Energy Utilities Highly Vulnerable To Cyber Attacks

According to the results of a recent Tripwire survey of more than 150 IT professionals in the energy, utilities, and oil and gas industries, 82 percent of respondents said a cyber attack on operational technology (OT) in their organization could cause physical damage.

The survey, conducted in November 2015 by Dimensional Research, also found that almost 60 percent of respondents said they aren't able to track all the threats targeting their OT networks, either because they don't have the visibility necessary to track all threats (16.2 percent), because they only track threats that directly target their department (8.1 percent) or because there are just too many threats (35.4 percent).

"After hundreds of years protecting our nation's geographic borders, it is sobering to note that possibly the most vulnerable frontier happens to be the infrastructure that runs the largest companies in the country," Rekha Shenoy, vice president and general manager of industrial IT cyber security for Tripwire parent company Belden, said in a statement.

Seventy-six percent of respondents said their organization is a likely target for a cyber attack that would cause physical damage, and 78 percent said their organization is a potential target for a nation-state cyber attack.

"The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security," Tripwire director of IT security and risk strategy Tim Erlin said in a statement. "These threats are not going away. They are getting worse."

"There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today," Erlin added. "While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks."

A separate Tripwire survey of 763 US IT professionals, also conducted by Dimensional Research, found that 47 percent of respondents in the energy sector admitted having a success rate of less than 80 percent in a typical patch cycle.

Only 23 percent of all respondents said that 90 percent of the hardware assets on their organizations' networks are automatically discovered, and almost two-thirds of all respondents weren't sure how long it would take for automated tools to generate an alert if they detected an unauthorized device on the network.

"It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyber attacks," Erlin said.

eSecurityPlanet: http://bit.ly/1VyNwKX

« Strategic Intelligence For The 21st Century.
AI Could Leave Half Of The World Unemployed »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

Computer Futures

Computer Futures

Computer Futures are a global specialist IT recruitment partner, matching candidates with roles across niche IT markets and core technologies.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.