Large Electric Utilities Earn High Security ScoresLarge Electric Utilities Earn High Security Scores
Critical infrastructure is a big target for attack, but new data shows some operators in that industry suffer fewer security incidents than other industries.
May 30, 2014
It may sound counterintuitive, but major utilities rank as one of the most secure organizations, according to a new study.
Large electric utilities scored 751 on a grading scale of 250 to 900-- second only to the traditionally security-forward financial industry, which scored 782, according to BitSight Technologies' new security index that analyzes the security performance of finance, utility, retail, and healthcare organizations in the Standard & Poor's 500.
Overall, 82% of the companies in the four industry sectors were hit with a security incident during the period analyzed in the report, from April 1, 2013 through March 31, 2014.
"I was looking for utilities to do poorly. But what we learned here is it's mostly SCADA systems that have their [security] issues. The largest utilities in the S&P 500 are pretty high-performing" when it comes to securing their networks, says Stephen Boyer, founder and CTO of BitSight, which tracks malicious traffic on the Internet. "Beyond those small utilities that have a lot of problems, the larger ones are pretty sophisticated. They are pretty good at segmentation and responding very quickly" to threats, he says.
"Large investor owned utilities have fairly sophisticated security practices. Like large financial institutions, they have significant security budgets and cyber risk has executive level visibility," said Dave Dalva, vice president of security science at Stroz Friedberg, in a statement in BitSight's report, published this week.
ICS/SCADA systems notoriously suffer from security shortcomings mainly due to plant operators' priority of operations and safety, rarely patching and updating software for fear of disrupting the power supply or manufacturing process, for instance.
BitSight gathered the data for its analysis via its global sensors on the Internet that detect botnet and other malicious traffic, and tracks malware and the duration of its presence on systems for its customers.
Utilities are mostly plagued by a family of Trojans called Redyms (26%), which redirect search engine results, Zeus (15%), Zero Access (13%), Cutwail (8%), and Confickr (8%).
Financial firms are hit mostly by Zeus (33%), followed by ZeroAccess 12%), Redyms (10%), Confickr (7%), and Spambot (7%), according to BitSight's findings.
Meanwhile, the healthcare industry scored poorly, 660, as did retail, 685. "What was surprising was healthcare," Boyer says. "The fact that Confickr was so prominant there says a lot," with 13% of the malware infections, he says.
The full report is available here for download.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023