Nearly all critical infrastructure industry executives recognise that their organisations are targets for cyber-criminals, and almost half think their systems could detect a cyber-attack on a critical system within 24 hours.
It's not that the remaining executives think it could take day or weeks to detect a cyber-attack; 61 percent think they could detect it in less than 24 hours. Tripwire surveyed more than 400 executives in the energy, oil, gas and utility industries to publish its “Critical Infrastructure Study.”
Although an overwhelming majority of executives have confidence that their security systems could quickly detect a cyber-attack, Rekha Shenoy, vice president of business and corporate development for Tripwire, believes this sureness isn't rooted in reality.
“The idea that these attacks would be detected quickly is basically a perception that's driven from the ability of these organisations to deliver energy with very high availability,” she said in emailed comments to SCMagazineUK.com. “However, in our experience, these organisations don't have the visibility into cyber-security issues that would allow them to detect an attack faster than other industries."
This limited visibility could especially prove problematic, considering that 83 percent of respondents said a cyber-attack could do “serious physical damage” to their infrastructure.
Shenoy noted that these security systems are relatively new, especially because of recent requirements and mandates that have forced the industry to “embrace cyber-security intitiatives faster than they would have otherwise.”