Tripwire, Inc., a leading global provider of endpoint detection and response, security and compliance solutions, today announced the results of a study conducted for Tripwire by Dimensional Research. The study, which was carried out in November 2015, assessed cyber security challenges faced by organizations in the energy sector. Study respondents included over 150 IT professionals in the energy, utilities, and oil and gas industries.
When asked if their organization had experienced a rise in successful cyber attacks in the last 12 months, seventy-seven percent of the respondents in Tripwire’s study replied, “yes.” In addition, more than two-thirds of the respondents (sixty-eight percent) said the rate of successful cyber attacks had increased by over twenty percent in the last month.
“It’s tempting to believe that this increase in attacks is horizontal across industries, but the data shows that energy organizations are experiencing a disproportionately large increase when compared to other industries,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “At the same time, energy organizations face unique challenges in protecting industrial control systems and SCADA assets.”
Additional findings from the study include:
- Energy executives were more than twice as likely to believe their organization detected every cyber attack (forty-three percent) than nonexecutives (seventeen percent).
- In the last 12 months, seventy-eight percent of the respondents said they experienced a cyber attack from an external source, and thirty percent have seen an attack from an inside employee.
- Forty-four percent of the respondents indicated they have not gathered enough information to identify the sources of cyber attacks on their organizations.
- Nearly one-fourth (twenty-two percent) of the respondents admitted their organizations do not have business processes to identify sensitive and confidential information.
“Detecting attacks successfully is the midpoint of the overall process,” Erlin continued. “Energy organizations need to invest in greater prevention and forensic tools to decrease the rate of successful attacks and fully investigate those they can’t prevent.”
According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry. Despite these escalating risks, the energy sector faces serious challenges responding to security threats effectively. For example, the results of the North American Electric Reliability Corporation’s (NERC) GridEx III “cyberwar games” revealed significant challenges with the cyber threat intelligence practices of grid operators.
In addition to this study, Tripwire conducted a survey of 200 security professionals attending RSA Conference 2016. When asked if a cyber attack would cause physical damage to critical infrastructure in 2016, eighty-three percent of the respondents replied, “yes.” In addition, seventy-three percent of respondents to this second survey said critical infrastructure providers are more vulnerable to ransomware attacks than other organizations.