SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
NDR
#
Industrial
#
IT-OT
IT-OT security convergence key to optimising risk management
Fri, 30th Jun 2023
Author image
By Kaleah Salmon, Journalist
Follow us

Trend Micro's Latest report reveals significant visibility gaps in operational technology detection and response.

Trend Micro Incorporated, a global cybersecurity operator, announced a new study revealing that enterprise Security Operation Centres (SOCs) are expanding their capabilities to the OT domain. However, major visibility and skills-related challenges are still causing roadblocks.

The study finds that half of the organisations now have an enterprise SOC with some ICS/OT visibility. Although, even where respondents have a more "expansive" SOC, only half (53%) of their OT environments provided data for detection.

This shortfall is also implicit in another finding: cyber event detection (63%) is the top capability that respondents want to integrate between IT and OT silos, followed by asset inventory (57%) and identity and access management (57%). 

Trend Micro says that detecting events across IT and OT environments is the most critical to identifying root causes and preempting future threats that could disrupt operations.   

The report highlights endpoint detection and response (EDR) and internal network security monitoring (NSM) as crucial tools to help provide that root cause data. 

However, deployment of EDR on engineering and operator assets stands at less than a third (30%) of responding organisations. NSM is rarely (<10%) deployed at a physical process and basic control level deep in OT environments.

Aside from visibility gaps, the study reveals significant people and process challenges to expanding SecOps across IT and ICS/OT environments. 

Four out of the five top barriers highlighted by respondents are related to staff: training IT staff in OT security (54%), communication silos between relevant departments (39%), hiring and retaining staff who understand cybersecurity (38%), training OT staff in IT (38%), insufficient risk visibility across IT and OT domains (38%).

Legacy technology is also a top challenge for expanding OT SecOps visibility.

The limitations of legacy devices and networks (45%) and IT technologies not designed for OT environments (37%) are named among the top three challenges here, alongside a lack of OT knowledge among IT staff (40%).

In the future, respondents are doubling down on efforts to converge IT-OT SecOps and drive greater visibility into OT threats.

Two-thirds (67%) plan to expand their SOC, and for those who have already deployed EDR, 76% plan to expand these deployments in ICS/OT over the coming 24 months. Additionally, 70% of those who have already added NSM capabilities plan to expand these deployments in the same time frame.

Mick McCluney, Technical Director ANZ, Trend Micro, says: "IT-OT convergence is already driving digital transformation for many industrial organisations, but to effectively manage risk in these environments, IT and OT security operations (SecOps) must also converge." 

"OT security programs may be lagging, but there's a fantastic opportunity to close the visibility and skills gap by consolidating onto a single SecOps platform like Trend Vision One," says MCluney.

Related stories
Trend Micro introduces AI-driven cyber risk management features
Australian organisations face surge in ransomware attacks
Legit Security announces strategic partnership with GuidePoint Security
Wavelink partners with Orca Security to enhance cloud security
BeyondTrust's 2024 report reveals top Microsoft vulnerabilities
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity