Speaking during the unveiling of the Global 2022 State of Operational Technology and Cybersecurity Report together with Frost & Sullivan, Dickson Woo, Country Manager for Fortinet Malaysia said that heavily Operational Technology (OT) reliant industries such as the industrial and manufacturing sectors play a vital role in the country's economic transformation as highlighted by Malaysia’s Industry4WRD policy. However, OT has become a prime target for cybercriminals.
In the background from left to right: Rashish Pandey, Vice President, Marketing & Communications, Fortinet Asia and Adam Wu, Regional Solution Architect (OT), Fortinet Southeast Asia and Hong Kong
Front seated from left to right: Danny Tan, Business Development Manager (OT), Fortinet Malaysia; Dickson Woo, Country Manager, Fortinet Malaysia and Kenny Yeo, Frost & Sullivan's Director and Head of Asia Pacific Cyber Security Practice
Last week, Fortinet unveiled one rather shocking detail from the report, which found that 100% of Malaysian Operational Technology (OT) companies (50 were surveyed), faced at least 1 cyber intrusion in the past 12 months. Key findings of the report include:
OT activities lack centralised visibility, increasing security risks. Only 13% of respondents worldwide (12% in Malaysia) have achieved centralised visibility of all OT activities. The percentage of companies that can monitor all OT actions from the SOC is even lower, at 52%. But nearly all businesses around the world (97%) see OT as either a moderate or significant security issue. According to the report's conclusions, a lack of consolidated visibility is a major cause of Operational Technology (OT) security threats and a compromised security posture within enterprises.
OT security intrusions significantly impact an organisation’s productivity and bottom line. 93% globally (100% in Malaysia) of OT firms were targeted by an incursion in the previous twelve months, according to a survey by security firm Fortinet. Phishing emails, malware, and insider breaches were the top three forms of intrusions suffered by Malaysian businesses. More than half (Malaysia: 59%) of businesses experienced an operation outage that impacted productivity as a result of these intrusions, with 90% of intrusions requiring hours or longer to restore service. Meanwhile, 92% of Malaysian OT businesses returned to service within a few hours, while the remaining 1% took days, weeks, or months. In addition, one-third of respondents from all around the world reported that security breaches had a negative effect on revenue, data loss, compliance, and brand value.
Ownership of OT security is not consistent across organisations. The Fortinet research states that a wide variety of director and manager positions, such as the Director of Plant Operations and the Manager of Manufacturing Operations, are responsible for overseeing OT security. As little as 15% (or 24% in Malaysia) of respondents said their CISO was responsible for OT security.
OT security is gradually improving but security gaps still exist in many organisations. Only 21% of companies have reached level 4 in terms of their OT security posture, which involves using orchestration and management. Most notably, more people in Latin America and Asia-Pacific have reached level 4 than in any other region. According to the study, most companies utilise anywhere from two to eight different suppliers for their industrial devices, and they run anywhere from one hundred to ten thousand of them. The majority of Malaysian OT companies (82%), according to the report, use between 1,000 and 10,000 IP-enabled OT devices. There are already security holes in local businesses due to the fact that they use a patchwork of OT security products.
“As compared to other countries, our study found that all organisations surveyed in Malaysia suffered an impact on operations in the industrial environment due to cyber intrusions. 76% of local organisations also expressed a high level of concern regarding ransomware in OT environments. These alarming results call for an urgent need for local organisations to relook at their cybersecurity strategies and adopt industry best practices. Fortinet is committed to fortifying Malaysians against the emerging cybersecurity threats for a resilient next-generation of businesses,” Woo mentioned.
Dickson Woo, Country Manager, Fortinet Malaysia
OT Security is a Corporate-Level Concern
As OT systems increasingly become targets for cybercriminals, C-level leaders recognize the importance of securing these environments to mitigate risks to their organisations. Industrial systems have become a significant risk factor since these environments were traditionally air-gapped from IT and corporate networks but now these two infrastructures are becoming universally integrated. With industrial systems now being connected to the Internet and more accessible from anywhere, an organisation’s attack surface is increasing significantly.
With the IT threat landscape becoming more sophisticated, connected OT systems have also become vulnerable to these growing threats. This combination of factors is moving industrial security upward in many organisations’ risk portfolios. OT security is a growing concern for executive leaders, increasing the need for organisations to move toward full protection of their Industrial Control System (ICS) and Supervisory Control And Data Acquisition (SCADA) systems.
The Best Ways to Deal With OT Security Problems
Organisations can address weaknesses in OT systems and improve their overall security posture by following the recommendations made in Fortinet's Global 2022 State of Operational Technology and Cybersecurity Report. To combat OT security threats, businesses can:
Establish Zero-Trust Access to prevent breaches. As more manufacturing systems become networked, it is increasingly important to implement Zero-Trust Access solutions to prevent unauthorised access to vital resources. Zero-Trust Access solutions can strengthen defences against both internal and external threats, which is a major step forward in OT security.
Implementing solutions that provide centralised visibility of OT activities. It is essential for businesses to improve their security posture to have centralised, end-to-end visibility of all OT activities. Organisations in the top tier, which make up the 6% of respondents who reported no breaches in the last year, are more than three times as likely to have achieved centralised visibility as their counterparts who suffered intrusions, according to a survey by Fortinet.
Consolidating security tools and vendors to integrate across environments. Organisations should seek to integrate their OT and IT systems across fewer providers in order to reduce complexity and assist obtain a consolidated view of all devices. Organisations can improve their security by cutting down on the number of potential entry points into their network by using integrated security solutions.
Deploying Network Access Control (NAC) technology. With a NAC in place, only authorised users are granted access to essential systems, greatly increasing the safety of an organisation's digital assets.
Securing OT Environments With the Fortinet Security Fabric.
Fortinet has been protecting OT environments in the energy, defence, manufacturing, food, and transportation industries for over a decade. Using the Fortinet Security Fabric, businesses can ensure that their OT environment is secure and compliant in a way that is efficient and will not disrupt daily operations. Industrial enterprises obtain instant, automated reactions to attacks of any vector with full integration and shared threat intelligence. Fortinet's Security Fabric spans the entirety of the converged IT-OT network, allowing it to plug security holes in OT, reveal previously hidden data, and streamline network administration.
Whether we like it or not, cyber attacks will happen as it is not a matter of if but when. Fortinet believes that the Operational Technology industry in Malaysia MUST take extra precautionary steps in order to try to reduce the impact or the risk of losing important data that might crumble their business. Rome was not built in a day and the same goes for your company’s defences. Take time to build your very own great wall of protection against cyber attacks.