Organisations are now aware that state-sponsored actors and cybercriminals are capable of exploiting security gaps in key infrastructure to cause serious harm and supply chain issues.
According to Frost & Sullivan, major corporations throughout the world want to increase their spending on OT security.
The growing need for OT security
Vinay Biradar, associate director at Frost & Sullivan, says OT systems become significantly more vulnerable to cyber threats as they integrate with IT infrastructure. Biradar points to market data which reveals that 90% of firms experienced at least one OT system intrusion incident in the previous calendar year.
He opines that worries are worsened by the expansion of zero-day threat vectors in this field and the inadequate security features built into Internet of Things (IoT) and OT equipment.
He explains that security is compromised by problems such as system-level attacks, lax device management, and inefficient authentication.
"Risks are exacerbated by poor patch management and program updates. Non-compliance by IoT manufacturers, inadequate network segmentation between IT and OT, public OT network access, and weak identity management further increase vulnerability," he elaborates.
According to Biradar, weak encryption, insecure data transfer, misconfigurations, firmware glitches, and a lack of secure update mechanisms add to the security woes of these systems leading to a variety of different attacks:
Unauthorised Access to SCADA (Supervisory Control and Data Acquisition) systems – where attackers infiltrate them to manipulate machinery, potentially causing safety risks or equipment damage.
Device Hijacking – where attackers gain control of OT devices, enabling eavesdropping, data theft, and operational disruption.
Data Manipulation – where cybercriminals target SCADA or Industrial Control Systems (ICS) devices to tamper with or delete stored data, leading to misinformation and compromised decision-making.
Man-in-the-Middle Attacks – where attackers intercept and modify communication between devices, altering device instructions and causing malfunctions.
Permanent Denial-of-Service – where attackers destroy firmware, rendering devices or systems inoperable and requiring extensive recovery efforts.
Fraudulent Identity and Control Panel Access – where attackers use fake identities to access control panels, compromising system settings and operational integrity.
Biradar opines that addressing these challenges demands a multi-pronged approach involving collaboration among manufacturers, regulatory bodies, and end-users to build industry standards.
"Consistent adherence to security, establishment of guidelines, conformance enforcement, and widespread adoption of best practices are essential throughout the lifecycle of OT devices," he suggested.
Growth areas in OT security
According to Frost, infrastructure security and smart buildings are quickly becoming important growth areas for OT security for businesses. Building Management Systems (BMS) security is seeing a noticeable increase in spending and budgetary allocation from organisations, in our market studies.
Biradar argues that BMS security is no longer the sole responsibility of the facility and operations teams; instead, CISOs are taking a more active role in harmonising the security stack as a whole and in developing Standard Operating Procedures (SOPs).
"While the traditional BMS Providers have started to invest in expanding their portfolio into smart buildings cybersecurity services, IT security vendors have started to perceive smart buildings cybersecurity as a new growth area and a vital component of their OT security offerings," he continued.
How organisations can prepare themselves
Biradar says the growth of the OT security market provides opportunities for both security vendors as well as end customers alike.
He posits that as an end client, "you can choose from the best-of-the-breed solutions and approaches as providers significantly increase their R&D in this area."
He acknowledges grey areas in comprehensively understanding the market opportunities and the key areas of investment.
"By embracing comprehensive market landscape analysis – which can feed into the organisation’s business as well as the technology roadmap, fostering industry collaboration, and prioritising security throughout the lifecycle of OT devices – organisations can stay prepared for the future," he concluded.