Barely A Third of Energy Companies Track Cyber Threats

Uploaded on 2016-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

The energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

In June of 2015, Dimensional Research conducted a survey for Tripwire of over 400 energy executives and IT professionals in the energy, oil, gas and utility industries on cybersecurity and compliance initiatives. The survey found that 86 percent of energy security personnel believed they could detect a breach on critical systems in less than one week.

This timeframe widely disagrees with Mandiant’s M-Trends 2015 report and the 2015 Data Breach Investigations Report, both of which found that security professionals in the energy industry usually take months to detect an attack against their networks.

The June survey clearly shows that IT personnel were confident in their ability to detect an incident. Some months later, it would now appear that security professionals have adopted a soberer appreciation of the risks at hand.

Tripwire has announced the results of another study conducted for Tripwire by Dimensional Research on the cyber security challenges faced by organisations in the energy sector. The newest study, which was carried out in November 2015, surveyed over 150 IT professionals in the energy, utilities, and oil and gas industries.

As revealed in Tripwire’s study, some 82 percent of respondents reported that an attack on the operational technology (OT) in their organisation could potentially cause physical damage. This finding is generally consistent with June’s study, when 83 percent of respondents affirmed the same belief with regards to their organisation’s infrastructure.

However, in the newest survey, 100 percent of executives now feel recognize the threat against OT, which is up from 94 percent back in June.

The study also reveals that three quarters of respondents feel that their organisation is a target for an attack that could cause physical damage (78 percent). Approximately the same number (76 percent) feels that a nation-state actor could threaten them with such an offensive.

However, when asked whether their organisation has the ability to actively track all of the threats confronting their OT networks, only 35 percent said “yes”, with others citing the sheer number of threats, a lack of network visibility, and departmental compartmentalisation as reasons why they said “no” or stated they weren’t sure.

This is a concerning number, especially considering the damage BlackEnergy malware alone has wrought against Ukrainian power companies and airports in recent weeks.

“We’ve already seen the reality of these responses in the Ukraine mere months after this survey was completed,” said Tim Erlin, Director, Security and IT risk strategist at Tripwire. “There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today.”

If anything, this risk is getting worse. According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

Fortunately, there is hope.
“While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks,” explains Erlin.

Tripwire: http://bit.ly/1NTCv0P

« What Motivates Cyber Criminals?
MIT Develops A Hack-Proof RFID Chip »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

BDO Global

BDO Global

BDO is an international network of public accounting, tax and advisory firms which perform professional services under the name of BDO.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

TisOva

TisOva

TisOva is an innovative cybersecurity startup dedicated to addressing the growing issue of online scams targeting students.

Cyber Castellum

Cyber Castellum

Cyber Castellum is a cybersecurity consulting firm that specializes in the identification of security vulnerabilities in an organization’s technology landscape.