Security lags cyberattack threats in critical industries, report finds
The world's water treatment plants, power grids, and other vital industries are seeing escalating cyberattacks, but are not ramping up security fast enough, says a new global report.
(Page 2 of 2)
• Massive numbers of attacks. Eighty percent of those surveyed have faced a large-scale denial of service attack (DDoS), in which computers bombard an Internet-connected system and overload it, making access impossible. One-quarter of respondents say their systems were hit daily or weekly by DDoS attacks or received extortion demands during the attacks.Skip to next paragraph
Subscribe Today to the Monitor
• More extortion attempts. Among critical infrastructure providers, 1 in 4 professionals reports that the provider was an extortion target: Pay us or we'll cyberattack you. Extortion attempts grew 25 percent over the previous year, and the cases were distributed evenly among the different infrastructure sectors. Some 60 percent of professionals in India and 80 percent in Mexico reported cyberextortion attempts.
Despite this, most companies did not adopt additional security or clamp down on offsite users. Only one-quarter of the executives say they use systems that monitor network activity, and 36 percent use tools to detect changes in user authority.
• Cybersecurity laws lag. Brazil, France, and Mexico lag other nations in implementing security steps. Those nations adopted half as many measures as leaders China, Italy, Japan, which had the most confidence in laws to deter attacks.
• The US and Europe lag Asia in government involvement. While the security professionals in China and Japan report a lot of interaction with their governments on cybersecurity, those in the United States, Britain, and Spain reported little, if any, contact.
• More than half of respondents say they believe their organization has already been attacked by hackers working for governments.
"The level of sophistication of these attacks – many of them attributed to governments – was already fairly high a few years ago, and it's kind of leveled off now," says Alan Paller, research director for the SANS Institute, a cybersecurity education organization. "What we're seeing are sophisticated attacks increasingly deployed in a targeted way at these critical infrastructure industries."
While computer firewalls block viruses and other generic threats, spear-phishing that targets individuals with convincing e-mail, infected thumb drives, and other techniques are being used to infiltrate vital systems. So-called "zero-day" attacks that use never-before-seen attack software code – which antivirus companies have not yet developed a defense against – are one example of a potent growing threat, experts say.
Today, “if you can’t deal with a zero-day attack coming from a thumb drive,” says James Woolsey, former director of Central Intelligence, quoted in the report, “you have nothing.”