Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Cyber-attacks target operational technology

1 July 2019 Editor's Choice, Information Security, Industrial (Industry)

Focus on OT security increasing as around 74% come under attack in the past year, finds a new Fortinet report.

Environments running operational technology (OT) are stepping up their focus on cybersecurity amid a growing number of attacks. This emerged in Fortinet’s recent State of Operational Technology and Cybersecurity Report, which found about 74% of OT organisations have experienced a malware intrusion in the past 12 months, causing damages to productivity, revenue, brand trust, intellectual property, and physical safety.

The report found that a lack of cybersecurity contributes to risk. 78% of the organisations polled have only partial centralised visibility on the cybersecurity of their OT environments, 65% lack role-based access control, and more than half do not use multi-factor authentication or internal network segmentation. Nearly two-thirds (64%) of OT leaders say that keeping pace with change is their biggest challenge, and almost half (45%) are limited by a shortage of skilled labour.

However, OT organisations are increasing their focus on cybersecurity, with 70% planning to roll OT cybersecurity under the CISO in the next year, and 62% of cybersecurity budgets being increased.

Doros Hadjizenonos
Doros Hadjizenonos

“OT is vital to public safety and economic well-being, controlling the equipment that runs the world’s manufacturing plants, power grids, water utilities, shipping lines, and more,” notes Doros Hadjizenonos, regional director – SADC at Fortinet.

OT differs from traditional IT systems due to the processes and systems that must be incorporated to effectively manage production and resource development systems, including engines, valves, sensors, and even robotics, that are common to critical infrastructure environments but may be absent from traditional IT stacks, he says.

However, while IT and OT have been managed separately since their inception, there has been a growing movement toward the convergence of these two systems over the past 12 – 18 months. Incorporating IT capabilities such as big data analytics and machine learning into OT systems, along with faster connectivity solutions in order to respond to security and safety events more quickly, has allowed these industries to improve productivity and efficiency, offering a competitive edge to those who combine the systems effectively.

“It’s important for OT teams to consider how this convergence affects the cybersecurity posture of critical infrastructure, especially given the impact that downtime caused by a cyberattack can have on the economy, health, and productivity of the nation. And worse, the potential safety risks to workers and even local communities should a critical system be compromised,” says Hadjizenonos.

Key factors in attacks

The most common types of cyber-attacks affecting operational technology are malware, phishing, spyware, and mobile security breaches. The survey results show that these attacks persist as a result of four key reasons:

1. Lack of visibility: This makes it difficult for teams to detect unusual behaviour, quickly respond to potential threats, and perform threat analysis – all of which are crucial to a successful cybersecurity posture.

2. Lack of personnel: As we have often seen elsewhere, due to the cybersecurity skills gap the low availability of skilled security professionals is a key concern for operations leaders considering implementing new security tools and controls in the network.

3. Rapid pace of change: Operations leaders note that keeping up with the pace of change is a challenge when it comes to security, and yet, at the same time, slowing digital transformation efforts for any reason can compromise their competitive edge.

4. Network complexity: OT network environments are complex, with anywhere from 50 to 500 devices to monitor and secure, many of which come from different vendors. This exacerbates the challenges surrounding visibility and personnel, as each device stores different data and has different security configuration needs and requirements.

Improving security for operational technology

With these attack vectors and security challenges in mind, there are several steps operations leaders can take to improve the security posture at their organisations and minimise the risks associated with downtime in the wake of an attack.

First, 62% of organisations stated intentions to dramatically increase their cybersecurity budgets this year. Additionally, organisations are also adjusting their cybersecurity strategies, with 70% stating their intention to make the CISO responsible for OT cybersecurity in the next year – currently, just 9% of CISOs overseeing OT security.

In addition to these two changes already underway, organisations can implement several security tactics that have demonstrated success in critical infrastructure industries. As part of this study, Fortinet examined the differences in cybersecurity controls in place between those organisations that experienced zero intrusions over the last 12 months, and similarly-sized organisations with six or more intrusions. There were several tactics and tools that stood out among those top-tier organisations that those in the bottom-tier lacked, including:

• Multi-factor authentication.

• Role-based access control.

• Network segmentation.

• Conduct security compliance reviews.

• Management and analysis of security events.

As OT and IT systems continue to converge, implementing these essential tactics can help operations leaders and CISOs gain visibility across their OT environments while reducing complexity in their network to reduce cyber risk.

Final thoughts

Security threats to operational technology networks, especially in critical infrastructures such as transportation, health, and energy, can have major consequences for ensuring the success of these organisations, as well as for the daily lives of the people those industries support. To help minimise this risk, this latest report from Fortinet provides a critical examination of key areas of vulnerability in order to help OT teams identify more effective ways to improve cybersecurity efforts in the industries they support.

Find out more at https://www.fortinet.com/demand/gated/report-state-of-operational-technology.html





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...
The challenges of cybersecurity in access control
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security
SMART Security Solutions summarises the key points dealing with modern cyber risks facing access control systems, from Mercury Security’s white paper “Meeting the Challenges of Cybersecurity in Access Control: A Future-Ready Approach.”

Read more...
Securing your access hardware and software
SMART Security Solutions Technews Publishing RBH Access Technologies Access Control & Identity Management Information Security
Securing access control technology is critical for physical and digital security. Every interaction between readers, controllers, and host systems creates a potential attack point for those with nefarious intent.

Read more...
Phishing and social engineering are the most significant risks
News & Events Information Security
ESET Research found that phishing accounted for 45,7% of all detected cyberthreats in South Africa, with higher-quality deepfakes, signs of AI-generated phishing websites, and short-lived advertising campaigns designed to evade detection.

Read more...
Access trends for 2026
Technews Publishing SMART Security Solutions RR Electronic Security Solutions Enkulu Technologies IDEMIA neaMetrics Editor's Choice Access Control & Identity Management Infrastructure
The access control and identity management industry has been the cornerstone of organisations of all sizes for decades. SMART Security Solutions asked local integrators and distributors about the primary trends in the access and identity market for 2026.

Read more...
Access data for business efficiency
Continuum Identity Editor's Choice Access Control & Identity Management AI & Data Analytics Facilities & Building Management
In all organisations, access systems are paramount to securing people, data, places, goods, and resources. Today, hybrid systems deliver significant added value to users at a much lower cost.

Read more...
Zero Trust access control
Technews Publishing SMART Security Solutions CASA Software NEC XON Editor's Choice Access Control & Identity Management Information Security
Zero Trust Architecture enforces the rule of ‘never trust, always verify’. It changes an organisation’s security posture by assuming that threats exist both inside and outside the perimeter, and it applies to information and physical security.

Read more...
OT calculator to align cyber investments with business goals
Industrial (Industry) Information Security Security Services & Risk Management
The OT Calculator has been developed specifically for industrial organisations to assess the potential costs of insufficient operational technology (OT) security. By offering detailed financial forecasts, the calculator empowers senior management to make well-informed decisions.

Read more...
Protecting high-value data from AI
CASA Software Infrastructure Information Security Products & Solutions
As artificial intelligence accelerates the speed and sophistication of cyberattacks, protecting high-value data, such as financial records, legal files, patient data, intellectual property, and compliance records, has never been more urgent.

Read more...
Integrated security key to protecting cloud applications
Infrastructure Information Security
Cloud-native applications have transformed the way businesses operate, enabling faster innovation, greater agility, and enhanced scalability. Yet this evolution brings an equally complex security landscape.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.