Critical Infrastructure Firms Lag Behind in Cyber-Attack Defenses
Utilities, industrial manufacturers and energy companies expect cyber-attacks in the next year, but these organizations continue to react to threats, rather than build up security measures, according to the latest Ponemon survey.Security teams at critical infrastructure firms have little trouble understanding that their networks are vulnerable. But the companies themselves have failed to make security a priority, according to a survey of nearly 600 security executives by the Ponemon Institute published on July 10. External attackers and malicious or negligent employees managed to compromise two-thirds of the companies' networks in the past 12 months, leading to the loss of data or a disruption in operations, according to the report, Critical Infrastructure: Security Preparedness and Maturity, which was funded by technology firm Unisys. About 57 percent of respondents believe that their industrial control systems are at risk from cyber-attacks. Despite the recognition of cyber-attacks as a threat, most critical-infrastructure firms are not focused on security, according to the survey. Only 28 percent of security practitioners stated that their firms considered security a top-five priority, the study found. "It paints a picture of organizations that feel like they are at risk, yet they are not doing anything about it," Dave Frymier, chief information security officer for Unisys, told eWEEK. "They are almost asleep at the switch, [and] they don't seem to be taking the problem seriously."
In the survey of 599 information technology and IT security executives, most companies were aware of the dangers of cyber-attacks: Nearly two-thirds of organizations are committed to preventing or detecting the most sophisticated attackers, known as advanced persistent threats or APTs, according to respondents. The same number of respondents agreed that one or more serious cyber-attacks would infiltrate their infrastructure in the next year.