Latest news
Furthermore, 69 percent of organizations feel a data breach is very likely or likely to occur over the next 12 months, according to a survey by Q1 Labs and the Ponemon Institute.
The survey polled 291 IT and IT security practitioners in utilities and energy companies with an average of 11 years of experience; the work of participants in the study involves securing the organization’s information assets, enterprise systems or critical infrastructure.
The results show a glaring disconnect between the C-suite of executives and those in the IT trenches when it comes to IT security.
“One of the scariest points that jumped out at me is that it takes, on average, 22 days to detect insiders making unauthorized changes, showing just how vulnerable organizations are today,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “These results show that energy and utilities organizations are struggling to identify the relevant issues that are plaguing their company from a security perspective. They have to bridge the gap between operations and IT, and make IT security a top priority within the organization.”
Additional key findings of the study include:
- 71% of IT Security executives at global energy producers state that their executive management team does not understand or appreciate the value of IT Security.
- According to 43 percent of respondents, the top-ranked security threat their organization faces is negligent or malicious insiders and is the number one root cause of data breaches.
- 72% say initiatives are not effective at getting actionable intelligence (such as real-time alerts, threat analysis and prioritization) about actual and potential exploits.
- A mere 21% of global energy and utilities organizations feel that their existing controls are able to protect against exploits and attacks through smart grid and smart meter-connected systems.
- Only 39% of energy producers state that their organization’s security program is dedicated to detecting or preventing Advanced Persistent Threats.
- 67% of energy organizations are not using what would be considered “state of the art” technologies to minimize risks to SCADA networks.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
