Matching the growth of security to the pace of Operational Technology

Andrew Lintell, general manager EMEA, Claroty discusses how businesses must address the critical challenges in their OT security and what new measures must be taken to close those gaps.

Posted 29 January 2024 by Christine Horton

The Operational Technology (OT) market is projected to be worth $38.2 billion by 2028. How can we start to protect this technology?

OT’s significance transcends traditional industry boundaries. It’s now an integral backbone to modern technology systems as we embrace Industry 4.0 and integrate intelligent digital technologies into manufacturing and industrial processes.

Currently, the increasing convergence of IT and OT networks has amplified OT’s critical role, driving rapid technological advancements. As we step into 2024, organisations are having to become more proficient at recognising gaps within their OT security, given escalating cyber threats and the heightened regulatory demands, exemplified by directives such as NIS2.

To secure these environments effectively, we must prioritise developing real visibility into the intricate relationship between IT and OT environments. A comprehensive risk assessment, and an increased understanding of IT and OT assets and their interactions, is vital. Organisations cannot hope to protect their environments if they lack this foundation. Claroty’s recent survey of over 1,000 IT and OT professionals indicates encouraging progress in areas like network segmentation and vulnerability management, demonstrating an industry-wide commitment to addressing the evolving landscape of OT security as it becomes ever more relevant.

The Claroty report shows that 80 percent of organisations now having a cyber insurance plan – although this is reportedly much lower in the public sector. What trends or factors do you attribute to the significant increase in cyber insurance adoption, and how does this impact organisations’ overall approach to cybersecurity?

Ransomware attacks are becoming more and more severe with an increasing demand for a quick fix. To help mitigate these financial risks, cyber insurance is coming across as a new strategic opportunity to demonstrate financial preparedness.

This surge in cyber insurance adoption is representative of a strategic shift in how organisations perceive and manage cybersecurity risks. One of the pivotal factors driving this trend is the escalating severity of cyberattacks, with criminals aiming to cause as much disruption as possible. Threat actors, aiming to cause maximum damage and expense, have indirectly encouraged enterprises to view insurance as a financial safety net mitigating the potential fallout of such incidents.

The cost of cyberattacks will no doubt continue to rise as they become an ever-increasing occurrence, especially in critical sectors within our industries such as manufacturing and automation. Cyber insurance policies must provide organisations with a crucial financial buffer, allowing them to navigate the aftermath of incidents and sustain operations.

However in light of this, we must view insurance as a complementary measure rather than a replacement for robust risk management efforts. Insurers are tightening their criteria, creating the need for increasingly stringent security capabilities like strong access controls and effective vulnerability management. Couple this with the adoption of cyber insurance and it becomes a key part of a holistic cybersecurity strategy, where proactive risk mitigation is prioritised over reactive financial protection.

What proactive measures can companies take to safeguard their operations and mitigate potential damage in the aftermath of a ransomware attack, considering the importance of maintaining business continuity?

As I mentioned, we now live in the age of sophisticated, targeted criminal campaigns – gone are the days of scattered email-based attacks with relatively low payoffs. We’re witnessing an increase in monetary demands and in turn a shift in risk-management decisions for CISOs and other business leaders.

Recent attacks such as against Honda shows the devastating affect that a cyberattack can have on operations. Critical customer service portals and financial services were unavailable in the days following the attack, along with critical production being forced offline. This is an unacceptable outcome for businesses in the industrial sector with huge financial losses incurred.

If an organisation has been hit by a ransomware attack, of course maintaining business continuity and safety will be paramount and decreasing downtime will be vital. With the increase in cyber-physical connectivity, companies will find themselves needing to plug more gaps in their systems, especially in the instance of no longer paying ransoms.

It’s important for companies to be aware of what assets they have on their networks. Discovering these assets is vital to building resilience. Fully detailed inventories must be made so there is an awareness of everything within your network. Once you have your asset inventory in place, it is then key to regularly monitor it for vulnerabilities, outdated software, EOL indicators, and other changes. This is so you can make the updates needed to preserve availability.

What challenges do you foresee emerging in terms of compliance, and what strategies can organisations adopt to overcome these challenges effectively?

While regulations are paramount in setting the framework for uniform OT security policies, there’s an inherent danger in prioritising compliance over actual cyber resilience. Of course, organisations must meet all relevant regulatory demands, but compliance doesn’t equal comprehensive security.

Looking deeper into the intricacies of compliance and cyber resilience, it becomes evident that most regulations, especially more recent ones, are rooted in core security capabilities that organisations should already be pursuing.

A challenge in the compliance landscape is the potential for organisations to be overwhelmed by overlapping regulatory obligations. To effectively overcome this challenge, organisations should take a step back, mapping out the various expectations laid out by different regulations. This comprehensive approach allows them to create and implement risk management frameworks that not only fulfil multiple regulatory requirements but also keep the business resilient against a spectrum of cyber threats.

The focus should be on recognising that compliance is just one facet of a broader cybersecurity strategy. Regulations like NIS2 underscore the importance of risk management, prescribing the creation of policies for risk analysis, incident response, business continuity, among other essential components. By aligning with these core security measures, organisations can navigate the complex landscape of compliance requirements, ensuring not only regulatory adherence but also bolstering their cyber resilience against the evolving threat landscape.

Think Digital Partners is pleased to announce a new event for 2024. Think Digital Identity and Cybersecurity for Government takes place in London on May 8. Find out more and get your ticket here.