OT market study: Tips for future-proof OT Security
Malte Marquardt | March 14, 2024
What investments and measures are global players in the industry relying on in OT security? What is the current situation and how can industrial companies position themselves for a secure future in cybersecurity? Based on a market study, we provide recommendations for sustainable OT security.
Initial situation of OT Security
Industrial companies need to adapt cybersecurity applications to the complexity of industrial automation. This is because OT systems are not originally designed to withstand external attacks. In addition, there are numerous requirements that appear with IT-OT convergence. The great diversity of OT networks makes it more difficult to develop suitable security concepts. Each industry has different standards and multi-layered supply chains. The intensified threat situation due to the professionalization of cyber-attacks and the far-reaching potential security risks posed by the compromise of OT systems, such as injury to workers, environmental hazards, or other physical damage, make OT security a topic with major social implications.
This is why there are now numerous legal initiatives, such as NIST (USA) or NIS 2 (EU), which are intended to enforce security standards across the board. At the same time, there is a lack of skilled workers to implement the necessary security measures in many places.
OT market study: Moving Beyond Visibility
The global, independent analyst and consulting firm Omdia conducted the market study "Moving Beyond Visibility" in partnership with Belden. It surveyed 300 cybersecurity decision-makers from large, globally active companies on the digitalization of OT and shaping the future of cybersecurity in the industry.
Visibility
Visibility is the basis for targeted technical, organizational, and procedural measures.
63 % of the respondents stated that the visibility of all devices is of great importance. However, not all companies have yet recognized the importance of visibility.
Firewalls with DPI - Next-Gen
For 43 % of the participants responded, that next-gen firewalls are very important for the industry, further 40 % answering "important". Traditional firewalls only fulfill the task of preventing certain traffic on certain ports. This is no longer sufficient for modern cybersecurity in industry. The finesse of DPI lies in the fact that the content of the communication that passes through the firewall is also analyzed.
Cyber assessments
Cybersecurity should be understood as a continuous process. Conducting regular cybersecurity assessments is fundamental to guiding the security strategy, making decisions on security architecture and solutions, and prioritizing and focusing security measures. To this end, companies should conduct cyber assessments at least quarterly. Just over half of the respondents conduct cyber assessments every 3 months or at monthly intervals.
Cybersecurity budgets
Companies' cybersecurity budgets are increasing, but some of the investments are not being used properly.
For example, we estimate that over 40 percent of companies are not investing enough in cyber resilience.
Would you like to view the results of the market study in detail?
6 recommendations for future-oriented OT Security
1. Customized cybersecurity assessments are great to focus on the right risk mitigations.
2. Create visibility and awareness of the entire network and associated processes as a foundation.
3. A defense-in-depth approach that addresses the evolving threat landscape is needed.
4. Convergence of IT and OT expertise, processes and cross-team collaboration are key to a holistic approach to security.
5. Customized cybersecurity architectures typically lead to better resilience than siloed best-in-class approaches.
6. Cybersecurity for OT must cover every layer - from the I/O block to the cloud.