Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Critical Infrastructure Firms Lag Behind in Cyber-Attack Defenses

    By
    Robert Lemos
    -
    July 11, 2014
    Share
    Facebook
    Twitter
    Linkedin

      Security teams at critical infrastructure firms have little trouble understanding that their networks are vulnerable. But the companies themselves have failed to make security a priority, according to a survey of nearly 600 security executives by the Ponemon Institute published on July 10.

      External attackers and malicious or negligent employees managed to compromise two-thirds of the companies’ networks in the past 12 months, leading to the loss of data or a disruption in operations, according to the report, Critical Infrastructure: Security Preparedness and Maturity, which was funded by technology firm Unisys. About 57 percent of respondents believe that their industrial control systems are at risk from cyber-attacks.

      Despite the recognition of cyber-attacks as a threat, most critical-infrastructure firms are not focused on security, according to the survey. Only 28 percent of security practitioners stated that their firms considered security a top-five priority, the study found.

      “It paints a picture of organizations that feel like they are at risk, yet they are not doing anything about it,” Dave Frymier, chief information security officer for Unisys, told eWEEK. “They are almost asleep at the switch, [and] they don’t seem to be taking the problem seriously.”

      In the survey of 599 information technology and IT security executives, most companies were aware of the dangers of cyber-attacks: Nearly two-thirds of organizations are committed to preventing or detecting the most sophisticated attackers, known as advanced persistent threats or APTs, according to respondents. The same number of respondents agreed that one or more serious cyber-attacks would infiltrate their infrastructure in the next year.

      Over the past two years, for example, a group of online hackers, whose actions bear the hallmarks of nation-state operatives, compromised hundreds of energy firms and industrial control system makers, according to the Industrial Control Systems Cyber Emergency Readiness Team (ICS-CERT) and security firms. Alternatively called “Dragonfly” and “Energetic Bear” by security firms, the attack campaign installed Remote Access Trojans (RATs) inside the networks of companies, organizations and government agencies located in Spain, the United States, Japan, France, Italy and Germany.

      Because control systems and monitoring networks are designed to be reliable and last for decades, dealing with legacy systems that may have significant vulnerabilities has become a major issue for utilities. Yet, most lack confidence that their organization could upgrade such systems without causing problems.

      More than half of security professionals interviewed by the Ponemon Institute stated that patching industrial systems with up-to-date security software either would not be cost-effective or would sacrifice mission-critical security, according to the report.

      Until a major event shakes critical-infrastructure firms from their malaise, the gap between security professionals understanding the theoretical threat of cyber-attacks and companies focusing on making their networks and infrastructure more secure in practice will likely remain for the foreseeable future, Frymier said.

      “We pretty much feel that there will have to be some precipitating event,” he said. “Something will have to happen, and unfortunately, it will probably be a bad thing that has to happen to galvanize people to understand the magnitude of the problem so they do something about it.”

      Avatar
      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×