Threat actors increasingly targeting operational technology organisations

Fortinet's global 2024 State of Operational Technology and Cybersecurity Report published in mid-June reveals the current state of OT security and highlights opportunities for continued improvement for organisations to secure an ever-expanding IT/OT threat landscape. In addition to trends and insights impacting OT organisations, the report offers best practices to help IT and OT security teams better secure their environments.

While this year’s report indicates that organisations have made progress in the past 12 months related to advancing their OT security posture, there are still critical areas for improvement as IT and OT network environments continue to converge.

Accordingly, cyberattacks that compromise OT systems are on the rise. In 2023, 49 per cent of respondents experienced an intrusion that impacted either OT systems only or both IT and OT systems. But this year, nearly three-fourths (73 per cent) of organisations are being impacted. The survey data also shows an on-year increase in intrusions that only impacted OT systems (from 17 per cent to 24 per cent). Given the rise in attacks, nearly half (46 per cent) of respondents indicated that they measure success based on the recovery time needed to resume normal operations.

In addition, organisations experienced a high number of intrusions in the past 12 months. Nearly one-third (31 per cent) of respondents reported more than six intrusions, compared to only 11 per cent last year. All intrusion types increased compared to the previous year, except for a decline in malware. Phishing and compromised business email intrusions were the most common, while the most common techniques used were mobile security breaches and web compromise.

However, detection methods aren’t keeping pace with today’s threats. As threats grow more sophisticated, the report suggests that most organisations still have blind spots in their environment. Respondents claiming that their organisation has complete visibility of OT systems within their central security operations decreased since last year, dropping from 10 per cent to 5 per cent. However, those reporting 75 per cent visibility increased, which suggests that organisations are gaining a more realistic understanding of their security posture. Yet more than half (56 per cent) of respondents experienced ransomware or wiper intrusions – an increase from only 32 per cent in 2023 – indicating that there is still room for improvement regarding network visibility and detection capabilities.

The report offers organisations actionable steps for enhancing their security posture. Organisations can address OT security challenges by adopting the following best practices.

One of the best practices is to deploy segmentation. Reducing intrusions requires a hardened OT environment with strong network policy controls at all points of access. This kind of defensible OT architecture starts with creating network zones or segments. Teams should also evaluate the overall complexity of managing a solution and consider the benefits of an integrated or platform-based approach with centralised management capabilities.

Another best practice is to establish visibility and compensating controls for OT assets. Organisations must be able to see and understand everything that’s on the OT network. Once visibility is established, organisations must protect any devices that appear to be vulnerable, which requires protective compensating controls that are purpose-built for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent the compromise of vulnerable assets.

Organisations can integrate OT into security operations (SecOps) and incident response planning. Organisations should be maturing towards IT-OT SecOps. To achieve this, teams must specifically consider OT with regard to SecOps and incident response plans. One step teams can take to move in this direction is to create playbooks that incorporate the organisation’s OT environment.

The report also suggests embracing OT-specific threat intelligence and security services. OT security depends on timely awareness and precise analytical insights about imminent risks. Organisations should make sure their threat intelligence and content sources include robust, OT-specific information in their feeds and services.

It is also vital to consider a platform approach to overall security architecture. To address rapidly evolving OT threats and an expanding attack surface, many organisations use a broad array of security solutions from different vendors, resulting in an overly complex security architecture. A platform-based approach to security can help organisations consolidate vendors and simplify their architecture. A robust security platform that is purpose-built to protect both IT networks and OT environments can provide solution integration for improved security efficacy while enabling centralised management to enhance efficiency.

John Maddison, chief marketing officer at Fortinet, said, "Fortinet’s 2024 State of Operational Technology and Cybersecurity Report shows that while OT organisations are making progress in strengthening their security posture, teams still face significant challenges in securing converged IT/OT environments. Adopting essential tools and capabilities to enhance visibility and protections across the entire network will be vital for these organisations when it comes to reducing the mean time to detection and response and ultimately reduce the overall risk of these environments.”

Fortinet reaffirms its commitment to secure product development and responsible disclosure processes As one of the first cybersecurity vendors to sign CISA’s Secure by Design pledge, Fortinet® (NASDAQ: FTNT) is dedicated to a culture of responsible radical transparency that puts the safety of customers first.

Fortinet expands its global SASE Points-of-Presence with Google Cloud Fortinet, the global cybersecurity leader driving the convergence of networking and security, on October 16 announced the expansion of its SASE Points-of-Presence (POPs) to new locations through a partnership with Google Cloud.

Fortinet and Samsung Heavy Industries sign MoU on maritime cybersecurity On March 27, Fortinet, the global cybersecurity leader driving the convergence of networking and security, and Samsung Heavy Industries, a global leader in maritime shipbuilding, announced the signing of an MoU for cooperation in the maritime cybersecurity of ships.