A majority of organizations and enterprises with operational technology have experienced security intrusion in the past 12 months due to widespread gaps in industrial security, according to the 2022 State of Operational Technology and Cybersecurity by Fortinet, a provider of integrated and automated cybersecurity solutions.
Operational technology is hardware and software that detects or causes a change through direct monitoring and controlling industrial equipment, assets, processes, and events. OT includes industrial control systems, building management and fire control systems, and physical access control mechanisms.
Fortinet's study showed that in the Philippines alone, 94 percent of enterprises utilizing OT are experiencing intrusions in the past 12 months.
The top three types of intrusion that Philippine organizations are experiencing are malware, phishing email, and hacker.
As a result of these intrusions, nearly 66 percent of organizations in the Philippines suffered an operation outage that affected productivity, with 90 percent of intrusions requiring hours or longer to restore service.
In the Philippines, 85 percent of OT organizations took more hours to return to service, while four percent took weeks. Additionally, one-third of global respondents saw revenue, data loss, compliance, and brand value impacted by security intrusions.
Alongside this development, Fortinet's study on the Philippines' OT sector shows that cyber risk increases even though organizations are enjoying business performance improvements.
Also, the study showed that at least 53 percent of surveyed Philippine OT organizations suffered an impact on operations in the industrial environment due to cyber intrusions. In comparison, 66 percent of OT organizations also suffered operational outages that put physical safety at risk, more so than productivity and revenue losses.
Other key findings include that OT activities lack centralized visibility, increasing security risks, as only 13 percent of respondents have achieved centralized visibility of all OT activities; that ownership of OT security is not consistent across organizations; organizations do not have complete visibility into OT activities, and OT security gaps persist, with many organizations not having complete visibility; and that OT security is gradually improving, but security gaps still exist in many organizations.
To overcome OT security challenges, Fortinet suggested that organizations establish Zero Trust Access to prevent breaches; implement solutions that provide centralized visibility of OT activities; consolidate security tools and vendors to integrate across environments; and deploy network access control technology.
"In the Philippines, OT is a significant component of the country's economy, with sectors that utilize OT, such as agriculture and industrial activities, contributing about 40% of the country's gross domestic product. Many OT equipment and devices are also going online, with OT organizations embracing digital transformation, so cybersecurity is now crucial to business," Castañeda said.
