TrapX Security, the global leader in Deception-based cyber defense solutions, has today released findings of a research survey in partnership with the Enterprise Strategy Group (ESG). The survey asked 150 cyber and IT professionals directly involved in security strategy, control and operations within manufacturing organizations about their current and future concerns.
The research findings point to an industry whose security teams are seeing the information technology (IT) and operational technology (OT) environments converging at a rapid pace. Yet manufacturing organizations are struggling to safeguard OT assets as they are using the same tools to safeguard their IT infrastructure as they are for OT. As a result, IT teams can’t keep up with growing volumes of security data or the increasing number of security alerts. They lack the right level of visibility and threat intelligence analysis and don’t have the right staff and skills to handle the cybersecurity workload. Consequently, business operations are being disrupted and cyber-risk is increasing as more than half of the manufacturing organizations surveyed have experienced some type of cybersecurity incident on their OT systems in the last 12 months taking weeks or months to remediate.
IT and OT Convergence Best Practice for Manufacturers
Manufacturing organizations have large and growing investments in IT and OT technology, helping them achieve more agile business processes. As the research reveals, IT and OT integration is fast becoming a best practice. Nearly half (49%) of organizations say that IT and OT infrastructure are tightly integrated while another 45% claim that there is some integration. This integration will only increase as 77% of respondents expect further IT and OT infrastructure convergence in the future.
However, only 41% percent of organizations employ an IT security team with dedicated OT specialists, while 32% rely on their IT security team alone to protect OT assets. 58% use network technology tactics like IP ranges, VLANs, or microsegmentation to segment IT and OT network traffic. Almost one-quarter (24%) of organizations simply use one common network for IT and OT communications, reducing the visibility and response required for OT-focused attacks.
Common tools and staff may make operational sense, but deploying a plethora of IT security technologies to prepare for the specific threats of OT leaves IT teams unprepared and vulnerable to attack. As illustrated through this research, IT teams are repeatedly overwhelmed by the growing volumes of security data, visibility gaps, and a lack of staff and skills.
Teams Overwhelmed by Volumes of Security Data
Security teams are challenged by the growing volumes of security data, and the increasing number of security alerts. 53% believe that their security operations workload exceeds staff capacity. and 37% admitted they must improve their ability to adjust security controls. More than half of surveyed organizations (58%) agreed that threat detection and response has grown more difficult. When asked to provide additional detail on the specific nature of that growing complexity, nearly half (45%) say they are collecting and processing more security telemetry and 43% say that the volume of security alerts has increased. Manufacturers are still working in the dark though with just under half (44%) citing evolving and changing threats as making threat detection and response more difficult, particularly true as threat actors take advantage of the “fog” of COVID-19.
“The research illustrates a potentially dangerous imbalance between existing security controls and staff capabilities, and a need for more specialized and effective safeguards,” said Jon Oltsik, ESG Senior Principal Analyst and Fellow. “Manufacturing organizations are consolidating their IT and OT environments to achieve economies of scale and enable new types of business processes. Unfortunately, this advancement carries the growing risk of disruptive cyber-attacks. While organizations have deployed numerous technologies for threat detection and response, the data indicates that they are overwhelmed by growing volumes of security data, visibility gaps, and a lack of staff and skills. Since they can’t address these challenges with more tools or staff, CISOs really need to seek out more creative approaches for threat detection and response.”
OT Is the New Threat Vector
As the IT/OT attack surface grows, security teams are spread thinner as they try to keep pace with operations tasks such as threat detection, investigation, incident response, and risk mitigation. 53% agreed that their organization’s OT infrastructure is vulnerable to some type of cyber-attack, while the same number stated that they had already suffered some type of cyber-attack or other security incident in the last 12-24 months that impacted their OT infrastructure. When asked how long it typically takes for their firm to recover from a cyber-attack, 47% of respondents said between one week and one month, resulting in significant and potentially costly downtime for critical systems.
Manufacturing organizations lack the visibility needed for effective threat detection and response – especially regarding OT assets. Consequently, additional security complexity is unacceptable – any new investments they make must help them simplify security processes and get more out of existing tools and staff. 37% said they must improve their ability to see malicious OT activity, 36% say they must improve their ability to understand OT-focused threat intelligence and 35% believe they must improve their ability to effectively patch vulnerable OT assets.
44% of respondents highlighted Deception technology’s invaluable role in helping with threat research (44%), and 56% said that Deception technology can be used for threat detection purposes. More than half of the manufacturing organizations (55%) surveyed use Deception technology today, yet 44% have not made the connection between Deception technology and increased attack visibility.
“This research shows that manufacturing organizations are experiencing real challenges when it comes to threat detection and response, particularly for specialized OT assets that are critical for business operations,” said Ori Bach, CEO of TrapX Security. “This data, and our own experience working with innovators in all sectors of manufacturing, demonstrate there is a clear need for solutions like Deception, which can improve cyber defenses and reduce downtime without the need to install agents or disrupt existing security systems and operations.”
For further insights into the findings, download the full white paper, authored by Jon Oltsik, ESG Senior Principal Analyst and Fellow, at this link.
About TrapX Security
TrapX Security is a pioneer and global leader in cyber Deception technology TrapX DeceptionGrid rapidly detects, deceives, and defeats advanced real-time cyber-attacks and human attackers in real-time. The DeceptionGrid provides automated, highly accurate insight into malicious activity unseen by other forms of cybersecurity. By deploying DeceptionGrid, users can create proactive security to fundamentally halt the progression of an attack. This strategy shifts the economics of cyberattacks to cost the attacker instead of the victim. TrapX Research Labs clients include several Forbes Fortune 500 commercial and government customers worldwide. Sectors include defense, healthcare, finance, energy, consumer products, and other key industries. Learn more about this cybersecurity solution at www.trapx.com.
Note to Editors:
- The survey was conducted in August 2020 and reached 150 cybersecurity and IT professionals directly involved in strategy, control and operations of manufacturing organizations about their current and future security concerns.
- All respondents worked at firms operating in the manufacturing industry.
- 29% of respondents came from mid-market organizations (100 to 999 employees), and 71% came from enterprise (more than 1,000 employees).