According to Gartner, OT security is referred as the practices and technologies used to protect people, assets, and information, monitor and/or control physical devices, processes and events and initiate state changes to enterprise OT systems. What is the importance of OT security?
The rise of the industrial internet of Things (IIOT) leads to industrial transformation where Information technology (IT) is widely applied into operational technology (OT). IIoT devices make industrial processes to be remotely monitored and managed from a central location. This way organisations are able to be more efficient and productive. Significantly, along the benefits comes the drawback. In other words, IT/OT convergence not only makes the industrial system to become more connected but also increases the cyberattack risk on the OT system.
In the early age of industrialisation, there is no significant importance for OT security as the industrial process relied mostly on manual energy and physical labour. Subsequently, with industrial infrastructures becoming more complex and through digital transformation, OT security should be a top priority in an organisation because if the OT system is compromised, it will lead to operational disruption, financial loss an even putting lives at risk. For example, the ransomware attack incident named NotPetya attack on Maersk that happen in 2017. The attack disrupted operations of the shipping company for two weeks and as a results, the company experiences business disruption and equipment damage that cost up to $300 million. The most recent and major OT system incident occurs in March 2019 where the ransomware called LockerGoga hits Hydro, a global aluminium producer which causes the company to lost 40 million in the first week after the attack.
It is believed that the cyberattack will continue to rise due to digital transformation over the years. Therefore, it is essential for every company or organisation to invest in their OT security system in order to avoid such incident or being able to mitigate damage in the event of a successful attack.
E-SPIN being active in cyber exposure business since 2005, being helping enterprise and government customer for various projects and solution in the solution domain matters. Please feel free to contact E-SPIN for your cyber exposure (risk, asset, vulnerability and threat management) so we can help you on the exact requirement for packaged solutions that you may required for your operation or project needs.