TALKING
‘‘ business
Through the convergence of IT and Operational Technology ( OT ) environments , organisations can achieve greater efficiency and effectiveness in monitoring critical processes . It also enables organisations to effectively leverage data from a range of sources , including medical devices , industrial applications / robotics and connected sensors – collectively known as the Industrial Internet of Things ( IIoT ) – to improve OT efficiency and safety , reduce costs and increase employee productivity . expect regulatory pressure to increase over the next two years . By simply expanding the period of consideration to 24 months , we discover OT system breach rates rising to 80 %, demonstrating just how much interest there is for cybercriminals to target OT systems .
Considering the high number of OT breaches , it makes sense that 78 % of organisations surveyed plan to increase their ICS / SCADA security budgets this year to more effectively combat these threats .
At the same time , however , this convergence can expose new risks that , if left unattended , can leave networks vulnerable . Absent an effective OT security plan , enterprises and their integrated ICS / SCADA systems are left defenceless in the face of cyberattacks that could result in reputational damage , financial loss and / or diminished customer confidence . On a more severe scale , these types of cyberattacks can also threaten the safety of citizens and – in the case of critical infrastructure – national security .
2 . IT and OT networks continue to converge
OT systems historically depended on software and hardware not connected to the Internet , meaning there was a natural reliance on the safety of an ‘ air gap ’ between external and internal systems . With the shift toward IT-OT convergence and the pursuit toward operational efficiency , connectivity and exposure to more traditional IT threats have increased .
Rick Peters , CISO for Operational Technology , North America at Fortinet
New threats impacting ICS / SCADA systems
Citizens around the world naturally depend on the OT vertical sector services – including manufacturing , energy , utilities and transportation infrastructures – provisioned daily . It is therefore critical to safeguard the integrated ICS / SCADA systems within an OT enterprise . As Digital Transformation sweeps across these sectors as a means to boost efficiency , new cybersecurity concerns have surfaced as once airgapped systems become exposed to new cyber-risks and a much broader attack surface .
Furthermore , considering the age , sensitivity and complexities of many OT environments , it is increasingly difficult for organisations to protect their high-value cyberphysical assets . It is all of these factors that triggered Fortinet and Forrester to survey industry leaders who manage and maintain OT infrastructure with the goal of highlighting emerging security trends and practices impacting operations .
This survey uncovered three important findings :
1 . Breaches are common in the OT sector
Among survey participants , only 10 % reported that they had never experienced a data breach . Conversely , 58 % of organisations reported having experienced this type of threat in the past 12 months ; thus , more than 75 %
New cybersecurity concerns have surfaced as once air-gapped systems become exposed to new cyber-risks and a much broader attack surface .
With this proportional expansion of the attack surface , cybercriminals can readily gain access to systems that were once isolated .
When surveyed , almost all respondents ( 96 %) expect to face challenges as they move toward convergence , resulting in greater attention devoted to security concerns . When it comes to OT security , more than one-third of survey respondents noted that they are worried about the following issues :
• The potential for connected smart devices to cause breaches
• Third parties lack the security expertise required to help with converged technology and the Internet of Things ( IoT )
• Lack of expertise by internal security teams to secure this converged technology and IoT
• Staying on top of the latest security tactics and protocols
• An inability to isolate or contain resources when a breach occurs
www . intelligentcio . com INTELLIGENTCIO AFRICA 31