Singapore faces high OT cyberattack frequency, report warns
A recent report by Palo Alto Networks has revealed a concerning landscape for operational technology (OT) security in Singapore.
The "State of OT Security" report, which surveyed 1,979 OT and IT business leaders globally, including 101 from Singapore, highlights significant risks, frequent cyberattacks, and the prevailing challenges within OT environments. The report underscores the urgent need for enhanced cybersecurity measures to protect industrial operations.
The report's key findings for Singapore indicate a high frequency of cyberattacks in OT environments. A significant 73.3% of respondents in Singapore reported experiencing at least one cyberattack in the past year. The frequency of these attacks is troubling, with over 60% of respondents experiencing cyber incidents on a monthly or weekly basis. Furthermore, 35.1% of organisations had to halt their industrial operations due to successful cyberattacks.
This dire situation is driving a renewed focus on OT security among Singaporean organisations. According to the report, 60.4% of respondents in Singapore consider OT security a top priority, and nearly half (49.5%) plan to increase their spending on OT cybersecurity in the next two years. Despite this heightened awareness, Singapore lags behind other ASEAN countries such as the Philippines, Indonesia, and Vietnam in prioritising OT security.
The report also highlights a significant challenge in the form of friction between OT and IT teams, which hinders coordinated responses to cyber threats. Nearly half of the respondents described the relationship between OT and IT as either siloed or frictional, with just 12.9% stating that their teams are aligned. Additionally, only 36.6% of respondents reported shared responsibility for OT cybersecurity purchase decisions between the two teams. This disconnect is attributed to the historical roles of both teams, with IT traditionally managing company-wide security and OT focusing on industrial operations.
AI's role in OT security presents a double-edged sword. While 68% of respondents in Singapore identified AI-driven attacks against OT as a significant current issue, 80% believe that AI holds the key to combating these threats. This dichotomy reflects the growing challenges posed by AI advancements in both offensive and defensive cybersecurity measures.
Cloud solutions are also becoming a significant component of OT security strategies. The report found that 79% of organisations in Singapore believe that moving to the cloud will reinforce OT security. However, more than half (54.5%) of the respondents also anticipate increased cybersecurity challenges as a result of cloud adoption in the next two years.
The concept of Zero Trust has emerged as a crucial strategy for OT security. According to the report, 80% of industrial respondents endorse a Zero Trust approach, which emphasises stringent identity verification and access control measures. Despite this endorsement, the actual deployment rates for Zero Trust solutions remain low, with just over 15% having fully implemented such measures for their OT/IT environments.
Claribel Chai, Country Manager for Singapore at Palo Alto Networks, emphasised the importance of proactive cybersecurity measures. "The surge in attacks targeting industrial operators underscores the critical requirement for proactive measures to mitigate risks and ensure the resilience of our industrial systems," said Chai. She also stressed the need for an AI-led approach, stating, "In this digital age, where connectivity is omnipresent, traditional security measures alone are insufficient to combat sophisticated cyber threats. An AI-led approach stands at the forefront of defence, offering unparalleled capabilities to analyse massive data volumes at speed, as well as identify patterns indicating imminent threats."
Chai further highlighted the necessity of collaboration between IT and OT teams to ensure a consolidated cybersecurity strategy. Close cooperation between these teams is essential to address the evolving threats and ensure comprehensive security measures are in place.