Tuesday,26 November, 2024

Subscribe to Newsletter

HOME
  NEWS
  Knowledge Center
 
News

New Survey Reveals Critical Infrastructure Cybersecurity Challenges

Published Jul 28, 2015

Information technology (IT) executives within critical infrastructure organizations see a need for public-private threat intelligence sharing partnerships (86% of respondents) to keep pace with escalating cybersecurity threats, according to a survey released today by The Aspen Institute and Intel Security. A majority (76%) of survey respondents also indicated they believe a national defense force should respond when a cyber attack damages a critical infastructure company within national borders. Additionally, although most respondents agree that threats to their organizations are on the rise, they maintain a high degree of confidence in existing security.

The survey, Holding the Line Against Cyber Threats: Critical Infrastructure Readiness Survey, reveals that the critical infrastructure providers surveyed are pleased with the results of their efforts to improve cybersecurity over the last three years, but at the same time many (72%) said that the threat level of attacks was escalating. Almost half of all respondents (48%) believe it is likely that a cyberattack on critical infrastructure, with the potential to result in the loss of human life, could happen within the next three years.

"With new breaches announced regularly, the current security reality is that organizations are struggling for answers. It’s time for public and private intrests to join together to enhance cybersecurity and critical infrastructure protection," said Hamed Diab, MENA Regional Director, Intel Security.

“This data raises new and vital questions about how public and private interests can best join forces to mitigate and defend against cyberattacks,” said Clark Kent Ervin, Director, Homeland Security Program, Aspen Institute. “This issue must be addressed by policymakers and corporate leaders alike.”

Survey results suggest there may be a disconnect between critical infrastructure providers and the current threat landscape:
• Perceived Improvements: Respondents believe their own vulnerability to cyberattacks has decreased over the last three years. When asked to evaluate their security posture in retrospect, 50% reported that they would have considered their organizations “very or extremely” vulnerable three years ago; by comparison, only 27% believe that their organizations are currently “very or extremely” vulnerable.
• Government Involvement Encouraged: Private industry is often hesitant when it comes to government’s involvement in private sector business; however, 86% of respondents believe that cooperation between the public and private sectors on infrastructure protection is critical to successful cyber defense. Furthermore, 68% of respondents believe their own government can be a valuable and respectful partner in cybersecurity.
• Confidence in Current Solutions: Sixty-four percent believe an attack resulting in fatalities has not happened yet because good IT security is already in place. Correspondingly, more than four in five are satisfied or extremely satisfied with the performance of their own security tools such as endpoint protection (84%), network firewalls (84%), and secure web gateways (85%).
• Disruptions Increasing: More than 70% of respondents think the cybersecurity threat level in their organization is escalating. Around nine in ten (89%) respondents experienced at least one attack on a system within their organization, which they deemed secure, over the past three years, with a median of close to 20 attacks per year. Fifty-nine percent of respondents stated that at least one of these attacks resulted in physical damage.
• Loss of Life?: Forty-eight percent of respondents believe it is likely that a cyberattack that will take down critical infrastructure with potential loss of life will occur within the next three years, although there were no additional survey questions to determine the circumstances under which respondents believed the loss of life could occur. More US respondents thought this scenario was “extremely likely” to occur than did their European counterparts.
• User Error Still #1 Issue: Respondents believe user error is the greatest cause of successful attacks on critical infrastructure. Organizations may strengthen their security postures, but individual employees can still fall victim to phishing emails, social engineering and drive-by browser downloads that successfully infect their organizations’ networks.
• Government Response: Seventy-six percent of respondents believe a national defense force should respond when a cyber attack damages a critical infastructure company within national borders.
• Different Country Perspectives: US respondents believe the likelihood of a catastrophic cyberattack on critical infrastrucutre that could result in loss of life is more certain than do their European counterparts. While 18% of US sources consider this scenario “extremely likely” to occur in the next three years, only 2% in Germany and 3% in the UK think it extremely likely.
Additional Takeaways from Report
• Intel Security’s A Thief’s Perspective report notes that one of the biggest challenges in cyber defense is the need to cover every possible attack vector while attackers only need to find one weak point.
• To be more cyber secure, we need more than IT solutions; we need education, training & awareness to reduce human error.

Methodology
The survey, conducted by Vanson Bourne, interviewed 625 IT decision makers with influence over their organization’s security solutions in France, Germany, the United Kingdom and the United States (250 interviews in the US and 125 in each of the UK, France and Germany).

Respondents were from private and public organizations (minimum of 500 employees), with particular focus on the critical infrastructure sectors of energy (139 respondents), transport (130 respondents), finance (159 respondents) and government (128). Questionnaire surveys, such as the one conducted by Vanson Bourne and Intel Security, collect data at a single point in time and are limited in their ability to collect complex and nuanced responses. Furthermore, they are not independently able to support long-term conclusions.



Rate This:

Posted by VMD - [Virtual Marketing Department]


Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam

  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email

  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy

  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains

  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments

  Rackspace Wins 2017 Red Hat Innovator of the Year Award

  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work

  4 Tech Hacks to Faster Customer Onboarding

  New Mimecast Report Detects 400% Increase in Impersonation Attacks