A survey conducted recently by cybersecurity firm Fortinet showed that more than 90% of organizations that use operational technology (OT) systems have experienced some sort of cyber incident in the past year.
Fortinet’s 2021 State of Operational Technology and Cybersecurity Report is based on responses received in late February and early March from 100 people working for organizations with more than 2,500 employees in the manufacturing, energy and utilities, healthcare, and transportation sectors.
Fortinet told SecurityWeek that the study focused on OT systems and all respondents were responsible for some aspect of manufacturing or plant operations, but admitted that some of the reported incidents may have actually involved the organization’s IT systems.
The survey found that more than 90% of organizations experienced at least one cyber incident, and 12% reported more than 10 incidents in the past year. More than half of respondents said the incident resulted in an operational outage that affected productivity, and 45% said it resulted in an operational outage that put physical safety at risk.
The types of incidents reported by respondents included phishing (58%), malware (57%), insider breaches involving bad actors (42%), exploitation of vulnerabilities (40%), mobile security breaches (40%), removable storage devices (33%), ransomware (32%), unintentional insider breaches (31%), and DDoS attacks (24%). Phishing and malicious insider breaches recorded the most significant increase compared to previous years.
The OT leaders who took part in the survey admitted that they were not prepared for the changes required by the COVID-19 pandemic, and they were forced to quickly increase budgets for technologies that support remote work and change processes. Only 4% of respondents said they were prepared for remote work before the pandemic.
The connectivity between IT and OT has been increasing over the past years, but over 70% of those who took part in Fortinet’s survey said the pandemic actually accelerated OT-IT convergence.
When it comes to tracking and reporting cybersecurity measurements, roughly two-thirds said they regularly report issues to senior management, including identified vulnerabilities, detected intrusions, financial implications, risk management outcomes, productivity gains, and cost reduction.
“Vulnerabilities (70%) and intrusions (62%) remain the top cybersecurity measurements that are tracked and reported, but tangible risk management outcomes have become more prevalent this year (57%). OT cybersecurity issues are reported to senior/executive leadership fairly evenly, although the results of penetration/intrusion tests are not shared quite as much as the other issues,” Fortinet said in its report.
The survey also found some differences between top-tier organizations — those that reported no incidents — and bottom-tier organizations — those that reported more than 10 attacks.
Top-tier organizations are more likely to track and report financial implications, they are more likely to perform scheduled security assessments, are more likely to have full visibility into their OT activities, and they’ve had less problems related to working from home.