Fortinet Report: Threat Actors Are Increasingly Targeting Operational Technology Organisations
Nearly one-third (31 per cent) of operational technology organisations reported more than six intrusions in the last year, up from 11 per cent the year before
Posted: Wednesday, Jun 19
  • KBI.Media
  • $
  • Fortinet Report: Threat Actors Are Increasingly Targeting Operational Technology Organisations
Fortinet Report: Threat Actors Are Increasingly Targeting Operational Technology Organisations

John Maddison, chief marketing officer, Fortinet, said, โ€œFortinetโ€™s 2024 State of Operational Technology and Cybersecurity Report shows that while operational technology organisations are making progress in strengthening their security posture, teams still face significant challenges in securing converged information technology/operational technology environments. Adopting essential tools and capabilities to enhance visibility and protections across the entire network will be vital for these organisations when it comes to reducing the mean time to detection and response and ultimately reduce the overall risk of these environments.โ€ย 

News Summary

Fortinetยฎ (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, has announced the findings from its global 2024 State of Operational Technology and Cybersecurity Report. The results represent the current state of operational technology (OT) security and highlight opportunities for continued improvement for organisations to secure an ever-expanding information technology (IT)/OT threat landscape. In addition to trends and insights impacting OT organisations, the report offers best practices to help IT and OT security teams better secure their environments.ย 

While this yearโ€™s report indicates that organisations have made progress in the past 12 months related to advancing their OT security posture, there are still critical areas for improvement as IT and OT network environments continue to converge.ย 

Key findings from the global survey include:

  • Cyberattacks that compromise OT systems are on the rise. In 2023, 49 per cent of respondents experienced an intrusion that impacted either OT systems only or both IT and OT systems. But this year, nearly three-fourths (73 per cent) of organisations are being impacted. The survey data also shows a year-over-year increase in intrusions that only impacted OT systems (from 17 per cent to 24 per cent). Given the rise in attacks, nearly half (46 per cent) of respondents indicate that they measure success based on the recovery time needed to resume normal operations.ย 
  • Organisations experienced a high number of intrusions in the past 12 months. Nearly one-third (31 per cent) of respondents reported more than six intrusions, compared to only 11 per cent last year. All intrusion types increased compared to the previous year, except for a decline in malware. Phishing and compromised business email intrusions were the most common, while the most common techniques used were mobile security breaches and web compromise.ย 
  • Detection methods arenโ€™t keeping pace with todayโ€™s threats. As threats grow more sophisticated, the report suggests that most organisations still have blind spots in their environment. Respondents claiming that their organisation has complete visibility of OT systems within their central security operations decreased since last year, dropping from 10 per cent to five per cent. However, those reporting 75 per cent visibility increased, which suggests that organisations are gaining a more realistic understanding of their security posture. Yet more than half (56 per cent) of respondents experienced ransomware or wiper intrusionsโ€”an increase from only 32 per cent in 2023โ€”indicating that there is still room for improvement regarding network visibility and detection capabilities.ย 
  • Responsibility for OT cybersecurity is elevating within executive leadership ranks at some organisations. The percentage of organisations that are aligning OT security with the chief information security officer (CISO) continues to grow, increasing from 17 per cent in 2023 to 27 per cent this year. At the same time, there was an increase to move OT responsibility to other C-suite roles, including the chief information officer (CIO), chief technology officer (CTO), and chief operating officer (COO), to upwards of 60 per cent in the next 12 months, clearly showing concern for OT security and risk in 2024 and beyond. Findings also indicate that some organisations, where the CIO is not outright responsible, there is an upward shift of these responsibilities from the director of network engineering to the vice president of operations role, which illustrates another escalation of responsibility. This elevation into the executive ranks and below, regardless of the title of the individual overseeing OT security, may suggest that OT security is becoming a higher-profile topic at the board level.ย ย 

Best Practices

Fortinetโ€™s global 2024 State of Operational Technology and Cybersecurity Report offers organisations actionable steps for enhancing their security posture. Organisations can address OT security challenges by adopting the following best practices:ย 

  • Deploy segmentation. Reducing intrusions requires a hardened OT environment with strong network policy controls at all points of access. This kind of defensible OT architecture starts with creating network zones or segments. Teams should also evaluate the overall complexity of managing a solution and consider the benefits of an integrated or platform-based approach with centralised management capabilities.ย 
  • Establish visibility and compensating controls for OT assets. Organisations must be able to see and understand everything thatโ€™s on the OT network. Once visibility is established, organisations must protect any devices that appear to be vulnerable, which requires protective compensating controls that are purpose-built for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent the compromise of vulnerable assets.ย 
  • Integrate OT into security operations (SecOps) and incident response planning. Organisations should be maturing towards IT-OT SecOps. To achieve this, teams must specifically consider OT with regard to SecOps and incident response plans. One step teams can take to move in this direction is to create playbooks that incorporate the organisationโ€™s OT environment.ย 
  • Embrace OT-specific threat intelligence and security services. OT security depends on timely awareness and precise analytical insights about imminent risks. Organisations should make sure their threat intelligence and content sources include robust, OT-specific information in their feeds and services.ย 
  • Consider a platform approach to your overall security architecture. To address rapidly evolving OT threats and an expanding attack surface, many organisations use a broad array of security solutions from different vendors, resulting in an overly complex security architecture. A platform-based approach to security can help organisations consolidate vendors and simplify their architecture. A robust security platform that is purpose-built to protect both IT networks and OT environments can provide solution integration for improved security efficacy while enabling centralised management to enhance efficiency.ย 

Report Overview

  • The Fortinet 2024 State of Operational Technology and Cybersecurity Report is based on data from a global survey of more than 550 OT professionals, conducted by a third-party research company.ย 
  • Survey respondents were from different locations around the world, including Australia, New Zealand, Argentina, Brazil, Canada, Mainland China, France, Germany, Hong Kong, India, Japan, Mexico, Norway, South Africa, South Korea, Spain, Taiwan, Thailand, United Kingdom, and the United States, among others.ย 
  • Respondents represent a range of industries that are heavy users of OT, including: manufacturing, transportation/logistics, healthcare/pharma, oil, gas, and refining, energy/utilities, chemical/petrochemical, and water/wastewater.ย 
  • Most of those surveyed, regardless of title, are deeply involved in cybersecurity purchasing decisions. Many respondents are responsible for operations technology at their organisation and/or have reporting responsibility for manufacturing or plant operations.ย 

Additional Resources

About Fortinet

Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinetโ€™s solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with high-profile, well-respected organisations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinetโ€™s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinetโ€™s elite threat intelligence and research organisation, develops and utilises leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.ย 

Copyright ยฉ 2024 Fortinet, Inc. All rights reserved. The symbols ยฎ and โ„ข denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinetโ€™s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Share This