Operational technology (OT) infrastructure is facing an unprecedented wave of cyberattacks, with a reported 73% surge in incidents, according to the Fortinet 2024 State of Operational Technology and Cybersecurity Report. OT organizations responsible for critical infrastructure and industrial processes often find themselves in the crosshairs of increasingly sophisticated threat actors.
However, there’s a silver lining. Although cyber intrusions have risen, organizations are taking concrete steps to enhance OT security. Leadership structures are adapting, and the technologies safeguarding OT systems are becoming more robust. Yet, the challenge of securing converged IT/OT environments persists, making it essential for executives, particularly Chief Information Security Officers (CISOs), to stay informed on the evolving threat landscape.
A c-suite mindset shift
The elevation of OT cybersecurity risks to the executive level marks a significant shift in corporate priorities. The 2024 Fortinet report is the sixth edition, and six years ago, OT security was often overlooked. Many factories operated in isolation from IT systems, but over time as industries have increasingly connected their operational environments to external networks, the vulnerabilities have become apparent.
Today, OT security is a priority across industry sectors, with more companies recognizing the need to protect their critical infrastructure. CISO responsibilities now encompass OT security, alongside other C-suite leaders such as the CIO, COO, and CTO. This collective responsibility reflects a broader understanding that securing OT environments is critical to ensuring business continuity and mitigating operational risks.
New threats and targeted attacks
Threat actors are sharpening their focus on OT networks, particularly in the manufacturing sector. The Fortinet report highlights an uptick in attacks aimed at degrading brand reputation and stealing critical business data and intellectual property. Criminals have also begun monetizing the disruption of production lines, factoring this into their ransom demands.
Additionally, two types of attacks are becoming increasingly prevalent. The first is traditional ransomware, which can halt production and disrupt critical infrastructure. The second, more concerning, is OT-specific malware designed to manipulate physical processes such as valves, switches, and conveyor belts. These attacks, often state-sponsored, pose a significant risk to national infrastructure and corporate assets.
The challenge of modernization
Despite improvements, many OT environments continue to struggle with modernization. Older production equipment, designed for reliability rather than security, creates blind spots. These legacy systems often use outdated communication protocols and are difficult to secure without first achieving full visibility.
To address this situation, organizations must inventory their OT assets, implement next-generation firewalls, and segment their networks. As OT security matures, adopting a zero-trust approach and incorporating advanced security operations (SecOps) becomes increasingly important. The report shows a spectrum of maturity among organizations, with some still at the beginning of their journey while others are embracing cutting-edge SecOps strategies.
Action steps for leaders
Technology leaders can take immediate actions to secure their OT environments:
- Enhance network segmentation: Deploy additional firewalls and switches to segment OT networks, reducing the risk of lateral movement by bad actors.
- Address legacy systems: Many OT devices are too old to receive security patches. Implement compensating controls like microsegmentation, virtual patching, and deception technologies to protect these vulnerable systems.
- Develop OT SecOps: Plan for a future where OT-specific SecOps tools and processes are integrated into joint IT/OT security operations centers. This ensures comprehensive coverage of unique OT devices and network communications.
- Consolidate security vendors: Given the shortage of skilled OT security professionals, consolidating security vendors can help streamline operations and improve efficiency.
- Leverage advanced threat intelligence: As the threat landscape evolves rapidly, having AI-driven, real-time threat intelligence is critical. This helps organizations stay ahead of emerging threats and optimize their security posture.
Using a platform approach to security can greatly enhance these efforts. The Fortinet OT Security platform, for example, provides broad, integrated, and automated solutions that include secure networking, zero trust, and OT-specific threat intelligence. This holistic approach helps organizations consolidate vendors and strengthen their OT defenses against the latest cyber threats.
Make cybersecurity a priority
In an era where OT systems are increasingly connected to the digital world, cybersecurity must be a top priority for executives. Taking a proactive approach by improving visibility, modernizing legacy systems, and leveraging advanced threat intelligence can help protect organizations from evolving threats while ensuring the smooth operation of critical infrastructure.