Energy Utilities Highly Vulnerable To Cyber Attacks

Uploaded on 2016-02-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Production-Utilities

According to the results of a recent Tripwire survey of more than 150 IT professionals in the energy, utilities, and oil and gas industries, 82 percent of respondents said a cyber attack on operational technology (OT) in their organization could cause physical damage.

The survey, conducted in November 2015 by Dimensional Research, also found that almost 60 percent of respondents said they aren't able to track all the threats targeting their OT networks, either because they don't have the visibility necessary to track all threats (16.2 percent), because they only track threats that directly target their department (8.1 percent) or because there are just too many threats (35.4 percent).

"After hundreds of years protecting our nation's geographic borders, it is sobering to note that possibly the most vulnerable frontier happens to be the infrastructure that runs the largest companies in the country," Rekha Shenoy, vice president and general manager of industrial IT cyber security for Tripwire parent company Belden, said in a statement.

Seventy-six percent of respondents said their organization is a likely target for a cyber attack that would cause physical damage, and 78 percent said their organization is a potential target for a nation-state cyber attack.

"The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security," Tripwire director of IT security and risk strategy Tim Erlin said in a statement. "These threats are not going away. They are getting worse."

"There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today," Erlin added. "While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks."

A separate Tripwire survey of 763 US IT professionals, also conducted by Dimensional Research, found that 47 percent of respondents in the energy sector admitted having a success rate of less than 80 percent in a typical patch cycle.

Only 23 percent of all respondents said that 90 percent of the hardware assets on their organizations' networks are automatically discovered, and almost two-thirds of all respondents weren't sure how long it would take for automated tools to generate an alert if they detected an unauthorized device on the network.

"It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyber attacks," Erlin said.

eSecurityPlanet: http://bit.ly/1VyNwKX

« Strategic Intelligence For The 21st Century.
AI Could Leave Half Of The World Unemployed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Red Snapper Recruitment

Red Snapper Recruitment

Red Snapper Recruitment is a market leading staffing services provider to the law enforcement, cyber security, offender supervision and regulatory services markets.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Blink Ops

Blink Ops

Blink helps security teams streamline everyday workflows and protect your organization better.

SoConnect

SoConnect

SoConnect provides safe, secured, and taken care of IT, with infrastructure built around you and your business.

Quantum Squint

Quantum Squint

Quantum Squint is a cutting-edge cybersecurity company specializing in the use of advanced regression management techniques to detect, analyze, and prevent vulnerabilities in digital systems.