OT companies are currently under pressure from two sides: from increasingly effective and varied cyberattacks, and, in response, from tightening regulatory constraints. In this environment, OT responsibilities are moving up the leadership ranks, and all CISOs need to speed up threat detection and response.

Regulatory pressures around the world are demanding that CISOs and corporate boards shoulder greater responsibility for cybersecurity, including when it comes to operational technologies (OT), industrial control systems (ICS), and IoT devices. 

In the USA, the Securities and Exchange Commission now requires public companies to report “material” breaches and document their overall risk management, strategy, and governance framework. In Europe, the NIS2 directive expands companies’ incident reporting obligations. They must now report security incidents with a significant impact to their national cybersecurity agency and provide reports on how the situation evolves.

A third of OT companies reported at least six intrusions in 2024

This regulatory pressure is welcome, as OT manufacturers are increasingly the target of cyber threats. In its report entitled 2024 State of Operational Technology and Cybersecurity, Fortinet reveals that almost a third (31%) of OT companies say they’ve experienced at least six intrusions in the past year, compared with 11% the previous year. All types of intrusions, apart from malware, increased year-on-year. Phishing and email identity theft are the most common intrusions, while the most frequently used techniques are mobile security incidents and website compromises.

Another report published by Nozomi Networks, OT/IoT: Cybersecurity Trends and Insights, reveals that the sectors most affected by OT/IoT Common Vulnerabilities and Exposures (CVEs) are critical manufacturing, energy, transportation systems, water, and wastewater.

The Fortinet study also reports that almost 73% of those surveyed said they had experienced an intrusion that impacted either only their OT systems or both their IT and OT systems, up from 49% in 2023. According to the data collected, the number of intrusions perpetrated on OT systems alone rose from 17% to 24%. In view of this upsurge in attacks, almost half of all respondents (46%) say that post-incident recovery time is their most important indicator of the effectiveness of their cybersecurity strategy.

Accelerating threat detection and response is a must

“The report highlights that, even though manufacturers using OT technologies have strengthened their security posture, their teams are still faced with major challenges in securing their converged IT/OT environments. It is now essential for these players to adopt the tools and capabilities that will improve not only visibility across their entire network, but also its level of protection. The goal is to speed up threat detection and response, and ultimately control the overall risk to these environments,” says John Maddison, Chief Marketing Officer at Fortinet.

But detection methods are struggling to keep pace with today’s threats. With threats becoming ever more sophisticated, the report suggests that the majority of companies still have some areas of weakness within their environments. The percentage of respondents claiming that their companies have complete visibility over the security of their OT systems has dropped from 10% to 5% since last year. 

Nevertheless, the percentage of those reporting 75% visibility has risen, suggesting that companies are becoming more realistic about their security posture. However, more than half of respondents (56%, up from 32% in 2023) have experienced ransomware or wiper intrusions (malware used as a tool for destruction and disruption), indicating that there is still room for improvement in network visibility and threat detection.

Responsibility for OT moves up leadership ranks

OT cybersecurity responsibilities are moving up the executive leadership ranks in some companies. The percentage of organizations that are aligning OT security with the responsibilities of their CISO is rising, from 17% in 2023 to 27% this year. At the same time, 60% of respondents plan to assign responsibility for OT to executive profiles (CIO, CTO, and COO) over the next 12 months. This trend clearly points to a growing concern for OT risk and security in 2024 and beyond. 

There has also been a shift among companies that have not made their CIO responsible for OT cybersecurity. This responsibility, which has until now fallen within the remit of the Director of Network Engineering, is increasingly being elevated to the Vice President of Operations role, again reflecting this upward shift in responsibilities. Regardless of the job title of the individual overseeing OT security, this trend suggests that OT security is becoming more strategic for business leaders.

Best practices for improving OT security posture

To improve their OT security posture, companies can adopt a number of best practices. Here are a few suggested by Fortinet. The first is to segment the environment. Combating intrusions requires hardening the OT environment by applying robust network policies to all points of access. The first step in this defensible architecture is to define network zones or segments. Teams should also assess the overall complexity of managing a security solution and consider the benefits of an integrated or platform-based approach with centralized management capabilities.

CISOs can also establish visibility over OT assets and define compensation mechanisms. Companies must be able to see and understand all the assets in their OT infrastructure. Once visibility is established, companies are able to protect any devices that appear to be vulnerable, which requires compensating mechanisms (as an alternative to security measures considered too difficult to implement) to protect sensitive OT devices. Protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring are all appropriate tools for detecting and preventing the compromise of vulnerable assets.

Another best practice is to integrate OT into security operations and the incident response strategy. Companies need to mature toward SecOps for both IT and OT. To achieve this, teams need to purposely build OT into their SecOps and incident response strategies. They can do this by creating playbooks that cover the company’s OT environment.

Lastly, companies need to adopt OT-specific threat intelligence and security services. OT security is vitally dependent on the awareness and analysis of imminent risks. Companies must ensure that their threat intelligence and content sources deliver relevant, detailed OT-specific information.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.