Energy Utilities Highly Vulnerable To Cyber Attacks

Uploaded on 2016-02-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Production-Utilities

According to the results of a recent Tripwire survey of more than 150 IT professionals in the energy, utilities, and oil and gas industries, 82 percent of respondents said a cyber attack on operational technology (OT) in their organization could cause physical damage.

The survey, conducted in November 2015 by Dimensional Research, also found that almost 60 percent of respondents said they aren't able to track all the threats targeting their OT networks, either because they don't have the visibility necessary to track all threats (16.2 percent), because they only track threats that directly target their department (8.1 percent) or because there are just too many threats (35.4 percent).

"After hundreds of years protecting our nation's geographic borders, it is sobering to note that possibly the most vulnerable frontier happens to be the infrastructure that runs the largest companies in the country," Rekha Shenoy, vice president and general manager of industrial IT cyber security for Tripwire parent company Belden, said in a statement.

Seventy-six percent of respondents said their organization is a likely target for a cyber attack that would cause physical damage, and 78 percent said their organization is a potential target for a nation-state cyber attack.

"The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security," Tripwire director of IT security and risk strategy Tim Erlin said in a statement. "These threats are not going away. They are getting worse."

"There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today," Erlin added. "While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks."

A separate Tripwire survey of 763 US IT professionals, also conducted by Dimensional Research, found that 47 percent of respondents in the energy sector admitted having a success rate of less than 80 percent in a typical patch cycle.

Only 23 percent of all respondents said that 90 percent of the hardware assets on their organizations' networks are automatically discovered, and almost two-thirds of all respondents weren't sure how long it would take for automated tools to generate an alert if they detected an unauthorized device on the network.

"It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyber attacks," Erlin said.

eSecurityPlanet: http://bit.ly/1VyNwKX

« Strategic Intelligence For The 21st Century.
AI Could Leave Half Of The World Unemployed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Euro-Recycling

Euro-Recycling

Euro-Recycling is a leading UK provider of Secure On-Site Data Media Destruction Services.

Liberty Mutual

Liberty Mutual

Liberty Specialty Markets offers specialty and commercial insurance and reinsurance products, including Cyber, across the USA, Europe, Middle East and other international locations.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

Macquarie Telecom Group

Macquarie Telecom Group

Macquarie Telecom is Australia's datacentre, cloud, cyber security and telecom company for mid-large business and government customers.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.