and had to quickly increase budgets and change processes.
Except for a small number of top-tier companies, OT leaders had to quickly increase spending to manage processes related to IT-OT network convergence and the need to support work from home. These two separate issues both affected technology budgets. SOCs and NOCs needed more staff and equipment because the pandemic accelerated digital transformation and increased the need for connectivity for secure remote access. Employees needing to work from home and OEMs and system integrators were hampered by their ability to travel. The pandemic accelerated the need for third-party secure remote access because technical staff could not be on-site doing work in person.
Insight 3: OT leaders faced a significant increase in insider threats and phishing. Malware continued to be a problem.
The survey showed significant growth in phishing attacks with 58% reporting this type of intrusion, up from 43% last year. The increase in phishing stems from attackers exploiting weaknesses related to the rapid changes to working that occurred at the beginning of 2020. No one was immune, and along with everyone else, OT organizations were affected.
Similarly, determining how to extend the workforce to the home affected organizations of all types, and OT was no exception. Bad actors targeted operational technology because they could exploit security weaknesses. And their success rates went up as they discovered a broad array of vulnerable attack surfaces. These numbers are not surprising because, during periods of uncertainty and sudden change, exploits typically increase as attackers take advantage of new areas of risk. As employees continue to work remotely, it is clear that OT organizations need to extend zero trusts to their endpoints to reduce the attack surface.
Insight 4: OT leaders continue to struggle with security measurements and perceptions.
OT leaders are tracking and reporting cybersecurity measurements consistently with a cost lower on the priority list than risk assessment and the implications to the business. Vulnerabilities (70%) and intrusions (62%) remain the top cybersecurity measurements that are tracked and reported, but tangible risk management outcomes have become more prevalent this year (57%). OT cybersecurity issues are reported to senior/executive leadership fairly evenly, although the results of penetration/intrusion tests are not shared quite as much as the other issues.
Overcoming the OT Challenges
Arguably, the demand for resiliency that is achieved from implementing cybersecurity best practices has gained amplified interest over the past 12 months. Increased digital connectivity of OT and IT networks rolls on, yet in this year’s survey, only 7% of OT leaders reported no intrusions. It's clear that many organizations face challenges when it comes to security practices and ultimately protecting their infrastructure from today's increasingly sophisticated cyber threats.
Top-tier OT organizations are realizing cybersecurity success and managing to weather the unusual situation brought on by the pandemic and the corresponding rapid innovation. Those top-tier organizations continue to commit to promoting centralized visibility and taking a proactive approach to security to protect their critical systems.