IT/OT Convergence Fuels Manufacturing Cyber Incidents
Converged IT and operational technology (OT) systems were targeted in 75% of cyber incidents impacting manufacturing firms in the past 12 months.
A new report by Telstra International and Omdia highlighted the significant cyber risks from IT/OT convergence and a lack of preparedness from manufacturers to deal with this threat.
The process of using IT systems to communicate and control OT – programmable systems that interact with industrial equipment – can significantly enhance efficiency in sectors like manufacturing and energy.
However, it also creates a broader attack surface for threat actors to target critical industrial equipment.
The report found that around 70% of OT systems in companies across the US, Latin America and Europe will be connected to corporate IT within the next year, up from the current 50%.
However, just 19% of firms surveyed are considered ‘advanced’ in securing their IT/OT systems, as measured against the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
In addition, just 45% of manufacturers were found to be well-prepared for converged IT/OT security across eight key areas. These included security networking, security awareness, supply chain risks and zero trust.
The report also identified a lack of consistency and clarity around who is responsible for securing IT/OT environments. Just 20% identified CISOs as having this responsibility, followed by Chief Risk Officers (14%) and Chief Technology Officer (13%).
Geraldine Kor, Telstra International’s Head of Global Enterprise Business, commented: “This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems. It is equally important to have the right people and security-focused culture as their absence will hinder security posture readiness, compounding technical challenges.”
Overall, 80% of manufacturers reported a significant increase in cybersecurity incidents over the past 12 months, with 31% of them resulting in financial losses and/or operational downtime.
Of the incidents that resulted in resilience or availability issues, the cost ranged from $200,000 to $2m.
Read now: Ransomware Costs Manufacturing Sector $17bn in Downtime
The study surveyed over 500 technology executives in the manufacturing industry globally.
