A secure enterprise requires both robust IT and OT security. If one falls short, there will always be increased levels of risk.

According to the ServiceNow/Dynata survey, manufacturing leaders recognize the significance of improved cybersecurity around OT. Four out of 5 respondents said they put a high priority on improving OT security to preempt attacks more effectively, to prevent factory downtime, and to keep their employees safe. However, only one-third of respondents had actually made significant progress securing their OT systems.

OT security best practices

The approach to keeping a company safe should be comprehensive and holistic, a combination that includes unifying data and best practices across internal OT and IT teams, as well as managing risk from a large ecosystem of third parties. That includes keeping tabs on older equipment, too, notes William Heinrich, founder of Strong Tower Cybersecurity. “They were installed when cybersecurity practices weren't a concern,” he says. “Additionally, the technology may be old enough that patches for operating systems, software, and firmware are no longer available.”

Assess existing OT systems with risk scores

A good first step to creating more secure systems is an inventory of industrial equipment and a basic risk assessment that includes understanding the consequences of compromise and the vulnerabilities in the OT infrastructure. Mustard suggests asking: How are these systems connected to the network? What types of cybersecurity mechanisms are installed? Are there any vulnerabilities, and are there any patches to close the vulnerabilities? These assessments also need to occur in real-time or near real-time.