In a Symantec survey of nearly 1,600 critical infrastructure companies, 53 percent reported having experienced what appeared to be a politically motivated cyber-attack.
A new report by Symantec underscores the threat facing critical
infrastructure networks around the world.
The statistics tell the tale. In its August Critical Infrastructure Protection Study,
responses from businesses in "six industries categorized as critical infrastructure
providers," Symantec found that 53 percent had experienced what was
perceived as a politically
motivated cyber-attack, and 48 percent expect attacks in the next year. Businesses
that had been attacked had been victimized by attackers an average of 10 times
in the past five years at a cost of $850,000.
"I think what's happened is that there's a very heightened awareness of
the threat," said Symantec CTO Mark
The survey's responses came from businesses across six verticals: emergency
services, energy, IT, banking, health care and communications.
Only about a third of critical
reported feeling "extremely" prepared for
all types of attacks and 31 percent felt less than "somewhat"
prepared. According to the respondents, the areas that need the most
improvement include "security training, awareness and comprehension of
threats by executive management," and "security audits."
Securing critical infrastructures is no small effort, and Symantec
recommended that governments get more involved. For example, "Governments
should partner with industry associations to develop and disseminate
information" about government programs and best practices.
"It's important to recognize that even [though] we tend to think of
critical infrastructure and large companies as being synonymous that's not
always the case," Bregman said. "There are some sectors where small
companies play a pretty critical role. One example would be emergency services,
where at least in the United States a lot of the emergency services are
provided by local small businesses, like ambulance services that need to be
available in case of emergency-yet them being small businesses, they are not as
well connected yet with these critical infrastructure protection
Critical infrastructure security has been in the news heavily recently due
to the emergence of the Stuxnet worm,
which targets industrial control systems.
No security is perfect, Bregman said.
"Despite best efforts, there will be things that get through," he
said. "So it's equally important to have a focus on resiliency and the
ability to recover in the situation where a system does get taken down, or data
does get corrupted or a breach does occur. It is not enough to build the
best defenses and hope, 'Now that I have great defenses nothing will ever get