Fortinet Global Survey Uncovers Critical OT Security Challenges
John Maddison, EVP of Products and CMO at
Fortinet“This year’s global State of OT and Cybersecurity
Report demonstrates that while OT security has the attention of
organizational leaders, critical security gaps remain. PLCs
designed without security, continued intrusions, a lack of
centralized visibility across OT activities, and growing
connectivity to OT are some of the critical challenges these
organizations need to address. Security converged into the OT
networking infrastructure, including switches and access points and
firewalls, is essential to segment the environment. This combined
with a platform that spans OT, converged OT/IT and IT provides
end-to-end visibility and control.”
News Summary Fortinet® (NASDAQ: FTNT), a global
leader in broad, integrated, and automated cybersecurity solutions,
today released its global 2022 State of Operational Technology and
Cybersecurity Report. While industrial control environments
continue to be a target for cyber criminals – with 93% of
Operational Technology (OT) organizations experiencing an intrusion
in the past 12 months – the report uncovered widespread gaps in
industrial security and indicated opportunities for improvements.
Key findings of the report include:
- OT activities lack centralized visibility, increasing
security risks. The Fortinet report found that only 13% of
respondents have achieved centralized visibility of all OT
activities. Additionally, only 52% of organizations are able to
track all OT activities from the security operations center (SOC).
At the same time, 97% of global organizations consider OT a
moderate or significant factor in their overall security risk. The
report findings indicate that the lack of centralized visibility
contributes to organizations’ OT security risks and weakened
security posture.
- OT security intrusions significantly impact
organizations’ productivity and their bottom
line. The Fortinet report found that 93% of OT
organizations experienced at least one intrusion in the past 12
months and 78% had more than three intrusions. As a result of these
intrusions, nearly 50% of organizations suffered an operation
outage that affected productivity with 90% of intrusions requiring
hours or longer to restore service. Additionally, one-third of
respondents saw revenue, data loss, compliance and brand-value
impacted as a result of security intrusions.
- Ownership of OT security is not consistent across
organizations. According to the Fortinet report, OT
security management falls within a range of primarily director or
manager roles, ranging from the Director of Plant Operations to
Manager of Manufacturing Operations. Only 15% of survey respondents
say that the CISO holds the responsibility for OT security at their
organization.
- OT security
is gradually improving, but security gaps still exist in many
organizations. When asked about the maturity of their
organization’s OT security posture, only 21% of organizations have
reached level 4, which includes leveraging orchestration and
management. Notably, a larger proportion of Latin America and APAC
respondents have reached level 4 compared to other regions. More
than 70% of organizations are in the middle levels toward having a
mature OT security posture. At the same time, organizations face
challenges with using multiple OT security tools, further creating
gaps in their security posture. The report found that a vast
majority of organizations use between two and eight different
vendors for their industrial devices and have between 100 and
10,000 devices in operation, adding complexity.
OT Security is a Corporate-Level ConcernAs OT
systems increasingly become targets for cyber criminals, C-level
leaders recognize the importance of securing these environments to
mitigate risks to their organizations. Industrial systems have
become a significant risk factor since these environments were
traditionally air-gapped from IT and corporate networks, but now
these two infrastructures are becoming universally integrated. With
industrial systems now being connected to the internet and more
accessible from anywhere, organizations’ attack surface is
increasing significantly.
With the IT threat landscape becoming more sophisticated,
connected OT systems have also become vulnerable to these growing
threats. This combination of factors is moving industrial security
upward in many organizations’ risk portfolio. OT security is a
growing concern for executive leaders, increasing the need for
organizations to move toward full protection of their industrial
control system (ICS) and supervisory control and data acquisition
(SCADA) systems.
Best Practices to Overcome OT Security
ChallengesFortinet’s global 2022 State of Operational
Technology and Cybersecurity Report indicated ways organizations
can address OT systems’ vulnerabilities and strengthen their
overall security posture. Organizations can address their OT
security challenges by:
- Establish Zero Trust Access to prevent
breaches. With more industrial systems being connected to
the network, Zero Trust Access solutions ensure that any user,
device or applications without proper credentials and permissions
are denied access to critical assets. To advance OT security
efforts, Zero Trust Access solutions can further defend against
both internal and external threats.
- Implementing solutions that provide centralized
visibility of OT activities. Centralized, end-to-end
visibility of all OT activities is key to ensuring organizations
strengthen their security posture. According to Fortinet’s report,
top-tier organizations – which make up the 6% of respondents who
reported no intrusions in the past year – were more than three
times as likely to have achieved centralized visibility than their
counterparts who suffered intrusions.
- Consolidating security tools and vendors to integrate
across environments. To remove complexity and help achieve
centralized visibility of all devices, organizations should look to
integrate their OT and IT technology across a smaller number of
vendors. By implementing integrated security solutions,
organizations can reduce their attack surface and improve their
security posture.
- Deploying network access control (NAC)
technology. Organizations that avoided intrusions in the
past year were more likely to have role-based NAC in place,
ensuring that only authorized individuals can access specific
systems critical for securing digital assets.
Securing OT Environments with the Fortinet Security
FabricFor more than a decade, Fortinet has protected OT
environments in critical infrastructure sectors such as energy,
defense, manufacturing, food, and transportation. By designing
security into complex infrastructure via the Fortinet Security
Fabric, organizations have an efficient, non-disruptive way to
ensure that their OT environment is protected and compliant. With
full integration and shared threat intelligence, industrial
organizations gain fast, automated responses to attacks in any
vector. Fortinet’s Security Fabric covers the entire converged
IT-OT network to close OT security gaps, deliver full visibility
and provide simplified management.
About the Fortinet OT and Cybersecurity
Survey:
- This year’s State of Operational Technology and Cybersecurity
Report is based on a survey of more than 500 global OT
professionals conducted in March 2022.
- The survey targeted
people holding leadership positions responsible for OT and OT
security, from managers to C-level executives. Respondents
represent a range of industries that are heavy users of OT,
including manufacturing, transportation and logistics, and
healthcare.
Additional Resources
- Learn more about the Fortinet OT and Cybersecurity Survey in
this blog.
- Learn more about securing critical infrastructures with
Fortinet.
- Watch how Fortinet makes possible a digital world you can
always trust, and view how the Fortinet Security
Fabric platform delivers broad, integrated, and automated
protection across an organization’s entire digital
infrastructure.
- Read more about how Fortinet customers are securing their
organizations.
- Learn more about FortiGuard Labs threat intelligence and
research or Outbreak Alerts, which provide timely steps to mitigate
breaking cybersecurity attacks. Read more about Fortinet’s
FortiGuard security services portfolio.
- Learn more about Fortinet’s free cybersecurity training
initiative, which includes broad cyber awareness and product
training. As part of the Fortinet Training Advancement Agenda
(TAA), the Fortinet Training Institute also provides
training and certification through the Network
Security Expert (NSE) Certification, Academic Partner,
and Education Outreach programs.
- Engage in the Fortinet User Community (Fuse). Share ideas and
feedback, learn more about our products and technology, and connect
with peers.
- Follow Fortinet on Twitter, LinkedIn, Facebook,
and Instagram. Subscribe to Fortinet on YouTube.
About FortinetFortinet (NASDAQ: FTNT) makes
possible a digital world that we can always trust through its
mission to protect people, devices, and data everywhere. This
is why the world’s largest enterprises, service providers, and
government organizations choose Fortinet to securely accelerate
their digital journey. The Fortinet Security Fabric platform
delivers broad, integrated, and automated protections across the
entire digital attack surface, securing critical devices, data,
applications, and connections from the data center to the cloud to
the home office. Ranking #1 in the most security appliances shipped
worldwide, more than 580,000 customers trust Fortinet to protect
their businesses. And the Fortinet NSE Training Institute, an
initiative of Fortinet’s Training Advancement Agenda (TAA),
provides one of the largest and broadest training programs in the
industry to make cyber training and new career opportunities
available to everyone. Learn more at https://www.fortinet.com,
the Fortinet Blog, or FortiGuard Labs.
Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols
® and ™ denote respectively federally registered trademarks and
common law trademarks of Fortinet, Inc., its subsidiaries and
affiliates. Fortinet’s trademarks include, but are not limited to,
the following: Fortinet, the Fortinet logo, FortiGate, FortiOS,
FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC,
FortiClient, FortiCloud, FortiCore, FortiMail, FortiSandbox,
FortiADC, FortiAI, FortiAP, FortiAppEngine, FortiAppMonitor,
FortiAuthenticator, FortiBalancer, FortiBIOS, FortiBridge,
FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier,
FortiCASB, FortiCenter, FortiCentral, FortiConnect,
FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS,
FortiDeceptor, FortiDirector, FortiDNS, FortiEDR, FortiExplorer,
FortiExtender, FortiFirewall, FortiFone, FortiGSLB,
FortiHypervisor, FortiInsight, FortiIsolator, FortiLocator,
FortiLog, FortiMeter, FortiMoM, FortiMonitor, FortiNAC,
FortiPartner, FortiPenTest, FortiPhish, FortiPortal, FortiPresence
, FortiProtect, FortiProxy, FortiRecorder, FortiReporter,
FortiSASE, FortiScan, FortiSDNConnector, FortiSIEM, FortiSDWAN,
FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken,
FortiTrust, FortiVoice, FortiVoIP, FortiWAN, FortiWeb, FortiWiFi,
FortiWLC, FortiWLCOS and FortiWLM.
Other trademarks belong to their respective owners. Fortinet has
not independently verified statements or certifications herein
attributed to third parties and Fortinet does not independently
endorse such statements. Notwithstanding anything to the contrary
herein, nothing herein constitutes a warranty, guarantee, contract,
binding specification or other binding commitment by Fortinet or
any indication of intent related to a binding commitment, and
performance and other specification information herein may be
unique to certain environments. This news release may contain
forward-looking statements that involve uncertainties and
assumptions, such as statements regarding technology releases among
others. Changes of circumstances, product release delays, or other
risks as stated in our filings with the Securities and Exchange
Commission, located at www.sec.gov, may cause results to
differ materially from those expressed or implied in this press
release. If the uncertainties materialize or the assumptions prove
incorrect, results may differ materially from those expressed or
implied by such forward-looking statements and assumptions. All
statements other than statements of historical fact are statements
that could be deemed forward-looking statements. Fortinet assumes
no obligation to update any forward-looking statements, and
expressly disclaims any obligation to update these forward-looking
statements.
Media
Contact: |
|
Investor Contact: |
|
Analyst Contact: |
Stephanie Lira |
|
Peter Salkowski |
|
Rebecca Bergman |
Fortinet, Inc. |
|
Fortinet, Inc. |
|
Fortinet, Inc. |
408-235-7700 |
|
408-331-4595 |
|
650-554-0941 |
pr@fortinet.com |
|
psalkowski@fortinet.com |
|
analystrelations@fortinet.com |
|
|
|
|
|
Fortinet (LSE:0IR9)
Historical Stock Chart
From Apr 2024 to May 2024
Fortinet (LSE:0IR9)
Historical Stock Chart
From May 2023 to May 2024