A recent Ponemon report shows that 67% of critical infrastructure organizations suffered breaches in the last year, yet only 28% of respondents ranked security as one of the top five strategic priorities for their organization. This is of high concern due to importance of these critical infrastructures.
Critical infrastructure organizations include utility, oil and gas, alternate energy and manufacturing companies. If any of these organizations’ ICS and SCADA systems were attacked, the negative repercussions would be significant. For example, an attack on the SCADA system of a gas company would halt gas supply to everyone who received gas through that system.
Additional key findings from the research indicated that only 17% of companies have fully deployed their IT security programs and only 15% find their threat intelligence effective and actionable to stop or minimize the impact of a cyber attack.
The worse part is that although these companies recognize security threats, they are not committing to preventing attacks. It turns out that only one in six of the organizations surveyed find their IT security program mature. Deployment and execution are in the middle stages, but not fully taken on. The study also found that the organizations who suffered an attack within the past year attributed it to internal accident or mistake, yet they have no employee training program (only 6% are training their employees on cyber security).
78% of the surveyed organizations believe that a successful attack is at least somewhat likely within the next 24 months and just 21% believe regulations and industry-based security standards have helped to decrease ICS and SCADA risk levels.
Critical infrastructure organizations need to step up their security soon if they are going to avoid a disastrous situation. It is imminent to reach a mature level of security before attack takes place and to implement security training for all employees, develop an incident response plan, have the necessary policies and procedures in place, and ensure all their vulnerabilities are covered.
How mature is your organization’s level of security? Are you prepared for the risks ahead?
Photo Courtesy of wavebreakmedia