Posts Tagged ‘attacks’

Secure Computing’s Cyber Security Study Reveals Sobering Results

Saturday, November 15th, 2008

Industry insiders say critical infrastructure is not prepared for cyber attacks and recommend that asset owners and operators begin by taking five steps to enhance their security.

SAN JOSE, CA –  Secure Computing Corp., a leading enterprise gateway security company, announced the results of a study conducted during August and September 2008 in the U.S., Canada, and Europe. The study surveyed 199 international security experts and other “industry insiders” from utilities, oil and gas, financial services, government, telecommunications, transportation, and other critical infrastructure industries. Despite a growing body of legislation and regulation, more than half of these experts believed that most critical infrastructure continues to be vulnerable to cyber attack. Further, a majority of respondents said that major attacks have already begun or are likely to occur in the next 12 months.

“An attack on any one of these industries could cause widespread economic disruptions, major environmental disasters, loss of property, and even loss of life,” said Elan Winkler, Director of Critical Infrastructure Solutions for Secure Computing. “This study revealed that many critical infrastructure organizations are simply not ready for the cyber attacks which are coming soon.”

Rick Nicholson, Vice President of Research for Energy Insights, an IDC company, who authored a white paper based on the survey, added, “Most utility CIOs believe that their companies will be compliant with relevant standards, but still have a long way to go before being adequately prepared for all cyber attacks.”

In the study, respondents were asked to indicate the state of readiness for eight different industries. More than 50% of respondents believed that utilities, oil and gas, transportation, telecommunications, chemical, emergency services, and postal/shipping industries were not prepared. For some sectors, such as postal/shipping and transportation, as many as three out of four experts indicated that the infrastructure was not ready for attack. Only the financial services industry was considered prepared, although nearly 40% believed that even this sector was not ready to defend itself.

Survey participants were also asked which industry was the biggest target, which was the most vulnerable to attack, and which was the most detrimental if breached. The insiders picked the energy sector in all three cases, with 33% saying it was the biggest target, 30% saying it was the most vulnerable, and 42% saying it would be the most detrimental if attacked.

When asked to name the biggest bottleneck to improving cyber security, the largest number of experts (29%) pointed to the cost of security measures. Apathy was the second most likely to be selected as the primary bottleneck, with government bureaucracy and internal issues tying for third. (more…)