Edwin Lim, Country Director, Fortinet Indonesia
“As Indonesia accelerates its efforts to transform the manufacturing sector and to achieve its Making Indonesia 4.0 goals, Fortinet’s study on Indonesia’s operational technology (OT) sector sheds light on what needs to be done to address the current security gaps. Our study found that 9 out of 10 OT organizations surveyed in Indonesia suffered an impact on operations in the industrial environment due to cyber intrusions.
63 percent of Indonesian OT organizations also suffered operational outages that affected productivity and lost business-critical data (57 percent) while 60 percent of organizations have a high level of concern regarding ransomware in OT environments, as compared to other intrusions.
With the rise of data breaches in the country, local organizations in Indonesian recognize that cybersecurity is a serious boardroom issue, with the CEO as the top influencer of cybersecurity decisions. There is an urgent need for both IT and OT teams in the organization to work together holistically to enhance the central visibility of their cybersecurity operations which ultimately enhances the protection their organizations.
John Maddison, EVP of Products and CMO at Fortinet
“This year’s global State of OT and Cybersecurity Report demonstrates that while OT security has the attention of organizational leaders, critical security gaps remain. PLCs designed without security, continued intrusions, a lack of centralized visibility across OT activities, and growing connectivity to OT are some of the critical challenges these organizations need to address. Security converged into the OT networking infrastructure, including switches and access points and firewalls, is essential to segment the environment. This combined with a platform that spans OT, converged OT/IT and IT provides end-to-end visibility and control.”
Fortinet®, a global leader in broad, integrated, and automated cybersecurity solutions, today released its global 2022 State of Operational Technology and Cybersecurity Report. While industrial control environments continue to be a target for cyber criminals – with global: 93% (Indonesia: 90%) of Operational Technology (OT) organizations experiencing an intrusion in the past 12 months – the report uncovered widespread gaps in industrial security and indicated opportunities for improvements. Key findings of the report include:
OT activities lack centralized visibility, increasing security risks. The global Fortinet report found that only 13% (Indonesia: 26%) of respondents have achieved centralized visibility of all OT activities. Additionally, only 52% of organizations are able to track all OT activities from the security operations center (SOC).
At the same time, 97% of global organizations consider OT a moderate or significant factor in their overall security risk. The report findings indicate that the lack of centralized visibility contributes to organizations’ OT security risks and weakened security posture.
OT security intrusions significantly impact organizations’ productivity and their bottom line. The Fortinet report found that 93% (Indonesia: 90%) of OT organizations experienced at least one intrusion in the past 12 months. The top 3 intrusion types of Indonesian organizations experienced were phishing email, malware and ransomware.
As a result of these intrusions, nearly 50% (Indonesia: 90%) of organizations suffered an operation outage that affected productivity with 90% of intrusions requiring hours or longer to restore service while 83% of Indonesian OT organizations took up to a few hours to return to service and the rest of 12% took days, weeks, months, respectively. Additionally, one-third of global respondents saw revenue, data loss, compliance and brand-value impacted as a result of security intrusions.
Ownership of OT security is not consistent across organizations. According to the Fortinet report, OT security management falls within a range of primarily director or manager roles, ranging from the Director of Plant Operations to Manager of Manufacturing Operations. Only 15% (Indonesia: 10%) of survey respondents say that the CISO holds the responsibility for OT security at their organization.