Nearly 60% of executives at critical infrastructure operators say they lack appropriate controls to protect their environments from security threats, according to a recent survey of close to 100 executives by Indegy, which was announced on April 3. The poll also found that 44% of the respondents added that their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months.
"We've been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time," says Barak Perelman, CEO of Indegy. "As the recent joint DHS/FBI CERT Technical Alert illustrates, adversaries have compromised facilities across the U.S. to conduct reconnaissance and likely develop 'Red Button' capability for future attacks."
While organizations have made significant investments to secure their IT infrastructures, they haven't fully addressed threats to operations technology (OT) environments. The survey's results underscore the lack of preparedness in key sectors including energy, utilities and manufacturing. Other key findings include:
- 35% of respondents have little visibility into the current state of security within their environment, while 23% reported they have no visibility;
- 63% claim that insider threats and misconfigurations are the biggest security risks they currently face; and
- 57% said they're not confident that their organization and other infrastructure companies are in control of OT security.