OT firms suffer so many attacks, they measure success by recovery time

Cyberattacks that compromise operational technology systems are on the rise as nearly one-third (31%) of OT organisations reported more than six intrusions in the last year, up from 11% the year before.

This is from a Fortinet report, based on a survey of more than 550 OT professionals, conducted by a third-party research company.

Respondents were from different locations around the world, including Australia, New Zealand, Argentina, Brazil, Canada, China, France, Germany, Hong Kong, India, Japan, Mexico, Norway, South Africa, South Korea, Spain, Taiwan, Thailand, United Kingdom, and the United States, among others.

In 2023, 49% of respondents experienced an intrusion that impacted either OT systems only or both IT and OT systems. But this year, nearly three-fourths (73%) of organisations are being impacted. 

The survey data also shows a year-over-year increase in intrusions that only impacted OT systems (from 17% to 24%). 

Given the rise in attacks, nearly half (46%) of respondents indicate that they measure success based on the recovery time needed to resume normal operations.

All intrusion types increased compared to the previous year, except for a decline in malware. Phishing and compromised business email intrusions were the most common, while the most common techniques used were mobile security breaches and web compromise.

Detection methods aren’t keeping pace with today’s threats. As threats grow more sophisticated, the report suggests that most organisations still have blind spots in their environment. 

Respondents claiming that their organisation has complete visibility of OT systems within their central security operations decreased since last year, dropping from 10% to 5%. 

However, those reporting 75% visibility increased, which suggests that organisations are gaining a more realistic understanding of their security posture. 

Yet more than half (56%) of respondents experienced ransomware or wiper intrusions—an increase from only 32% in 2023—indicating that there is still room for improvement regarding network visibility and detection capabilities.

Responsibility for OT cybersecurity is elevating within executive leadership ranks at some organisations. The percentage of organisations that are aligning OT security with the CISO continues to grow, increasing from 17% in 2023 to 27% this year. 

At the same time, there was an increase to move OT responsibility to other C-suite roles, including the CIO, CTO and COO, to upwards of 60% in the next 12 months, clearly showing concern for OT security and risk in 2024 and beyond. 

Findings also indicate that in some organisations, where the CIO is not outright responsible, there is an upward shift of these responsibilities from the director of network engineering to the VP of operations role, which illustrates another escalation of responsibility. 

This elevation into the executive ranks and below, regardless of the title of the individual overseeing OT security, may suggest that OT security is becoming a higher-profile topic at the board level.