Palo Alto Networks has published its State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience report. The report surveyed 1,979 operational technology (OT) and IT business leaders across 23 countries globally, including 103 Indian leaders, to understand the trends, risks, and cyber resilience strategies within OT environments, offering insights into the challenges faced by organisations across the globe.
Rampant cyber attacks paralyse Indian industries, draining profits and inciting costly recovery efforts. Amidst rising threats, industrial operators grapple with stricter compliance and unprecedented risks linked to AI, remote access, cloud computing, 5G, and robotics. In response, urgent calls demand a reinvented cybersecurity approach to safeguard operations in the modern era.
Key findings for India from the report reveal a concerning landscape in OT security:
India faced four cyber attacks daily in the past year: Previously, industrial operations were thought to be invulnerable to cyber attacks due to their air-gapped systems, legacy assets, proprietary technologies, and fragmented end markets. This assumption no longer holds true. 75% of Indian respondents stated that their organisations experienced at least one cyber attack in the past year. Equally alarming is the frequency of these attacks, 63% of respondents were experiencing attacks often monthly or weekly.
Cyber attacks can shut down Indian OT operations: Cyber attacks have inflicted significant disruptions, with close to a quarter (24.4%) of Indian industrial entities compelled to halt operations due to successful cyber intrusions, emphasising the dire consequences of such incidents. Alarmingly over half – 53% of Indian operators agree that their organisation’s OT incident response plan is sufficient. 75% of Indian respondents agreed that regulatory pressure to improve OT cybersecurity will increase in the next two years. Only 27% of Indian respondents stated that cybersecurity initiatives to protect OT environments was a top priority despite close to 70% of Indian respondents stating they were extremely likely or highly likely to experience a ransomware attack on their OT environment. The complexity of OT security solutions is the top issue for Indian operators when buying or deploying OT cybersecurity solutions.
Closing the AI gap- Only 31% of respondents agreed that they have started formulating a strategy around the use of AI technology and AI-enabled solutions to secure OT environments. About 72% of respondents agreed that AI-enabled attacks on their OT infrastructure is a critical issue today. 63% of respondents agree that an AI-enabled SOC will be critical for responding to attacks on their OT infrastructure. These indicate that there’s low adoption of AI strategies despite high concern for AI-enabled attacks, with a recognised need for AI-driven solutions in OT security.
Challenges in collaboration between OT and IT teams: The supposedly close knit teams which work together for an organisation’s cybersecurity assurance, Operational Technology (OT) and Information Technology (IT) teams have a difference of perspectives in aligning and making decisions. 28% operators feel that the relationship between OT and IT teams is frictional, indicating struggles in aligning views and making decisions. Despite the imperative for unified cybersecurity efforts, a tangible disconnect persists between OT and IT teams within Indian organisations. This breakdown obstructs the coordinated responses to threats and increasing vulnerabilities in critical systems.
Cloud Transition Challenges and Future Outlook on OT Security: Anticipated challenges accompany the shift to cloud solutions for OT security, with over half of Indian respondents foreseeing heightened cybersecurity risks. Nevertheless, there’s widespread recognition of the critical role cloud-based architecture will play in OT within the next three to five years, according to 75% of respondents. Additionally, half of Indian respondents acknowledge that AI adoption will drive the integration of OT systems with cloud platforms, indicating a growing synergy between AI, cloud technology, and OT security strategies.
Zero Trust Imperative: Embracing a Zero Trust approach emerges as a critical requirement for Indian industrial operators with 76% Indians having some or little idea about the Zero Trust approach. However, deployment rates for OT security remain relatively low, highlighting the urgency for comprehensive adoption of Zero Trust principles as only 20% of respondents have fully deployed Zero Trust solutions to their OT/IT environment.
Anil Valluri, MD and VP, Palo Alto Networks India and SAARC said: “Amidst the evolving cyber battlefield, the call for unity grows louder. Our findings illuminate the urgency for consolidation of strategies, teams, and solutions. As Indian enterprises confront the looming challenges of cloud transitions, AI threats, and team frictions, a unified approach is our strongest shield. By consolidating efforts and embracing Zero Trust principles, we not only fortify our defences but also pave the path for a resilient digital future, where collaboration conquers complexity. While it’s commendable to witness industrial operators prioritising cybersecurity, relying on fragmented approaches won’t suffice. Shockingly, 75% of attacks in India stem from vulnerabilities within their internal IT systems. Without bridging the gap between IT and OT, even the most robust cybersecurity strategies and investments will fall short.”