An online survey conducted by security firm NTT Security has looked into the challenges facing organisations managing Operational Technology (OT).
The report revealed that just under half of the respondents (46%) said a lack of skills was the biggest challenge companies face when managing OT, whilst 29% believed that the lack of visibility into OT networks to facilitate risk assessments was the biggest challenge.
When asked about responsibility, 42% of the respondents believed that the onus should fall on the Engineering Director, whilst 38% believe responsibility should fall on the chief technology officer (CTO). Just one in five pointed to the chief information security officer (CISO).
Furthermore, the survey revealed that when it came down to responding to cyber attacks on OT systems only 26% believe that the majority of incident response plans cover both OT and IT whilst one-third of respondents say no plans do.
Most notably, 53% of the respondents believed that the telecommunications sector was the most vulnerable to a major cyber attack, due to its reliance on OT, although there is yet to be a major cyber attack on telecoms networks.
Tim Ennis, senior operational technology consultant, cyber security consulting at NTT Security said:
“It is clear that arrangements for securing OT are a huge challenge for organisations, especially when it comes to identifying exactly what those risks are and the potential impact they may have on the business.
“With greater connectivity and convergence with IT comes greater risks and these have to be managed accordingly.”
“Having the rights skills in place is fundamental, as are clear lines of responsibility within the business. There is no one-size-fits-all solution for OT security. It might be right that the CISO has responsibility, but equally it could be that the engineering director is best placed to do this.
“What is important is getting the right organisational structure in place that can empower and support the OT team to improve security, and to enable the business to achieve its objectives.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.