Establishing Digital Trust: Don't Sacrifice Security for Convenience
A recent survey of more than 150 professionals in the energy, utilities, and oil and gas industries has found that 53 percent of oil and gas industry respondents said the rate of cyber attacks targeting their organizations had increased between 50 and 100 percent over the previous month.
The survey, conducted in November 2015 by Dimensional Research on behalf of Tripwire, also found that fully 82 percent of oil and gas industry respondents said their organizations had seen an increase in successful cyber attacks over the previous 12 months.
"The increase in successful attacks should be deeply concerning," Tripwire director of IT security and risk strategy Tim Erlin said in a statement.
"Successful attacks could mean that attackers are able to breach a specific security control or that they have been able to get closer to sensitive data using phishing or malware scams that have been detected," Erlin added. "It could also mean that attackers are launching more persistent, targeted attacks."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Only 31 percent of oil and gas industry respondents said they were confident that their organizations are able to detect all cyber attacks, and 72 percent of oil and gas industry respondents said a single individual is responsible for securing both their IT and OT environments.
"In combination with the lack of confidence in detection capabilities these findings demonstrate that the oil and gas industry needs to increase investment in basic best practices to materially reduce risk," Erlin said. "Unfortunately, these results indicate that things will probably get worse before they get better."
Separately, a Proficio survey [PDF] of more than 150 IT security professionals found that only 49 percent of respondents said they're satisfied that they have the technology, processes and expertise to prevent a damaging cyber attack in the coming year.
When asked what their top concerns are for 2016, 53 percent of respondents listed insider threats, 50 percent listed unpatched vulnerabilities, 50 percent listed next-generation malware, 45 percent said mobile device security, 41 percent said Web application security, and 41 percent said spear phishing.
When asked what security operations functions they're currently outsourcing, 63 percent of respondents said they outsource penetration testing, 55 percent outsource compliance assessments, and just 28 percent outsource 24/7 security event monitoring and alerting.
Recent eSecurity Planet articles have looked at how to secure corporate data in a post-perimeter world and offered advice on improving database security.