Fortinet Global Report Finds 75 Percent of OT Organizations Experienced at Least One Intrusion in the Last Year

"Fortinet’s 2023 State of Operational Technology and Cybersecurity Report shows that while OT organizations have improved their overall cybersecurity posture, they also have continued opportunity for improvement. Networking and IT teams are under extraordinary pressure to adapt and become more OT-aware, and organizations are shifting to find and employ solutions that implement security across their entire IT/OT environment to reduce their overall security risk.”

John Maddison - EVP of Products and CMO at Fortinet 

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the findings from its global 2023 State of Operational Technology and Cybersecurity Report. The results represent the current state of operational technology (OT) security and point to the opportunity for continued improvement for organizations to secure an ever-expanding IT/OT threat landscape. In addition to the latest trends and insights impacting OT organizations, the report also provides a roadmap to help IT and security teams better secure their environments. 

Key findings from the global survey include

• OT continues to be targeted by cybercriminals at a high rate: While the number of organizations that did not incur a cybersecurity intrusion improved dramatically YoY (from 6% in 2022 to 25% in 2023), there is still significant room for improvement. In fact, three-fourths of OT organizations reported at least one intrusion in the last year. Intrusions from malware (56%) and phishing (49%) were once again the most common type of incidents reported, and nearly one-third of respondents reported being victims of a ransomware attack in the last year (32%, unchanged from 2022).

• Cybersecurity practitioners overestimated their OT security maturity: In 2023, the number of respondents who consider their organization's OT security posture as “highly mature” fell to 13% from 21% the year before, suggesting growing awareness among OT professionals and more effective tools for self-assessing their organizations’ cybersecurity capabilities. Nearly one-third (32%) of respondents indicated that both IT and OT systems were impacted by a cyberattack, up from only 21% last year.

• The connected device explosion underscores complexity challenges for OT organizations: Nearly 80% of respondents reported having greater than 100 IP-enabled OT devices in their OT environment, highlighting just how significant a challenge it is for security teams to secure an ever-expanding threat landscape. Survey findings revealed that cybersecurity solutions continue to aid in the success of most (76%) OT professionals, particularly by improving efficiency (67%) and flexibility (68%). However, report data also indicates that solution sprawl makes it more difficult to consistently incorporate, employ, and enforce policies across an increasingly converged IT/OT landscape. And the problem compounds with aging systems, with the majority (74%) of organizations reporting that the average age of ICS systems across their organization are between 6 and 10 years old.

• Alignment of OT security under the CISO bodes well for the industry: While nearly every organization faces an up-hill battle when it comes to finding qualified security practitioners due to the growing cybersecurity skills shortage, report findings suggest OT organizations are continuing to prioritize cybersecurity. A key indicator is that nearly every (95%) organization plans on placing the responsibility for OT cybersecurity under a chief information security officer (CISO) in the next 12 months rather than an operations executive or team. The findings also reveal that OT cybersecurity professionals now come from IT security leadership rather than product management, and influence on cybersecurity decisions is shifting away from operations and to other leaders, especially CISO/CSO roles.

Best Practices

Fortinet’s global 2023 State of Operational Technology and Cybersecurity Report indicates ways organizations can strengthen their overall security posture. Organizations can address OT security challenges by adopting the following best practices:

• Develop a vendor and OT cybersecurity platform strategy. Consolidation reduces complexity and accelerates outcomes. The first step is to begin building a platform over time by partnering with vendors that engineer their products with integration and automation in mind to enable organizations to consistently incorporate and enforce policies across an increasingly converged IT/OT landscape. Seek to engage with vendors with a wide portfolio of solutions that can provide the basic solutions of asset inventory and segmentation and more advanced solutions, such as an OT security operations center (SOC) or the ability to support a joint IT/OT SOC.

• Deploy network access control (NAC) technology. Solving challenges associated with securing ICS, SCADA, IoT, BYOD, and other endpoints requires advanced network access control to be part of a comprehensive security architecture. An effective NAC solution also helps to maintain complete control of an organization’s network by managing new devices that want to connect or communicate with other parts of the organization’s infrastructure.

• Employ a zero-trust approach. Implement the basic steps of asset inventory and segmentation, and provide continuous verification of all users, applications, and devices seeking access to critical assets.

• Incorporate cybersecurity awareness education and training. Cybersecurity training remains critical as the cybersecurity battle requires the collective empowerment of all employees to have the knowledge and awareness to work together to protect themselves and their organization’s data. Organizations should consider including nontechnical training targeted toward everyone who uses a computer or mobile device, from teleworkers to their families.

A platform approach, with open APIs and a robust fabric-ready technology alliance ecosystem, designed to deliver OT-aware features to secure OT environments enables CISOs and security teams to reduce complexity, increase efficacy in the prevention and detection of ransomware, and speed incident triage, investigation, and response.

Collaboration across IT, OT, and production teams to assess cyber and production risks, specifically ransomware incidents, with the CISO can help ensure awareness, prioritization, budget, and personnel allocations.

Report Overview

• The Fortinet 2023 State of Operational Technology and Cybersecurity Report is based on data from an in-depth worldwide survey of 570 OT professionals, conducted by a third-party research company.

• Survey respondents were from different locations around the world, including: Australia, New Zealand, Brazil, Canada, Egypt, France, Germany, India, Japan, Mexico, South Africa, United Kingdom, and United States, among others.

• Respondents represent a range of industries that are heavy users of OT, including: manufacturing, transportation/logistics, healthcare/pharma, oil, gas, and refining, energy/utilities, chemical/petrochemical, and water/wastewater.

• Most of those surveyed, no matter their title, are deeply involved in cybersecurity purchase decisions. And these individuals increasingly have the final say in OT purchase decisions. This year’s survey found that 91% of respondents are regularly involved in their organization’s cybersecurity purchase decisions.

About Fortinet

Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

FTNT-O

Copyright © 2023 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.