A Former CISO Reacts to the Fortinet State of OT Cybersecurity Report

For many years I served as a CISO, first for the Israeli Navy and then for Orbotech, a global manufacturing company. This experience taught me a lot not just about cybersecurity but also about leading teams and how to respond quickly in emergency situations. As I read the Fortinet 2023 State of Operational Technology Survey, some key points really stood out to me, and I wanted to share my reactions with you. 

The most significant trend I see in this year’s report is that the responsibility for OT cybersecurity is increasingly being placed under the CISO. This indicates a prioritization of cybersecurity within organizations, and to me it is good news. Consolidating security efforts under a single executive leader can dramatically streamline – and therefore improve – the organization’s people, process, and technology strategies. Still, as these leaders assess their newly acquired responsibilities in the OT domain, they should take care not to make too many assumptions. Instead, they should dig-in, learn about the unique needs of OT environments, and then bring their considerable problem-solving skills to bear on the highest priority issues. 

Some additional trends that stood out to me: 

1. Industrial organizations have improved their cybersecurity posture but there is still significant work to be done, especially when it comes to the challenges posed by complexity and aging systems.

2. Cybersecurity intrusions targeting OT environments remain prevalent, with malware and phishing being the most common incidents.

3. There is a growing awareness among OT professionals regarding their security maturity, with a decline in self-assessed highly mature organizations.

4. The complexity of securing connected devices in OT environments poses a challenge, and cybersecurity solutions play a crucial role in improving efficiency and flexibility. (We at Cyolo recently released a research report on the state of industrial secure remote access, which I encourage you to read for further insights on this important topic.)

5. Global trends include a decline in intrusions but an increase in targeted ransomware and phishing attacks, OT cybersecurity falling under the CISO, and challenges in applying policies consistently across the IT/OT landscape.

If you are a CISO who has inherited the responsibility of securing your organization's operational technology, I see this report as an opportunity to evaluate and enhance your OT cybersecurity strategy. 

The report emphasizes the need for continuous improvement in cybersecurity as well as the importance of collective empowerment and awareness in the battle against cyber threats. Still, I think it is important to acknowledge the positive progress made in recent years. There is a clear and growing recognition of the significance of cybersecurity in operational technology environments, and this is a positive development indeed.  

I would assess how your company aligns with the best practices outlined in the report. This would involve evaluating your vendor and cybersecurity platform strategy, ensuring the deployment of zero-trust access controls, and incorporating cybersecurity awareness education and training for employees. Specifically, strengthening remote access security measures, enhancing visibility and control over remote access activities, and exploring opportunities for consolidation and automation to simplify our IT/OT landscape would be top of mind for me. 

Overall, I hope this report helps you uncover any gaps, align with best practices, and take proactive measures to strengthen defenses. With the right tools and strategy, you certainly can succeed in keeping your most critical resources safe and operational.

For additional insights on OT security and the challenges of securing industrial remote access, read this new research report.