A report called ‘In the Dark: Crucial Industries Confront Cyber-attacks’, produced by McAfee and the Center for Strategic and International Studies (CSIS) has revealed that 40% of 200 IT security executives polled believe a major cyber-attack on critical infrastructures may occur over a span of year.
This report surveyed 200 IT security executives from critical electricity infrastructure enterprises in 14 counties, focused on the critical civilian energy infrastructure that depends most heavily on industrial control systems.
Forty percent of the IT security executives from critical electricity infrastructure enterprises believed that the industry’s vulnerability had increased almost 30% and believed that their company was not ready for cyber-attacks.
“We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study for CSIS.
“Ninety to 95% of the people working on the smart grid are not concerned about security and only see it as a last box they have to check,” said Jim Woolsey, former United States director of Central Intelligence.
Some of the key findings of this report
- Eighty percent of respondents have faced a large-scale denial of service attack
- Twenty-five percent of respondents have been victims of extortion attempts
- More than 40 percent of executives believe that their industry’s vulnerability has increased
- Almost 30 percent believe their company is not prepared for a cyber-attack
- More than 40 percent expect a major cyber-attack within the next year
- Energy sector increased its adoption of security technologies by only a single percentage point, at 51 percent
- Oil and gas industries increased by only three percentage points, at 48 percent
- Nearly 70 percent of respondents frequently found malware designed to sabotage their systems
- A quarter of respondents reported daily or weekly DDoS attacks
After reading the complete report it’s evident that there has been an increase in cyber-attacks on critical infrastructure and still most of the organizations are unprepared. Time has come to design the critical infrastructure systems with cyber-security in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyber-attacks.