Barely A Third of Energy Companies Track Cyber Threats

Uploaded on 2016-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

The energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

In June of 2015, Dimensional Research conducted a survey for Tripwire of over 400 energy executives and IT professionals in the energy, oil, gas and utility industries on cybersecurity and compliance initiatives. The survey found that 86 percent of energy security personnel believed they could detect a breach on critical systems in less than one week.

This timeframe widely disagrees with Mandiant’s M-Trends 2015 report and the 2015 Data Breach Investigations Report, both of which found that security professionals in the energy industry usually take months to detect an attack against their networks.

The June survey clearly shows that IT personnel were confident in their ability to detect an incident. Some months later, it would now appear that security professionals have adopted a soberer appreciation of the risks at hand.

Tripwire has announced the results of another study conducted for Tripwire by Dimensional Research on the cyber security challenges faced by organisations in the energy sector. The newest study, which was carried out in November 2015, surveyed over 150 IT professionals in the energy, utilities, and oil and gas industries.

As revealed in Tripwire’s study, some 82 percent of respondents reported that an attack on the operational technology (OT) in their organisation could potentially cause physical damage. This finding is generally consistent with June’s study, when 83 percent of respondents affirmed the same belief with regards to their organisation’s infrastructure.

However, in the newest survey, 100 percent of executives now feel recognize the threat against OT, which is up from 94 percent back in June.

The study also reveals that three quarters of respondents feel that their organisation is a target for an attack that could cause physical damage (78 percent). Approximately the same number (76 percent) feels that a nation-state actor could threaten them with such an offensive.

However, when asked whether their organisation has the ability to actively track all of the threats confronting their OT networks, only 35 percent said “yes”, with others citing the sheer number of threats, a lack of network visibility, and departmental compartmentalisation as reasons why they said “no” or stated they weren’t sure.

This is a concerning number, especially considering the damage BlackEnergy malware alone has wrought against Ukrainian power companies and airports in recent weeks.

“We’ve already seen the reality of these responses in the Ukraine mere months after this survey was completed,” said Tim Erlin, Director, Security and IT risk strategist at Tripwire. “There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today.”

If anything, this risk is getting worse. According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise.

Fortunately, there is hope.
“While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks,” explains Erlin.

Tripwire: http://bit.ly/1NTCv0P

« What Motivates Cyber Criminals?
MIT Develops A Hack-Proof RFID Chip »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

Secret Double Octopus

Secret Double Octopus

Secret Double Octopus offers the world’s only keyless multi-shield authentication technology for users and things.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

AirMDR

AirMDR

Designed by experts, AirMDR solutions cater to the unique demands of security operations centers.

Forthright Technology Partners

Forthright Technology Partners

Forthright Technology Partners (Forthright) is a next-generation cloud and managed IT services provider serving a global clientele.

DarkHorse Security

DarkHorse Security

DarkHorse exists to make it easy and affordable for organizations to be able to identify their cybersecurity vulnerabilities.

SafeShark

SafeShark

SafeShark are Product Security and Telecommunications Infrastructure (PTSI) Act and Radio Equipment Directive (RED) compliance specialists.

Center for Technology Training (CTT)

Center for Technology Training (CTT)

CTT is a distinguished Computer Training School in Tampa. We specialize in offering comprehensive IT certification programs, including Cyber Security.