Manufacturing industry security teams are seeing the information technology (IT) and operational technology (OT) environments converging at a rapid pace, but are struggling to safeguard OT assets as they are using the same tools to safeguard their IT infrastructure.
As a result, IT teams can’t keep up with growing volumes of security data or the increasing number of security alerts. They lack the right level of visibility and threat intelligence analysis and don’t have the right staff and skills to handle the cybersecurity workload.
Consequently, business operations are being disrupted and cyber-risk is increasing as more than half of the manufacturing organizations surveyed have experienced some type of cybersecurity incident on their OT systems in the last 12 months taking weeks or months to remediate.Â
Those are the conclusions of a report conducted by TrapX Security in partnership with the Enterprise Strategy Group (ESG), which asked 150 cyber and IT professionals directly involved in security strategy, control and operations within manufacturing organisations about their current and future concerns.Â
Manufacturing organizations have large and growing investments in IT and OT technology, helping them achieve more agile business processes. As the research reveals, IT and OT integration is fast becoming a best practice. Nearly half (49%) of organisations say that IT and OT infrastructure are tightly integrated while another 45% claim that there is some integration. This integration will only increase as 77% of respondents expect further IT and OT infrastructure convergence in the future.Â
However, only 41% percent of organizations employ an IT security team with dedicated OT specialists, while 32% rely on their IT security team alone to protect OT assets. 58% use network technology tactics like IP ranges, VLANs, or microsegmentation to segment IT and OT network traffic. Almost one-quarter (24%) of organizations simply use one common network for IT and OT communications, reducing the visibility and response required for OT-focused attacks.
Common tools and staff may make operational sense, but deploying a plethora of IT security technologies to prepare for the specific threats of OT leaves IT teams unprepared and vulnerable to attack. As illustrated in the research, IT teams are repeatedly overwhelmed by the growing volumes of security data, visibility gaps, and a lack of staff and skills.
Security teams are getting challenged by the growing volumes of security data, and the increasing number of security alerts. 53% believe that their security operations workload exceeds staff capacity. and 37% admitted they must improve their ability to adjust security controls. More than half of surveyed organizations (58%) agreed that threat detection and response has grown more difficult. When asked to provide additional detail on the specific nature of that growing complexity, nearly half (45%) say they are collecting and processing more security telemetry and 43% say that the volume of security alerts has increased.
Manufacturers are still working in the dark though with just under half (44%) citing evolving and changing threats as making threat detection and response more difficult, particularly true as threat actors take advantage of the “fog” of COVID-19.
“The research illustrates a potentially dangerous imbalance between existing security controls and staff capabilities, and a need for more specialized and effective safeguards,” said Jon Oltsik, ESG Senior Principal Analyst and Fellow. “Manufacturing organizations are consolidating their IT and OT environments to achieve economies of scale and enable new types of business processes. Unfortunately, this advancement carries the growing risk of disruptive cyber-attacks. While organizations have deployed numerous technologies for threat detection and response, the data indicates that they are overwhelmed by growing volumes of security data, visibility gaps, and a lack of staff and skills.  Since they can’t address these challenges with more tools or staff, CISOs really need to seek out more creative approaches for threat detection and response.”
As the IT/OT attack surface grows, security teams are spread thinner as they try to keep pace with operations tasks such as threat detection, investigation, incident response, and risk mitigation. 53% agreed that their organization’s OT infrastructure is vulnerable to some type of cyber-attack, while the same number stated that they had already suffered some type of cyber-attack or other security incident in the last 12-24 months that impacted their OT infrastructure. When asked how long it typically takes for their firm to recover from a cyber-attack, 47% of respondents said between one week and one month, resulting in significant and potentially costly downtime for critical systems.
Manufacturing organizations lack the visibility needed for effective threat detection and response – especially regarding OT assets. Consequently, additional security complexity is unacceptable – any new investments they make must help them simplify security processes and get more out of existing tools and staff. 37% said they must improve their ability to see malicious OT activity, 36% say they must improve their ability to understand OT-focused threat intelligence and 35% believe they must improve their ability to effectively patch vulnerable OT assets.
44% of respondents highlighted Deception technology’s invaluable role in helping with threat research (44%), and 56% said that Deception technology can be used for threat detection purposes. More than half of the manufacturing organizations (55%) surveyed use Deception technology today, yet 44% have not made the connection between Deception technology and increased attack visibility.
“This research shows that manufacturing organizations are experiencing real challenges when it comes to threat detection and response, particularly for specialized OT assets that are critical for business operations,” said Ori Bach, CEO of TrapX Security. “This data, and our own experience working with innovators in all sectors of manufacturing, demonstrate there is a clear need for solutions like Deception, which can improve cyber defenses and reduce downtime without the need to install agents or disrupt existing security systems and operations.”
For further insights into the findings, download the full white paper, authored by Jon Oltsik, ESG Senior Principal Analyst and Fellow.