OT systems as a gateway for cyber attacks

Machines, plants and systems are increasingly networked and the development process is highly dynamic. Industry 4.0 and 'smart factories' are changing the production landscape at top speed. At the same time, the risks of cyberattacks on operational technology (OT) are increasing and with them the complex requirements for OT security.

In a DACH-wide survey,Sophos asked 201 IT decision-makers who are familiar with the OT systems in their companies to what extent the companies are dependent on OT systems and whether there have already been attacks on them. Over 80% of the companies surveyed came from the industrial sector, with the remainder belonging to the utilities sector.

High dependency on OT systems

The vast majority of businesses confirmed that they are very (29.4%) or heavily (50.2%) dependent on OT systems. 18.9% are partially dependent on operating technologies, while 1.5% hardly need them at all.

The following figures prove that these systems are already a target for cybercriminals and are vulnerable to attack: 47.3% of the companies surveyed had already experienced cyberattacks on the company network in which OT systems were used by cybercriminals as door openers. 44.3% of companies had not yet had to deal with any attacks of this kind, while 8.5% of respondents were unable to provide any information.

A lot (in) use for OT security

Only 2.5% of companies state that they have not taken any special measures at all for the cyber security of their OT systems. The vast majority already have measures and solutions in place - first and foremost authentication measures (58.7%) and software and firmware updates (57.7%). Firewalls and intrusion detection solutions are used as security measures by 57.2%, followed by VPN solutions (51.7%), security training for employees (49.3%) and blocking unauthorized persons (48.3%). Other measures that companies use to strengthen the cyber protection of their OT systems include blocking unauthorized applications, network segmentation and standardized processes and rules. At the bottom of the list of measures mentioned are vulnerability analyses and penetration tests, which are only carried out by 31.8% of companies, as well as physical security measures such as access controls. The companies were able to provide multiple answers.

"For companies, some of whose OT systems cannot be equipped with classic endpoint protection, it is extremely important to quickly identify and close any open flanks and, above all, to detect cybercriminal activities in the network. Vulnerability analysis and continuous scanning of the network are therefore essential. NDR solutions identify suspicious behavior in the network and also contribute to a significantly higher level of protection by detecting insecure legitimate OT devices," says Michael Veit, security expert at Sophos.

A high level of external support

The majority of companies rely on external expertise for OT security. 18.4% have completely outsourced their OT security to service providers, while 46.3% of companies have at least parts of their OT security monitored and operated by external specialists. 12.9% of companies are planning to partially or fully outsource their OT security within the next twelve months, while 22% state that they will continue to take care of this important issue in-house in the future.

Targets for cyber criminals

39.8% of companies are convinced that OT systems are increasingly lucrative targets for cybercrime. However, 37.8% believe that the focus here will primarily be on operating technologies in the area of critical infrastructures. Although there will be an increase in attacks on OT systems, 16.4% of respondents believe that there is a significantly lower risk here compared to traditional IT systems. Only a minority of 6% believe that OT systems will not be a target for cyber attacks in the future.