Tripwire Inc, a provider of endpoint detection and response, security and compliance solutions, announced the results of a study conducted for it by Dimensional Research. The study, carried out in November 2015, assessed cyber security challenges faced by organizations in the energy sector. Study respondents included over 150 IT professionals in the energy, utilities, and oil and gas industries.
“It’s tempting to believe that this increase in attacks is horizontal across industries, but the data shows that energy organizations are experiencing a disproportionately large increase when compared to other industries”
When asked if their organization had experienced a rise in successful cyber attacks in the last 12 months, 75% of the respondents in Tripwire’s study replied, “yes.” In addition, 68% said the rate of successful cyber attacks had increased by over 20% in the last month.
“It’s tempting to believe that this increase in attacks is horizontal across industries, but the data shows that energy organizations are experiencing a disproportionately large increase when compared to other industries,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “At the same time, energy organizations face unique challenges in protecting industrial control systems and SCADA assets.”
Additional findings from the study include:
- Energy executives were more than twice as likely to believe their organization detected every cyber attack (43%) than nonexecutives (17%)
- In the last 12 months, 78% of the respondents said they experienced a cyber attack from an external source, and 30% have seen an attack from an inside employee.
- 44% of respondents indicated they have not gathered enough information to identify the sources of cyber attacks on their organizations.
- Nearly one-fourth (22%) of the respondents admitted their organizations do not have business processes to identify sensitive and confidential information.
“Detecting attacks successfully is the midpoint of the overall process,” Erlin continued. “Energy organizations need to invest in greater prevention and forensic tools to decrease the rate of successful attacks and fully investigate those they can’t prevent.”
According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry. Despite these escalating risks, the energy sector faces serious challenges responding to security threats effectively. For example, the results of the North American Electric Reliability Corporation’s (NERC) GridEx III “cyberwar games” revealed significant challenges with the cyber threat intelligence practices of grid operators.
In addition to this study, Tripwire conducted a survey of 200 security professionals attending RSA Conference 2016. When asked if a cyber attack would cause physical damage to critical infrastructure in 2016, 83% of the respondents replied, “yes.” In addition, seventy-three percent of respondents to this second survey said critical infrastructure providers are more vulnerable to ransom-ware attacks than other organizations.
For more information about the survey: http://www.tripwire.com/company/research/tripwire-2016-energy-survey-attacks-on-the-rise/
Tripwire is a provider of endpoint detection and response, security, compliance and IT operations solutions for enterprises, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics.