Increase in third-party access puts OT environments at risk

A new report from Cyolo and the Ponemon Institute reveals that third-party access to operational technology environments is significantly expanding the attack surface.

According to the study, 73 percent permit third-party access to OT environments, with an average of 77 third parties per organization granted such access.

"Our world has become increasingly interconnected, and the findings of this report highlight the vital need for organizations to re-evaluate and enhance their strategies for ensuring secure access into OT environments," says Larry Ponemon, chairman and founder of the Ponemon Institute.

OT environments environments often contain highly sensitive systems and critical infrastructure responsible for keeping manufacturing lines running, water and electricity flowing, and performing other tasks vital to the smooth functioning of our communities. Securing access to them is therefore about more than just cybersecurity.

OT systems were historically isolated for security reasons but are now facing increased connectivity to IT networks and the internet. At the same time, more third-party vendors and contractors are being given remote access to OT environments.

Challenges to securing third-party access include preventing unauthorized access (44 percent), aligning IT and OT security priorities (43 percent), and giving users too much privileged access (35 percent). Visibility into industrial assets is poor too with 73 percent lacking an authoritative OT asset inventory.

Responsibility for securing OT is an issue too. 71 percent of respondents report that IT or IT and OT together are responsible for securing OT environments. However, collaboration and communication are lacking, with 37 percent reporting little or no collaboration, and 19 percent reporting that teams talk about OT security issues only when an incident occurs.

"We are at a crucial point in the evolution of OT security, and the need to secure access to critical systems from internal and external threats is more urgent than ever. The stakes are exceptionally high, as a breach could jeopardize not just data but also the functioning of critical infrastructure, risking the safety of workers and the environment," says Joe O'Donnell, executive vice president of corporate development and general manager of OT at Cyolo. "This research reveals a pressing need for new approaches, especially in areas like third-party and privileged access, the security of legacy systems, and collaboration between IT and OT teams. Cyolo is dedicated to supporting organizations in navigating these challenges and working towards a secure, resilient future for OT environments."

The full report is available from the Cyolo site and there will be a webinar to present the findings on March 12th at 11am ET.

Image credit: Motortion/Dreamstime.com