Lacking Insight: Cyber attacks cause more damage than you think
February 5, 2016 | By
Barbara Vergetis Lundin
For the most part, industry professionals are aware of the physical damage a cyberattack could cause to their infrastructure, but lack the mechanisms to actually track it, according to a study of energy, utilities, and oil and gas industries conducted by Dimensional Research for Tripwire.
More than three out of four respondents (76 percent) believe their organizations are targets for cyber attacks that could cause physical damage and 78 percent said their organizations are potential targets for nation-state cyber attacks. According to the study, 82 percent of respondents said a cyber attack on the operational technology (OT) in their organization could cause physical damage; 100 percent believe a kinetic cyber attack on OT would cause physical damage. However, 65 percent of respondents said their organization does not have the ability to accurately track all the threats targeting their OT networks -- drastically limiting their insight into the actual damage. "The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security," said Tim Erlin, director of IT security and risk strategy for Tripwire. "These threats are not going away. They are getting worse." In fact, according to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise. If successful, these cyber attacks could have a dramatic physical impact. Take, for instance, the December 2015 BlackEnergy malware attack against a power plant in the Ukraine that left more than 700,000 customers without electricity. "We've already seen the reality of these responses in the Ukraine mere months after this survey was completed," said Erlin. "There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today. While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks." For more: © 2016 FierceMarkets, a division of Questex, LLC. All rights reserved. |