Furthermore, 69 percent of organizations feel a data breach is very likely or likely to occur over the next 12 months, according to a survey by Q1 Labs and the Ponemon Institute.
The survey polled 291 IT and IT security practitioners in utilities and energy companies with an average of 11 years of experience; the work of participants in the study involves securing the organization’s information assets, enterprise systems or critical infrastructure.
The results show a glaring disconnect between the C-suite of executives and those in the IT trenches when it comes to IT security.
“One of the scariest points that jumped out at me is that it takes, on average, 22 days to detect insiders making unauthorized changes, showing just how vulnerable organizations are today,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “These results show that energy and utilities organizations are struggling to identify the relevant issues that are plaguing their company from a security perspective. They have to bridge the gap between operations and IT, and make IT security a top priority within the organization.”
Additional key findings of the study include:
- 71% of IT Security executives at global energy producers state that their executive management team does not understand or appreciate the value of IT Security.
- According to 43 percent of respondents, the top-ranked security threat their organization faces is negligent or malicious insiders and is the number one root cause of data breaches.
- 72% say initiatives are not effective at getting actionable intelligence (such as real-time alerts, threat analysis and prioritization) about actual and potential exploits.
- A mere 21% of global energy and utilities organizations feel that their existing controls are able to protect against exploits and attacks through smart grid and smart meter-connected systems.
- Only 39% of energy producers state that their organization’s security program is dedicated to detecting or preventing Advanced Persistent Threats.
- 67% of energy organizations are not using what would be considered “state of the art” technologies to minimize risks to SCADA networks.