A significant increase in cyberattacks targeting operational technology (OT) organizations has been reported by Fortinet in their 2024 State of Operational Technology and Cybersecurity Report.
The report reveals that nearly one-third (31%) of OT organizations experienced more than six intrusions in the past year, a stark increase from 11% the previous year.
John Maddison, Chief Marketing Officer at Fortinet, noted, “While OT organizations are making progress in strengthening their security posture, teams still face significant challenges in securing converged IT/OT environments.”
Cyberattacks on OT systems have grown more sophisticated, with 73% of organizations impacted this year, up from 49% in 2023. Alan Reyes, Country Manager at Fortinet Philippines, emphasized the urgency, stating, “As cyberattacks grow increasingly sophisticated, many organizations’ OT systems are being compromised, and detection methods are struggling to keep pace.”
The report indicates a decline in the number of organizations with complete visibility of their OT systems, dropping from 10% to 5%.
Despite this, there is an increase in those reporting 75% visibility, suggesting a more realistic understanding of their security posture.
“With the integration of IT and OT environments, it is more critical than ever for Philippine organizations to strengthen their security postures to combat these attacks,” Reyes added.
Executive Oversight and Best Practices
The responsibility for OT cybersecurity is increasingly being elevated within executive leadership.
The percentage of organizations aligning OT security with the Chief Information Security Officer (CISO) role has grown from 17% to 27%.
The report also outlines best practices, including deploying network segmentation, establishing visibility and controls for OT assets, integrating OT into security operations, embracing OT-specific threat intelligence, and considering a platform-based approach to security architecture.
Recommendations
Fortinet’s recommendations for addressing OT security challenges include creating defensible OT architecture with strong network policy controls, implementing protective compensating controls for OT devices, and developing IT-OT SecOps and incident response plans. Additionally, adopting a platform approach to security can help organizations consolidate tools and simplify their security architecture.
The report is based on a global survey of over 550 OT professionals from various industries, including manufacturing, healthcare, and energy. The survey covered respondents from multiple countries, emphasizing the widespread nature of these cybersecurity challenges.
