Recap: OT Security LinkedIn Live featuring Forrester

April 14, 2023

On March 8, Optiv’s Sean Tufts and Jessica Hetrick sat down with guest speaker, Forrester Principal Analyst Brian Wrozek to discuss the operational technology (OT) security challenges facing businesses today.

 

The three experts shared insights on notable trends in the OT industry, where organizations should start when building their OT security capabilities, the most shared challenges organizations have when advancing an OT security program and recommendations to overcome these challenges.

 

Here are the highlights from this event.

 

 

Notable Trends in the OT Industry

Several industries are just now starting to understand the need to develop a cybersecurity strategy which encompasses their OT assets. According to Brian's presentation, each year, Forrester conducts a security survey and asks, “Which of the following initiatives are likely to be your organization’s top tactical information/IT security priorities over the next 12 months?” From these results, 20% indicated that “develop[ing] or maintain[ing] a strategy for Industrial Control System (ICS) or Operational Technology (OT) environments” was at the top of their list.

 

As more companies focus on their OT environment, it’s important that the investment follows. Based on further survey questions, 63% of security decision-makers planned to increase their budget spending for OT and ICS technologies from 2022 to 2023.

 

 

Building OT Security Capabilities

The next question, then, is where do you start? Starting with asset discovery will help inform your next steps. What do you have on your network? Many organizations are very aware of their big OT systems, but don’t realize that the elevator, HVAC system, and other assets are now directly connected to the internet. Two foundational tools for OT security include segmentation and antivirus. Segmentation helps prevent lateral movement, while antivirus helps root out any malware that makes it through the firewall.

 

Most importantly, you can’t protect what you don’t know about. Focus on:

 

  • Collaboration and alignment on security strategy
  • Asset identification and discovery
  • Threat and vulnerability detection
  • Remote access and network segmentation

 

 

Common Challenges in Advancing OT Security Programs

The most successful companies have collaboration at the center of their security programs. Starting an open dialogue between security leaders and leaders who are responsible for ensuring OT uptime provides a greater chance of building an OT security program that works.

 

Many organizations are facing intricate supply chains and limited visibility, which create complex OT environments. It pays to be thoughtful about your vulnerability management program and how it ties into your patch management program. An up-to-date asset inventory and tools that improve visibility will mitigate some of these challenges.

 

We see a lot of OT running on legacy systems that may not be compatible with modern security controls. This was less of a problem when air gaps were fully intact, but now this equipment is often connected to the internet. Intrusion detection systems and antivirus can help.

 

Defending critical infrastructure is another top priority. Historically, regulations have been a powerful force when it comes to raising attention and driving investment in security. The challenge, however, is when competing agencies are all attempting to make up their own rules. Ensuring your critical infrastructure is resilient is not going to happen overnight. It is a long, multiyear effort to put the necessary security in place - so the sooner you start, the better.

 

This LinkedIn Live event featuring Forrester guest speaker Brian Wrozek and Optiv’s Sean Tufts and Jessica Hetrick provided valuable insights into operational technology security. To hear more trends and commentary from the three experts, watch the event on demand.

Jon Miller
Sr. Product Marketing Manager | Optiv
Jon Miller is an experienced product marketing manager with a strong ability to deliver successful cybersecurity-focused marketing campaigns. Jon is well versed in the complex landscape of cybersecurity threats, solutions and digital transformation services. He focuses on go-to-market strategy and product launches that help Optiv clients improve their security posture and build resilience. Collaborating closely with Optiv and client leaders, Jon actively listens to client challenges and ensures that Optiv services authentically incorporate the client voice and needs.

Prior to Optiv, Jon spent his early career as a Product Manager and Marketer in the healthcare IT industry, specializing in healthcare data and analytics products. Over the past 10 years in healthcare IT, he has launched and expanded analytics product lines to strengthen providers’ abilities to improve patient care and health outcomes both in U.S. and international markets.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.