Infographic: 70 Percent of World's Critical Utilities BreachedInfographic: 70 Percent of World's Critical Utilities Breached
New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months.
August 15, 2014
Information security professionals all know the cyberrisks to oil and gas, utilities, alternative energy, and manufacturing industries, and when it comes to strategic priorities, one would think that security remained a key priority across these sectors. Unfortunately, for the majority of providers, it’s not.
Nearly 70 percent of companies surveyed that are responsible for the world’s power, water, and other critical functions have reported at least one security breach that led to the loss of confidential information or disruption of operations in the past 12 months, according to a Unisys survey released in partnership with the Ponemon Institute.
In a Web survey of 599 security executives at utility, oil and gas, energy, and manufacturing companies, 64 percent of respondents anticipated one or more serious attacks in the coming year. Despite this risk, only 28 percent ranked security as one of the top five strategic priorities for their organization. A majority named their top business priority as minimizing downtime.
When asked about the likelihood of an attack on their organizations’ industrial control systems or Supervisory Control and Data Acquisition systems, 78 percent of the senior security officials responded that a successful attack is at least somewhat likely within the next 24 months. At the same time, just 21 percent of respondents thought that the risk level to ICS and SCADA has substantially decreased because of regulations and industry-based security standards. That doesn’t necessarily mean that tighter controls and better adoption of standards are needed.
With inevitable attacks on the horizon, chief information security officers in critical infrastructure face multiple pressures -- internal and external -- that affect business priorities. Most say their organizations are unaware or unsure of potential vulnerabilities. Many doubt they have effective security systems and aren’t confident they can keep legacy systems up to date. They need better information and new strategies for managing risk.
Do we invest in security or focus just on minimizing downtime? Must we do both? What are the pressures security officers face and how can we mitigate them? How do we make sure energy and utility businesses are focusing attention in the right places? I’d love to hear your thoughts in the comments below.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks