The 2021 State of Operational Technology and Cybersecurity Report from Fortinet finds that operational technology (OT) leaders continue to face cybersecurity challenges, some of which were exacerbated by the shift to work from home due to the pandemic. The pandemic also accelerated IT-OT network convergence for most organizations, which correlates to other CEO reports that indicate pandemic-related changes have accelerated digital transformation, putting organizations years ahead of where they would have expected to be at this point.
Facing the challenge of extending the plant environment to accommodate remote work, many organizations had to increase their technology budgets to support rapid solution deployment. Seeking to benefit where possible from the many changes brought about by the pandemic, many OT leaders are looking for new ways to streamline processes and reduce future costs.
Although progress is being made, there is room for improvement. Most OT organizations are not leveraging orchestration and automation and their security readiness was further taxed by the COVID-19 crisis. OT-IT network convergence coupled with an ever-increasing advanced threat landscape and coping with pandemic-related issues made it even more difficult for OT leaders to stay ahead of disruptive cyber adversaries.
The Fortinet study highlights four key insights about the current state of OT security across organizations.
Insight 1: OT leaders continue to see significant intrusions that affect the organization. Outages that affect productivity and revenue continue, and the risks to physical safety are rising.
As a group, organizations represented by the OT leaders who participated in the survey have been largely unsuccessful at preventing cyber criminals from intruding their systems. Nine out of 10 organizations experienced at least one intrusion in the past year, which is almost identical to the results of last year’s survey. Even though the pandemic was an unusual situation, a 90% rate of intrusion represents a significant problem that should concern OT leaders.
There was a significant change in insider breach instances, which have increased to 42%. Unlike unintentional security accidents, such as an employee who clicks a bad link, bad actors have malicious intent, which means OT leaders should carefully consider who has access to their systems. Additionally, with so many employees working from home, it is likely that the security issues related to home networks contributed to problems.