Report: Palo Alto Survey Reports 76% Detected Malicious Cyber Activity in the OT Environment

A recent report based on a survey commissioned by Palo Alto Networks in December highlights that 76% of industrial organizations experienced suspicious or malicious cyber activity in the OT environment.

Notables from the report:

• Frequency of attacks. While in most cases organizations see attack attempts on a weekly, monthly or quarterly basis, 8% are targeted every couple of days, 4% daily, and 2% multiple times a day.
• Attack impacts. From the 76% who reported direct attacks against OT, 24% said they were forced to shut down OT operations due to a successful attack in the past year, either because of actual disruption or as a preemptive measure.
• Most feared attack types against OT: Malware, ransomware, insider, phishing, APT, and DoS.
• The token AI questions. Three-quarters of respondents believe AI-enabled attacks on OT infrastructure are a critical issue today, but roughly the same percentage also believes security solutions enabled by AI will be critical for detecting and blocking attacks.
  • Roughly half of respondents are convinced that AI will help hackers more than security teams, and 47% believe the use of AI will reduce the number of security professionals needed by their company.
• Primary entry point into OT. IT systems are unsurprisingly the most common entry point, but 28% reported seeing attacks that originated in their OT environment.
  • It is worth noting that 7 out of 10 industrial OT attacks originate in Informational Technology (IT) environments, signaling an urgent need for OT and IT departments and technologies to start working more closely together.
• OT-IT collaboration of teams. On the other hand, only 43% of respondents said the relationship between IT and OT is coordinated or constructive. In 39% of cases there is friction and in 18% of organizations the two sides rarely connect over cybersecurity issues.

Analyst (Jennifer Lyn Walker) Comment: While the overall findings are nonetheless interesting, the report does not discuss the sophistication or complexity of said OT attacks. For more context on OT-impacting attacks, members may wish to check out The Hacker News for a recent post from Orange Cyberdefense on Making Sense of Operational Technology Attacks: The Past, Present, and Future

As a side note, the “76%” doesn’t seem to correspond to what we see being broadly reported. However, while the sample size in the Palo Alto report is only approximately 2000 respondents from across 16 countries in the Americas, Europe and the APAC region, it does seem to represent a willingness of organizations to respond to surveys (including WaterISAC’s Quarterly Incident Survey’s), but perhaps not proactively report – likely due to various reasons.

Finally, while ICS industry cybersecurity experts contend that IT and OT technologies have largely been converged for years, as emphasized in this report, the teams…still, not so much.

For more interesting survey details, including OT cybersecurity investments, access the report at Palo Alto.