Barely A Third of Energy Companies Track Cyber Threats

Uploaded on 2016-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

The energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

In June of 2015, Dimensional Research conducted a survey for Tripwire of over 400 energy executives and IT professionals in the energy, oil, gas and utility industries on cybersecurity and compliance initiatives. The survey found that 86 percent of energy security personnel believed they could detect a breach on critical systems in less than one week.

This timeframe widely disagrees with Mandiant’s M-Trends 2015 report and the 2015 Data Breach Investigations Report, both of which found that security professionals in the energy industry usually take months to detect an attack against their networks.

The June survey clearly shows that IT personnel were confident in their ability to detect an incident. Some months later, it would now appear that security professionals have adopted a soberer appreciation of the risks at hand.

Tripwire has announced the results of another study conducted for Tripwire by Dimensional Research on the cyber security challenges faced by organisations in the energy sector. The newest study, which was carried out in November 2015, surveyed over 150 IT professionals in the energy, utilities, and oil and gas industries.

As revealed in Tripwire’s study, some 82 percent of respondents reported that an attack on the operational technology (OT) in their organisation could potentially cause physical damage. This finding is generally consistent with June’s study, when 83 percent of respondents affirmed the same belief with regards to their organisation’s infrastructure.

However, in the newest survey, 100 percent of executives now feel recognize the threat against OT, which is up from 94 percent back in June.

The study also reveals that three quarters of respondents feel that their organisation is a target for an attack that could cause physical damage (78 percent). Approximately the same number (76 percent) feels that a nation-state actor could threaten them with such an offensive.

However, when asked whether their organisation has the ability to actively track all of the threats confronting their OT networks, only 35 percent said “yes”, with others citing the sheer number of threats, a lack of network visibility, and departmental compartmentalisation as reasons why they said “no” or stated they weren’t sure.

This is a concerning number, especially considering the damage BlackEnergy malware alone has wrought against Ukrainian power companies and airports in recent weeks.

“We’ve already seen the reality of these responses in the Ukraine mere months after this survey was completed,” said Tim Erlin, Director, Security and IT risk strategist at Tripwire. “There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today.”

If anything, this risk is getting worse. According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

Fortunately, there is hope.
“While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks,” explains Erlin.

Tripwire: http://bit.ly/1NTCv0P

« What Motivates Cyber Criminals?
MIT Develops A Hack-Proof RFID Chip »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Brit

Brit

Brit PLC is a market-leading global specialty insurer and reinsurer, focused on underwriting complex risks including cyber, privacy and technology.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

Inspectiv

Inspectiv

Inspectiv offers a turn-key solution to continuously identify security vulnerabilities and provide security assurance.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.