Barely A Third of Energy Companies Track Cyber Threats

The energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

In June of 2015, Dimensional Research conducted a survey for Tripwire of over 400 energy executives and IT professionals in the energy, oil, gas and utility industries on cybersecurity and compliance initiatives. The survey found that 86 percent of energy security personnel believed they could detect a breach on critical systems in less than one week.

This timeframe widely disagrees with Mandiant’s M-Trends 2015 report and the 2015 Data Breach Investigations Report, both of which found that security professionals in the energy industry usually take months to detect an attack against their networks.

The June survey clearly shows that IT personnel were confident in their ability to detect an incident. Some months later, it would now appear that security professionals have adopted a soberer appreciation of the risks at hand.

Tripwire has announced the results of another study conducted for Tripwire by Dimensional Research on the cyber security challenges faced by organisations in the energy sector. The newest study, which was carried out in November 2015, surveyed over 150 IT professionals in the energy, utilities, and oil and gas industries.

As revealed in Tripwire’s study, some 82 percent of respondents reported that an attack on the operational technology (OT) in their organisation could potentially cause physical damage. This finding is generally consistent with June’s study, when 83 percent of respondents affirmed the same belief with regards to their organisation’s infrastructure.

However, in the newest survey, 100 percent of executives now feel recognize the threat against OT, which is up from 94 percent back in June.

The study also reveals that three quarters of respondents feel that their organisation is a target for an attack that could cause physical damage (78 percent). Approximately the same number (76 percent) feels that a nation-state actor could threaten them with such an offensive.

However, when asked whether their organisation has the ability to actively track all of the threats confronting their OT networks, only 35 percent said “yes”, with others citing the sheer number of threats, a lack of network visibility, and departmental compartmentalisation as reasons why they said “no” or stated they weren’t sure.

This is a concerning number, especially considering the damage BlackEnergy malware alone has wrought against Ukrainian power companies and airports in recent weeks.

“We’ve already seen the reality of these responses in the Ukraine mere months after this survey was completed,” said Tim Erlin, Director, Security and IT risk strategist at Tripwire. “There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today.”

If anything, this risk is getting worse. According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

Fortunately, there is hope.
“While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks,” explains Erlin.

Tripwire: http://bit.ly/1NTCv0P

« What Motivates Cyber Criminals?
MIT Develops A Hack-Proof RFID Chip »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Evalian

Evalian

Evalian is a data protection services provider. Working with organisations of all sizes, we specialise in Data Protection, GDPR, ISO Certification & Information Security.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Cyberguardians

Cyberguardians

Cyberguardians is a team of experienced cybersecurity experts and consultants who always believe in the value and a high level of cybersecurity services to clients.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Backslash Security

Backslash Security

With Backslash, AppSec teams gain visibility into critical risks in their apps based on reachability and exploitability.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.