TRENDING
////////////////////////////////////////////////////////////////////
runs the world’s manufacturing plants,
power grids, water utilities, shipping lines,
and more,” said Doros Hadjizenonos,
Regional Director – SADC at Fortinet.
“OT differs from traditional IT systems due
to the processes and systems that must
be incorporated to effectively manage
production and resource development
systems, including engines, valves, sensors,
and even robotics, that are common to
critical infrastructure environments but may
be absent from traditional IT stacks.
“However, while IT and OT have been
managed separately since their inception,
there has been a growing movement toward
the convergence of these two systems over
the past 12 to 18 months.
“Incorporating IT capabilities such as Big
Data, analytics and Machine Learning into
OT systems, along with faster connectivity
solutions in order to respond to security
and safety events more quickly, has allowed
these industries to improve productivity and
efficiency, offering a competitive edge to
those who combine the systems effectively.
“It’s important for OT teams to consider how
this convergence affects the cybersecurity
posture of critical infrastructure, especially
given the impact that downtime caused by
a cyberattack can have on the economy,
health, and productivity of the nation. And
worse, the potential safety risks to workers
and even local communities should a critical
system be compromised.
The most common types of cyberattacks
affecting operational technology are
malware, phishing, spyware, and mobile
security breaches. The survey results show
that these attacks persist as a result of four
key reasons:
Lack of visibility
This makes it difficult for teams to detect
unusual behaviour, quickly respond to
potential threats, and perform threat
analysis – all of which are crucial to a
successful cybersecurity posture.
Lack of personnel
Due to the cybersecurity skills gap, the low
availability of skilled security professionals
is a key concern for operations leaders
18
INTELLIGENTCIO
cybersecurity in the next year – currently, just
9% of CISOs overseeing OT security.
Doros Hadjizenonos, Regional Director –
SADC at Fortinet
considering implementing new security tools
and controls in the network.
Rapid pace of change
Operations leaders note that keeping up
with the pace of change is a challenge
when it comes to security, and yet, at the
same time, slowing Digital Transformation
efforts for any reason can compromise their
competitive edge.
In addition to these two changes
already underway, organisations can
implement several security tactics that
have demonstrated success in critical
infrastructure industries. As part of this
study, Fortinet examined the differences
in cybersecurity controls in place between
those organisations that experienced zero
intrusions over the last 12 months, and
similarly-sized organisations with six or more
intrusions. There were several tactics and
tools that stood out among those top-tier
organisations that those in the bottom-tier
lacked, including:
•
•
•
•
•
Multi-factor authentication
Role-based access control
Network segmentation
Conduct security compliance reviews
Management and analysis of
security events
As OT and IT systems continue to converge,
implementing these essential tactics can
help operations leaders and CISOs gain
visibility across their OT environments while
reducing complexity in their network to
reduce cyber risk.
Network complexity
OT network environments are complex,
with anywhere from 50 to 500 devices to
monitor and secure, many of which come
from different vendors. This exacerbates
the challenges surrounding visibility and
personnel, as each device stores different
data and has different security configuration
needs and requirements.
Improving security for
operational technology
With these attack vectors and security
challenges in mind, there are several steps
operations leaders can take to improve the
security posture at their organisations and
minimise the risks associated with downtime
in the wake of an attack.
First, 62% of organisations stated intentions
to dramatically increase their cybersecurity
budgets this year. Additionally, organizations
are also adjusting their cybersecurity
strategies, with 70% stating their intention
to make the CISO responsible for OT
“Security threats to Operational Technology
networks, especially in critical infrastructures
such as transportation, health and energy,
can have major consequences for ensuring
the success of these organisations, as well
as for the daily lives of the people those
industries support,” said Hadjizenonos.
“To help minimise this risk, this latest report
provides a critical examination of key areas of
vulnerability in order to help OT teams identify
more effective ways to improve cybersecurity
efforts in the industries they support.” n
“
OT IS VITAL TO
PUBLIC SAFETY
AND ECONOMIC
WELL-BEING.
www.intelligentcio.com