Fortinet’s 2023 State of Operational Technology and Cybersecurity Report shows that while operational technology (OT) organisations have improved their overall cybersecurity posture, they also have continued opportunity for improvement.

Networking and IT teams are under extraordinary pressure to adapt and become more OT-aware, and organisations are shifting to find and employ solutions that implement security across their entire IT/OT environment to reduce their overall security risk.

This was the findings in the global cybersecurity leader’s global 2023 State of Operational Technology and Cybersecurity Report as revealed by John Maddison, EVP Products and CMO at Fortinet.

Other key findings from the global survey include:

• OT continues to be targeted by cybercriminals at a high rate: Three-fourths of OT organisations reported at least one intrusion in the last year. Intrusions from malware (56 per cent) and phishing (49 per cent) were once again the most common type of incidents reported, and nearly one-third of respondents reported being victims of a ransomware attack in the last year (32 per cent, unchanged from 2022). Latin America and the Caribbean have the most significant concerns about ransomware’s impact on your OT environments; 63 per cent said ransomware represented the biggest impact in the last year.

• Cybersecurity practitioners overestimated their OT security maturity: In 2023, the number of respondents who consider their organisation’s OT security posture as “highly mature” fell to 13 per cent from 21 per cent the year before, suggesting growing awareness among OT professionals and more effective tools for self-assessing their organisations’ cybersecurity capabilities. Nearly one-third (32 per cent) of respondents indicated that both IT and OT systems were impacted by a cyberattack, up from only 21 per cent last year.

• The connected device explosion underscores complexity challenges for OT organizations: Nearly 80 per cent of respondents reported having greater than 100 IP-enabled OT devices in their OT environment, highlighting just how significant a challenge it is for security teams to secure an ever-expanding threat landscape. Survey findings revealed that cybersecurity solutions continue to aid in the success of most (76 per cent) OT professionals, particularly by improving efficiency (67 per cent) and flexibility (68 per cent). However, report data also indicates that solution sprawl makes it more difficult to consistently incorporate, employ, and enforce policies across an increasingly converged IT/OT landscape. And the problem compounds with aging systems, with the majority (74 per cent) of organisations reporting that the average age of ICS systems across their organisation are between six and 10 years old.

Best practices:

• develop a vendor and OT cybersecurity platform strategy

• deploy network access control (NAC) technology

• employ a zero-trust approach

• incorporate cybersecurity awareness education and training

Collaboration across IT, OT, and production teams to assess cyber and production risks, specifically ransomware incidents, with the CISO can help ensure awareness, prioritisation, budget, and personnel allocations.