Palo Alto Networks, the global cybersecurity leader, has published its State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience report. The report surveyed 1,979 operational technology (OT) and IT business leaders across 23 countries globally, including 51 leaders in the Philippines, to understand the trends, risks, and cyber resilience strategies within OT environments, offering insights into the challenges faced by organisations across the globe.
Industrial operations are increasingly under regular and widespread cyberattacks, forcing operational shutdowns which result in lost revenue and significant remediation costs. At the same time, operators face increased compliance requirements as well as new risks posed by their adoption of new technologies and processes, including AI, remote access, cloud, 5G, and robotics. As a result, industrial operators are increasingly conscious of the need to adapt cybersecurity to the new demands of the day.
The report’s key findings reveal a concerning landscape in OT security:
Industrial operations are at high risk of cyberattacks – Industrial operations were once believed to be immune to cyberattacks given their air-gapped systems, legacy assets, proprietary technologies, and fragmented end markets. This is no longer the case. 76.5% of the Filipino respondents stated that their organizations had experienced at least one cyberattack in the past year. Equally alarming is the frequency of these attacks, with about half (48.7%) of the respondents experiencing attacks often monthly or weekly.
Cyberattacks can shut down local OT operations – The impact of these attacks has been significant, with 23.1% of Filipino organisations needing to shut down industrial operations in the last year due to a successful attack. This dangerous state of affairs is driving industrial operators to increasingly focus on security for their OT environments, with more than 70.6% of Filipino respondents considering it a high priority, and more than half (56.9%) expecting to increase spending on OT cybersecurity in the next two years.
Friction between OT and IT is a challenge – Despite the urgency, there remains a disconnect between OT and IT teams, hindering coordinated responses to threats. When asked to describe the relationship between OT and IT, more than half (54.9%) stated that it was either siloed or frictional, with only 17.6% answering that their teams are aligned. Furthermore, only 37.3% of respondents reported shared responsibility for OT cybersecurity purchase decisions between the two teams. This disparity is due to the historical roles of both teams, with IT traditionally being in charge of company-wide security, while OT has historically focused on industrial operations.
AI is a double-edged sword – AI has already caught the attention of industrial operators, but the judgement on its value is split between fear of AI-enabled attacks and demand for AI-enabled protection. The survey found that 70.6% of respondents in the Philippines identified AI attacks against OT as a critical issue today, but 4 out of 5 also agreed that AI will be key to stopping OT attacks.
The move to cloud will reinforce OT security – AI is not the only new technology making its way into OT environments, with operators also getting ready to implement cloud solutions, among others. The report found that 92.2% of organizations in the Philippines believed the move to cloud will reinforce OT security. However, 64.7% of them also stated it would create increased cybersecurity challenges in the next two years.
Zero Trust is the North Star – The report also underscores the criticality of embracing a Zero Trust approach to OT security, with over 80% of industrial respondents endorsing it as the right strategy. However, deployment rates remain relatively low, with just over 20% having fully implemented Zero Trust solutions for their OT/IT environments.
Oscar Visaya, Country Manager, Philippines at Palo Alto Networks, said, “The growing attacks on industrial operators highlight the urgent need for proactive risk mitigation and system resilience. As industrial operations undergo digital transformation in the AI era, traditional security measures are inadequate against advanced cyber threats. AI-driven defenses must be adopted to quickly analyze large data sets and detect patterns of impending threats, often before an attack occurs. Further, close collaboration between IT and OT teams is essential to ensure a unified and effective approach to cybersecurity.”
For more information, visit: https://www.paloaltonetworks.com/network-security/zero-trust-ot-security.
