In the 5G era, and especially with the emergence of smart factories, as companies tend to integrate the networks running operational technology (OT) and information technology (IT), it is giving rise to an increasing number of cyber-attacks. A new study by cybersecurity firm Fortinet, showed that 96% of OT environments in India experienced at least one intrusion in the past 12 months and 90% had more than three intrusions - making it a top concern for the C-suite.
OT system, that monitors and manages industrial process assets and equipment, traditionally interacted with machines in factory floors, and other devices, whereas IT networks deals with big data and machine learning, along with the evolutions in machine-to-machine (M2M) communication and the Internet of Things (sensors). Integrating the two means a hacker could exploit one by breaking through the other.
Despite increased automation and convergence however, the report finds OT attacks still receive little attention and only 54% of these security compromise in OT systems were reported to senior leadership in the last one year. Moreover, intrusions are having an impact not just on OT, but enterprise IT systems as well with 29% of India organisations which had OT systems impacted by intrusions also had their IT environments impacted by the intrusion.
The study further showed that organisations impacted by intrusion took longer time to return to service. OT organisations don't have flexibility when it comes to downtime, yet 92% of Indian organisations took hours and more to return to service after an intrusion while 60% took days, weeks and months to return to service after an intrusion, according to the study.
Organisations are impacted by operational downtime impacting revenue and productivity after an intrusion. The report found 65% of India OT organisations suffered operational outage that affected productivity, 58% suffered operational outage that impacted revenue while 48% suffered operational outage that put physical safety at risk.
“While OT security has the attention of organisational leaders the problem often relates to the complexity involved in building a holistic security infrastructure that encompasses both OT and IT environments,” said Vishak Raman, Vice President of Sales, India, SAARC & Southeast Asia at Fortinet.
For example, OT security is gradually improving, but security gaps still exist in many organisations which lack centralised visibility. Only 16% of respondents have achieved centralised visibility of all OT activities. The report findings indicate 84% lacked centralised visibility contributing to organisations’ OT security risks and weakened security posture.
A June 2022 report by Capgemini also said that 84% of Indian security experts were unable to respond effectively to cyber-attacks in their smart factories and manufacturing locations. In fact, over 50% acknowledged that the number of cyber-attacks will likely increase over the next 12 months.
“The increased use of industrial internet of things (IIoT), smart sensors, mobility solutions, connected devices or robots in shop floors are making these facilities prone to more and more sophisticated cyber-attacks,” said Clifton Menezes, executive vice president, India Head, Group Portfolio at Capgemini told Tech Circle, adding that vulnerabilities in these devices can compromise the entire system of a company.
He further suggested that organisations should invest in cyber security management programmes including threat intelligence, vulnerability assessment, etc. that extend across their IT and OT networks.
Raman too said that with full IT-OT integration and shared threat intelligence, organisations can gain fast automated responses to attacks, close OT security gaps, deliver full visibility, and provide simplified management.