Today’s Operational Technology (OT) environments are experiencing dramatic change. While these networks were once completely separated from IT, the need to create more agile and responsive OT environments through the addition of IT technologies means this is no longer the case. Thanks to innovations in the industrial sector, including the rapid introduction of IoT and IIoT (Industrial IOT), the once distinct IT and OT environments have now begun to merge. As the roles of these networks evolve, Chief Operating Officers (COO) have had to adjust the management of these environments.
A recent report by Fortinet examined the changing role of the COO from this perspective. Given that the connected world has been battling a new era and generation of threats and concerns for some time, the introduction of IT onto the production floor or manufacturing yard has given rise to a host of new security issues in addition to those targeting more traditional OT systems and processes. As a result, chief among the changes that COOs now face is how to deploy and manage cybersecurity for OT.
What follows are revelations from this recent report on OT and the COO about current priorities and evolving challenges in this rapidly transforming sector, as well as how some of its chief players are currently weathering the technology disruption of this sector.
75% of companies place responsibility for cybersecurity squarely on the shoulders of their COO, which is why an overwhelming majority of COOs are regularly involved in the creation of cybersecurity strategies. And when considering their overall propensity for risk, COOs must increasingly factor OT security into their equation, resulting in increased responsibility for the COO. Even those COOs who are not yet regularly involved in this process are still expected to provide occasional input, which means being familiar with the challenges at play.
The report further highlights that nearly every organization must now deal with multiple intrusions each year. 89%, report having faced OT outages due to a long list of threats, including malware, spyware, phishing, mobile security breaches, insider breaches, zero-day attacks, and ransomware. In addition to disrupting business, damaging operations, and exposing workers and others to physical risks, OT outages can also damage the reputation of the COO since the metrics for their success rely on factors directly impacted by these outages, including cost efficiency, productivity, and safety.
Part of the challenge is that the role of the COO is already quite broad, and for many, the expansion of their responsibilities to not only include cybersecurity, but the protection of their OT environments has many feeling spread too thin. For example, many COOs report that they are now directly involved in making purchasing decisions for OT cybersecurity. Fortunately, for more than 75% of the COOs surveyed, there was an increase in their security budgets in 2019. But the challenge is ensuring that these resources are spent in the most effective way possible when there is limited time available for solution analysis and review.
With disruption in the air, expanding security-related responsibilities, and far too many decisions to make, today’s COOs face more than their fair share of challenges. As the report highlights, the majority of their challenges related to cybersecurity stem from the following:
These issues come at a time when most COOs are already under enormous pressure to modernize and expand network operations, such as adopting a multi-cloud strategy, addressing the growing challenges of mobile workers and the influx of IoT devices, and transitioning branch office connectivity to SD-WAN. Workloads are growing, the number of business-critical applications is expanding, job stress is rising, and staying on top of cybersecurity just keeps getting more complex.
Orchestrating these challenges while staying on top of risk management is a juggling act that can quickly overwhelm COOs who don’t have an effective strategy in place. A dropped ball now may result in a cybersecurity event later that could devastate the organization and end a promising career. Which is why 77% of COOs surveyed cited the complexity of cyber threats as the top reason why risk management was their biggest headache.
And when compared to CISOs and CIOs, that complexity has more of an impact on their outlook. As a result, COOs are more likely to prioritize risk management than their C-Suite colleagues.
So, what are COOs doing in the face of these trends and threats? The report cited the following Best Practices for COOs to follow:
When it comes to securing OT environments, COOs play a leading role within their organizations. However, on top of this responsibility are the challenges they already face with the duties traditionally assigned to their role. By following certain best practices, however, including reporting and tracking the right metrics and regularly conducting compliance reviews and security tests, COOs can find and maintain success in spite of the increasing complexity of their responsibilities.
Learn how Fortinet can help you extend security and maintain compliance in any ICS/SCADA-connected environment.