top of page

Security risks from IT/OT convergence threaten North Asia's Industry 4.0 ambitions

  • 2024 will see 50 per cent of Operational Technology (OT) systems connected to corporate IT systems in North Asia, up from 38 per cent in 2023.

  • Only 13 per cent surveyed are at an advanced level of readiness to deal with IT/OT security, with 60 per cent at basic level.

  • 73 per cent of organisations say they're planning to fully or partially outsource IT/OT security to a third party.

Telstra International, the global arm of leading telecommunications and technology company Telstra, has revealed that low levels of security maturity in operational technology (OT) and information technology (IT) across North Asia could put businesses who are rapidly adopting the fourth industrial revolution (4IR) technologies at major risk, according to Telstra's "Securing Industry 4.0: The Challenges and Opportunities of IT/OT Convergence" study.

Telstra International commissioned technology research company Omdia to evaluate the state of OT and IT convergence in North Asia, assessing maturity, benefits and opportunities. The study of 250 business and technology leaders in the mainland China, Hong Kong, Japan, Korea and Taiwan region, found only 13 per cent of businesses are at an advanced level of readiness to deal with IT/OT security, with most businesses (60 per cent) only at basic level.

In the race to Industry 4.0*, digital and data-centric businesses are flocking to technologies like Internet of Things (IoT), AI, and big data to accelerate digital transformation. This is fuelling the integration of previously separate functions across OT and IT, to streamline and enable data flow for industrial operations in sectors like manufacturing, healthcare, retail/wholesale, transport, logistics and shipping.

With 85 percent of businesses expecting benefits from IT/OT convergence, the rush to integrate is accelerating. The coming year will see 50 per cent of OT systems to be connected to corporate IT systems. This is up from 38 per cent last year, while 76 per cent of North Asia businesses have already digitised some existing manual processes.

"As businesses rush headlong into a digital-first era of new technologies, they face heightened cybersecurity risks arising from an accelerated convergence of IT and OT systems. The race to integrate previously unconnected systems is exposing significant operational siloes and significant gaps in the ability to mitigate the emerging cybersecurity risks. Companies pursuing IT/OT integration must find the people, partners, skills and technology to pave a secure path to success," said Paul Abfalter, Head of North Asia, Telstra.

IT/OT security a different beast

While there are many benefits of IT and OT convergence, businesses are grappling with several major barriers to successful implementation. One glaring capabilities gap is the need for specialised skills that cover both IT and OT security as threats to IT systems are now directly impacting OT systems. The Telstra-Omdia study reveals that 88 per cent of organisations have had to manage a security incident that had a direct impact on OT production environments, while 74 per cent of attacks affecting critical infrastructure operations can be traced back to corporate IT systems.

Interestingly, only 26 per cent of today's attacks tracked back to OT systems. Such systems have traditionally not been connected to the Internet and therefore potentially pose an event greater risk from a cybersecurity perspective. The emergence of this new risk vector is causing 73 per cent of organisations to say they plan to fully or partially outsource IT/OT security to a third party.

"Hackers are becoming more sophisticated in accessing unencrypted or unsecured IoT devices to exploit commercially sensitive data or traverse across devices into other systems. This can disrupt operations and cause significant financial damage to organisations," said Adam Etherington, Senior Principal Analyst for Digital Enterprise Services at Omdia.

Etherington continued, "Today's heightened cyber risks create reactive spending on cyber tools and services, but these can add even further complexity and risks. Addressing the IT/OT security challenge requires a single pane of glass to gain visibility across the new converged infrastructure of Industry 4.0 businesses, but gaining visibility is just the first step to identifying, responding and protecting against such threats. Holistic strategy, industry frameworks and expert partners will all be key to solving this critical challenge."

North Asia maturity levels below par

Common IT/OT convergence activities include unifying production infrastructure, sensors, and physical systems within data centres, digital platforms, and networks. Many of these stem from IoT implementations, with mainland China and Korea the largest adopters of IoT today in Asia, according to IDC. While mainland China, Hong Kong and Singapore are also the three fastest growing markets.

Less than half (44 per cent) of North Asia businesses surveyed have reached "operational" or "advanced" maturity levels in securing OT. The study highlights that South Korea and Hong Kong are relatively more mature in IT/OT cybersecurity than the rest of North Asia – registering 52 per cent and 45 per cent of firms reaching "operational" or "advanced" maturity (see below figure).

But similarities between locations underscores an overall lack of preparedness that cybersecurity executives must address. From an industry perspective, manufacturing was found to be the least prepared of all sectors with only 38 per cent in the region saying they had reached "operational" or "advanced" maturity. This should not be a surprise with the historic heavy emphasis on manual processes and manual labour in many manufacturing operations leading to a lack of integration across operations and slow adoption of digital technologies compared to other industries. This past reluctance to adopt technology is now a major driver for the accelerated push for industry 4.0 adoption and sector-wise transformation.

Key Findings

  • 54% of firms believe Industry 4.0-related digital transformation and leveraging advanced technologies have been the most significant factors accelerating recent IT/OT convergence.

  • More than 50% of firms recognise IoT, cloud computing, and enterprise mobility as essential technologies for driving digital change.

  • 85% of firms expect business benefits from IT/OT convergence. Most firms that have completed some level of IT/OT integration are satisfied with progress across innovation, reliability, and system integrity.

  • More than 50% of OT systems will be connected to IT networks in the next year, up from 38% today. 76% of regional firms have digitised physical or manual processes to achieve business outcomes.

  • 88% of organisations have recently dealt with a security incident that directly affected OT production environments.

  • Of those firms that suffered an incident or breach, nearly 50% experienced a significant attack on Level 3.5 DMZ systems, challenging the sufficiency of a historical, air-gapped approach to cybersecurity.

  • 64% of security incidents in IT/OT environments were from fraud (including ransomware), 59% also experienced distributed denial-of-service (DDoS) attacks, and 58% saw malware intrusions.

  • 74% of attacks that affected critical infrastructure operations started from IT systems and networks.

  • Despite the criticality to the core business, only 13% of all firms surveyed are “advanced” in securing IT/OT/IoT. 60% are only at basic or developing levels of securing OT.

  • In 50% of firms, the CISO is directly responsible for understanding and implementing an IT/OT converged cybersecurity program. In a slightly smaller proportion of firms that role is taken by a chief security officer or CTO.

  • Good visibility of all industrial IoT and OT assets is essential for 96% of organisations.

  • To address these challenges, 42% of firms outsource IT, OT and IoT Security to a third-party managed service provider.


For more details, please click on the link below to download the research report: click here for full report

10 views0 comments



2023 @ Inno-Thought and its affiliates. All rights reserved.

bottom of page