What makes operational technology organizations in Singapore vulnerable to intrusion?

Source – Shutterstock

What makes operational technology organizations in Singapore vulnerable to intrusion?

  • 12% of respondents in Singapore have achieved centralized visibility of all OT activities
  • Singapore has been investing in securing operational technology through training cybersecurity professionals and the OT Cybersecurity Competency Framework

Operational technology (OT) is just as vital to the economy and people’s daily lives, even though it is less apparent than information technology (IT) in most enterprises and most definitely in public perception. After all, OT systems manage the critical infrastructure on which everyone relies, including transportation networks, fuel pipelines, power plants, and water and sewage systems.

Threat actors have taken note of this trend and are closely monitoring OT systems. Over the past ten years, OT systems have seen a growth in cyberattacks, partly because of their greater susceptibility to attacks from outside the system.

Attacks against OT infrastructure are getting worse, more frequent, and more significant. Like the colonial pipeline catastrophe and the JBS USA meat producer incidents that occurred last year in 2021. And this year, the attacks on Kojima Industries, a supplier of Toyota parts, have an impact on 28 production lines.

“Throughout the years, you can see things like traffic lights could get hacked, and power plants could get knocked offline. These impacts are getting from simple ransomware to things that could cause harm. In OT, this is where malware is created, specifically to cause damages, harm or even death,” said Jonathan Chin, Business Development Manager, Cybersecurity OT at Fortinet.

In fact, these attacks on OT infrastructures seriously harmed business operations.

The operational technology (OT) industry in Singapore was the subject of a Fortinet study, “2022 State of Operational Technology and Cybersecurity”, which found that more than nine out of ten OT firms there were affected and that 88% of them lost data and experienced productivity-reducing operational outages.

Additionally, 94% of organizations said that their cybersecurity activities do not have total visibility, implying they are unaware of the risks in their networks. With 64% of respondents having a high level of concern compared to other incursions, ransomware emerged as the largest concern.

Key findings of the report also showed that security threats are rising because of OT activities’ lack of centralized visibility. Only 13% (Singapore: 12%) of respondents have consolidated visibility of all OT activities, according to the Fortinet study for the world. Only 52% of firms can also track all OT activities from the security operations center (SOC).

At the same time, organizations’ productivity and bottom lines are dramatically affected by OT security intrusions. According to the survey, 93% (Singapore: 86%) of OT firms had at least one intrusion in the previous 12 months. Hackers, malware, and phishing emails were the top 3 intrusion types that Singaporean firms encountered.

Interestingly, the ownership of OT security varies amongst enterprises. The Fortinet research states that OT security management falls under a variety of mostly director or manager responsibilities, ranging from the Manager of Manufacturing Operations to the Director of Plant Operations.

Overcoming operational technology security challenges

The Fortinet report included a guide on how businesses might boost their entire security posture and address the vulnerabilities in OT systems. Organizations can deal with their OT security challenges by:

  • Implementing Zero Trust Access to stop breaches. As more industrial systems are connected to the network, Zero Trust Access solutions ensure that anyone, any device, or any application without the right credentials and permissions is prevented from accessing crucial assets.
  • Putting in place systems that give OT operations centralized visibility. To ensure that enterprises improve their security posture, centralized, end-to-end visibility of all OT activities is essential.
  • Combining security tool suppliers for cross-environment integration. Organizations should strive to combine their OT and IT solutions across a smaller number of providers to reduce complexity and achieve consolidated visibility of all devices.
  • Implementing technology for network access control (NAC). Organizations with a NAC in place, which ensures that only authorized users may access certain systems essential for protecting digital assets, were more likely to have avoided incursions in the previous year.

“Singapore has been investing in securing operational technology through training cybersecurity professionals and the OT Cybersecurity Competency Framework, as highlighted by Minister for Communications and Information Mrs. Josephine Teo. We believe enhanced collaboration between the public and private sectors, supported by suitable security tools investments, will better position Singapore to manage future OT cyber-attacks,” said Jess Ng, Country Head, Fortinet Singapore & Brunei.