Unisys finds ‘alarming’ gaps in critical infrastructure security
Unisys and the Ponemon institute today released new research which has unveiled "alarming" gaps in the security of companies around the world in the critical infrastructure industries, such as oil, gas, and energy.
Unisys and the Ponemon Institute surveyed almost 600 security executives at utility, oil and gas, energy, and manufacturing companies in 13 countries from April to May this year, and found that 64 percent of respondents anticipated one or more serious attacks in the coming year.
According to Unisys, almost 70 percent of companies surveyed were responsible for the world's power, water, and other critical functions, and they reported at least one security breach that led to the loss of confidential information, or disruption of operations in the past 12 months.
Despite this risk, only 28 percent of respondents ranked security as one of the top five strategic priorities for their organisation, while a majority named their top business priority as minimising downtime.
"The findings of the survey are startling, given that these industries form the backbone of the global economy and cannot afford a disruption," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "While the desire for security protection is apparent among these companies, not nearly enough is actually being done to secure our critical infrastructure against attacks."
Of the respondents, only six described their organisation's IT security program or activities as "mature", while those who reported suffering a data breach within the past year most often attributed these breaches to an internal accident or mistake, and negligent insiders were the most cited threat to company security.
Despite these findings, only 6 percent of respondents said they provided cybersecurity training for all employees.
For Unisys chief information security officer, Dave Frymier, these results should be a timely reminder for companies about the risks involved with security, whether from outside, or within an organisation.
"Whether malicious or accidental, threats from the inside are just as real and devastating as those coming from the outside," said Frymier. "We hope the survey results serve as a wake up call to critical infrastructure providers to take a much more proactive, holistic approach to securing their IT systems against attacks. Action should be taken before an incident occurs, not just after a breach."