Operational technology environments have become increasingly connected to networks, the internet, and the cloud. Critical infrastructure and industrial manufacturing systems, such as power grids, transportation systems, and manufacturing plants, rely on connectivity to OT and IIoT (the Industrial Internet of Things) to function smoothly and effectively.
Along with this welcome digital transformation comes a sharp rise in the risk of cyber attacks. Cyber security risks impact businesses, governments, and individuals. Greater risk awareness and a proactive approach are needed to help businesses ensure safe and resilient critical infrastructure operations.
A recent joint survey conducted in partnership by OTORIO and ServiceNow revealed insights into the state of OT cyber security. 190 C-level key decision-makers were surveyed, from industries such as energy, utilities, manufacturing, oil, and gas.
OTORIO and ServiceNow have a shared aim of delivering innovative solutions that enable businesses to successfully manage today’s technology landscape and proactively prevent exposure. This collaborative survey identified the major OT cyber security challenges faced by these industries and proposed steps that can be taken to manage and mitigate risk. Most survey respondents expressed serious challenges with their present cyber security OT/ICS solution.
As Karan Shrivastava, Director of Product Management, OT at ServiceNow explained, “The findings identify critical gaps in OT security strategies and underscore the need for a comprehensive, integrated, and automated approach to risk management. As a leading digital workflow company, we are proud to offer a solution that enables our customers to easily identify and prioritize risks, and improve their overall security posture”
Daniel Bren, CEO & Co-Founder at OTORIO summed up the survey’s findings as follows: “These survey results are concerning, because they clearly show that many organizations have significant gaps in their security strategies that put them at high risk of OT cyber-attack. However, they also suggest that companies are moving towards a proactive approach to cyber security, prioritizing the protection of their assets and enhancing their security posture. Our industrial-native OT security platform, in combination with ServiceNow, offers a comprehensive solution to help organizations address today’s most complex regulatory and cyber security challenges.”
Security threats continue to rise. Hacktivist groups, state-sponsored ransomware attacks, and cyber criminals loom on the threat landscape. However, most organizations rely on reactive solutions that leave them vulnerable to attack. When it comes to industrial OT cyber security, any level of risk is too high, as the potential consequences to national security and public safety are dire. When a company waits to respond to an attack after it has occurred, it is already too late.
While most organizations surveyed rated their OT cyber security risk levels as high or critical, the majority do not currently have an OT/ICS security strategy in place, and nearly half lack an OT security solution. This highlights an going gap between where companies want their security posture to be and where it currently stands.
The survey showed that not all organization stakeholders are on the same page when it comes to their priorities. While IT and OT security teams both want to manage and mitigate risk, they have differing ideas on how to achieve these shared objectives. OT departments tend to focus on risk and worry that risk alerts are not being prioritized based on their business impact. IT teams, on the other hand, are more concerned about automation, visibility, and alert fatigue. These findings are in line with the unique roles played by OT and IT departments in establishing and ensuring an organization’s overall security strategy.
Most organizations surveyed have a reactive approach to mitigating OT security rather than a proactively managing risk. Moreover, most companies rely on manual methods that waste valuable time and resources, while being far less effective than automated risk management approaches. However, the companies surveyed expressed a growing understanding that to move forward safely and effectively, they will need to make use of the available automations and take a proactive stance, which will prevent issues from escalating and minimize their impact.
Many of the companies surveyed do have a team in place to develop and implement an OT strategy in the coming months, significantly increasing their OT security budget in 2023. Considering that budgets have shrunk considerably in the face of a global economic slowdown, the allocation of funds to OT security makes it clear that this is a major concern for critical infrastructure and manufacturers. While this is an important step, the approaches these teams use must be as effective and comprehensive as possible, making the most of the time, money, and resources devoted to them.
OT security continues to be a major issue for company executives who are actively seeking new Industrial OT cyber security solutions. Demands are growing on critical infrastructure operators and software developers due to increased regulations, high risk levels, and inadequate current solutions.
Security teams need a solution that provides adequate support to deal with the high levels of risk they face. OTORIO and ServiceNow utilize proven, innovative approaches to effectively address OT security challenges and help critical infrastructure organizations and manufacturers stay ahead of the curve. The insights provided by this survey demonstrate just how important partnerships like this are in addressing the key challenges and priorities of Industrial OT cyber security.