3 min Security

Companies are finally prioritizing OT security, and they need to

Companies are finally prioritizing OT security, and they need to

Cisco research shows a promising trend. OT security has long been neglected, but organizations are finally catching up to that fact. With investment in OT rising sharply, this level of care and attention is desperately needed.

The results come from the Cisco State of Industrial Networking 2024 report, based on a survey of more than 1,000 industry professionals.

63 percent of this group of respondents increased their OT investments over the past year. Among organizations with annual revenues of more than $15 billion, a quarter said they had spent significantly more on OT.

Biggest target

The manufacturing industry is considered the primary target for cybercriminals. Organizations seem to have realized this by now: 30 percent of the organizations surveyed indicate that security is getting one of the biggest investments within their own OT infrastructure. This is often accompanied by AI-driven devices (31 percent) and cloud computing (29 percent).

Despite this financial push, security is still a stumbling block. 39 percent see implementing robust security measures as a major challenge, more so than familiar challenges such as standardization (37 percent) and managing multiple vendors and point solutions (36 percent).

Wake-up call

The many examples of OT attacks may have brought decision makers up to speed to the threat of them. Consider incidents such as LockBit shutting down Japan’s Nagoya port or, most recently, Swiss manufacturer Schlatter Industries. Such incidents are incredibly disruptive. Yet the complexity of a true ransomware attack on OT infrastructure is particularly challenging, as we described in detail in June.

Read more: There is no OT apocalypse, but OT security deserves more attention

Calls for more attention to OT security are thus being met. Industry players are much more likely to see cybersecurity as “extremely important” (51 percent versus 29 percent in 2023). Only a few still see security as only “slightly important” (2 percent).

Current problems

The main problems today are still vulnerabilities in legacy software (41 percent), malware/ransomware targeting OT/ICS systems (40 percent), as well as threats from within (32 percent).

How can this be solved? Cisco still sees that IT and OT teams are working separately: 41 percent keep these departments apart from one another. When asked, organizations report that OT/IT convergence can lead primarily to improved security (39 percent), greater efficiency (32 percent) and more operational simplicity (30 percent). OT decision makers are clearest about this: 87 percent see significant value in a unified security offering for OT and IT. Limited only to the C-suite, this percentage goes up to 92 percent.

This focus also translates to future investment priorities. Cybersecurity even ranks number one here, with AI a close second. Speaking of AI, 49 percent say that technology would begin to improve network management for both OT and IT. 46 percent of respondents believe AI will also lead to better collaboration between OT and IT.

Opinion

Cisco sees great opportunities for industrial networking. The company does advise organizations to always prioritize cybersecurity in these plans, while collaboration between OT and IT is highly desirable. Finally, it cannot ignore the fact that AI is going to be a major competitive advantage. For doubters, Cisco sees the danger of overworked IT workers who are already in too small numbers to meet demand. Those who do not leverage OT with the help of AI “will struggle to compete,” Cisco argues.

Also read: Cisco reorgs its upper management: platform vision extends further