Energy Utilities Highly Vulnerable To Cyber Attacks

Uploaded on 2016-02-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Production-Utilities

According to the results of a recent Tripwire survey of more than 150 IT professionals in the energy, utilities, and oil and gas industries, 82 percent of respondents said a cyber attack on operational technology (OT) in their organization could cause physical damage.

The survey, conducted in November 2015 by Dimensional Research, also found that almost 60 percent of respondents said they aren't able to track all the threats targeting their OT networks, either because they don't have the visibility necessary to track all threats (16.2 percent), because they only track threats that directly target their department (8.1 percent) or because there are just too many threats (35.4 percent).

"After hundreds of years protecting our nation's geographic borders, it is sobering to note that possibly the most vulnerable frontier happens to be the infrastructure that runs the largest companies in the country," Rekha Shenoy, vice president and general manager of industrial IT cyber security for Tripwire parent company Belden, said in a statement.

Seventy-six percent of respondents said their organization is a likely target for a cyber attack that would cause physical damage, and 78 percent said their organization is a potential target for a nation-state cyber attack.

"The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security," Tripwire director of IT security and risk strategy Tim Erlin said in a statement. "These threats are not going away. They are getting worse."

"There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today," Erlin added. "While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks."

A separate Tripwire survey of 763 US IT professionals, also conducted by Dimensional Research, found that 47 percent of respondents in the energy sector admitted having a success rate of less than 80 percent in a typical patch cycle.

Only 23 percent of all respondents said that 90 percent of the hardware assets on their organizations' networks are automatically discovered, and almost two-thirds of all respondents weren't sure how long it would take for automated tools to generate an alert if they detected an unauthorized device on the network.

"It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyber attacks," Erlin said.

eSecurityPlanet: http://bit.ly/1VyNwKX

« Strategic Intelligence For The 21st Century.
AI Could Leave Half Of The World Unemployed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Protergo Cyber Security

Protergo Cyber Security

Protergo Cyber Security is the first integrated provider of cybersecurity solutions in Indonesia. We proactively protect our clients from cyber threats.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.