Operation technology security provider Claroty’s research on the state of industrial cybersecurity worldwide found that a majority (56%) of information technology (IT) and OT security professionals at industrial enterprises have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic in March.
“The Critical Convergence of IT and OT Security in a Global Crisis” report is based on a global, independent survey of 1,100 full-time IT and OT security professionals who own, operate, or otherwise support critical infrastructure components within large enterprises across Europe, North America, and the Asia Pacific, examining how their concerns, attitudes, and experiences have changed since the pandemic began in March.
IT and OT OT security professionals in Singapore reveal that 31% said that employees and third-party vendors have been working less effectively during the pandemic and nearly three in four have said that their job has become more challenging since the pandemic began.
Cybercriminals are using new tactics to attack OT environments according to 71% of respondents, with hacking and credential theft, ransomware, and web application threats being the most prevalent. While more than half (54%) say their leadership’s top cybersecurity priority was implementing new technology solutions since the onset of the pandemic.
Across the globe, COVID-19 has led cybercriminals to use new tactics and organizations to become more vulnerable to cyber attacks, with 56% of global respondents saying that their organization has experienced more cybersecurity threats since the pandemic began. Almost three-fourths (72%) reported that their jobs have become more challenging.
COVID-19 has clearly had an impact on IT/OT convergence, as two-thirds (67%) say that their IT and OT networks have become more interconnected since the pandemic began and more than 75% expect they will become even more interconnected as a result of it. While IT/OT convergence unlocks business value in terms of operations efficiency, performance, and quality of services, it can also be detrimental because threats — both targeted and non-targeted — can move freely between IT and OT environments.
“As large enterprises are trying to improve their productivity by connecting more OT and IoT devices and remotely accessing their industrial networks, they are also increasing their exposure as a result,” said Yaniv Vardi, CEO of Claroty. “OT security needs to be brought to the fore and made a priority for all organizations. Attackers know that IT networks are covered with cybersecurity solutions so they’re moving to exploit vulnerabilities in OT to gain access to enterprise networks. Not protecting OT is like protecting a house with state-of-the-art security and alarm systems, but then leaving the front door open.”
In terms of industries, globally the respondents ranked pharmaceutical, oil and gas, electric utilities, manufacturing, and building management systems as the top five most vulnerable to attack. Most regions followed similar patterns, identifying three to five industries clustered closely toward the top of the list. The exceptions are the DACH region, where oil & gas clearly holds the top spot at 36%, and Singapore, where pharmaceutical is at 22%.
The Claroty Platform provides comprehensive OT asset and network visibility, segmentation, vulnerability management, threat detection, risk assessment, and Secure Remote Access (SRA) capabilities — all within a single, agentless solution. Unique to Claroty, SRA provides a single, secure, and clientless interface through which all external users connect prior to performing software upgrades, periodic maintenance, and other support activities on assets within OT networks. This is all enriched by the company’s award-winning OT security research department.
Based in New York, Claroty assists organizations with highly automated production sites and factories that face significant security and financial risk. Armed with the Claroty’s converged IT/OT solutions, these enterprises and critical infrastructure operators can leverage existing IT security processes and technologies to improve the availability, safety, and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.