New research from Dragos and CXO Priorities has highlighted the challenges and priorities for Middle East organisations in building a robust OT security culture. In this blog, Mrigaya Dham, Senior Content Strategist, Lynchpin Media, highlights Dragos’ recommendations regarding planning to ensure a future-proof OT security strategy.
According to the OT Threat Landscape report, organisations in the Middle East must prioritise building a more robust security culture and enable cyber-resilience in critical infrastructure settings. The risk from ICS adversaries in the Middle East is high, and organisations can expect an increase in phishing emails and exploitation of IT environments. In terms of planning, Dragos, an industrial cybersecurity expert, recommends the following:
1. Asset visibility
Considered one of the most critical requirements for enabling cyber-resilience, asset visibility needs to be enhanced. Currently, over 60% of respondents from organisations in the Middle East aren’t aware or don’t believe they have the required level of asset visibility over OT devices to the extent they would like. Organisations should invest in training their staff to understand processes better and create a better culture between the OT and IT businesses. Organisations have invested in preventative controls, patching, passwords, robust access control, etc. However, without the consistency of visibility, organisations will end up missing things.
2. Increasing awareness of risks
Organisations need to increase awareness regarding security incidents. Most staff aren’t sure whether their organisation has experienced a security incident over the last year. Organisations must train their staff to perceive potential risks to establish a secure culture and prioritise OT security.
3. Increased investment
Around half of the organisations have ramped up their investment in OT security, a critical step in planning a secure future. Considering the increased awareness regarding OT security and a penchant for increased investment, nearly one-third of respondents believed that security budgets will be increased in the future.
4. Onboarding a leading provider of OT security
A leading provider of OT security protection can be a vital partner for organisations and a critical step in enhancing security awareness. Good communication is one of the top priorities in deciding which vendor to work with on security projects. The cost of the vendor and product usability both contribute to decision-making. Furthermore, local partners are essential for organisations when assessing a security vendor.
5. Prioritising OT security
Given the rapid growth of digitalisation, attackers are bound to find new ways to target industrial control systems. As a result, it is all the more critical to define OT security strategies and investments. Thankfully, more than half the organisations are prioritising OT security over the upcoming 12 months.
Organisations need to adopt a long-term approach and secure a trusted partner to help obtain crucial asset visibility and further receive threat intelligence. Sophisticated threat groups are constantly reaching and carrying out reconnaissance to prepare themselves. It can take years to attain this level of sophistication, making it all the more important for organisations to focus on long-term strategies for cyber protection.
To read the full report, click here.Click below to share this article