Extortion, Malware Targeting Important Assets
While attacks are augmenting, several companies aren't doing sufficient to safeguard their systems and are rather rushing to adopt latest and advanced technologies, without ensuring that they are sufficiently protected against cyber attacks, as reported by Cnet News on April 18, 2011.
The report was prepared by security firm McAfee and it was drafted by the Centre for Strategic and International Studies (CSIS). It comprises outcomes from an e- survey of 200 IT security executives from companies that offer oil, electricity, gas, and water & sewage services across 14 nations during Q4- 2010.
Security at power firms has been a major issue for decades, however the problem increased to prominence with the surfacing of the Stuxnet malware during 2010, which targets holes in Windows systems and attacks a particular Siemens SCADA program with damage. After scrutinizing the malware, experts believe that it was written to attack nuclear facilities in Iran.
As per a study, 8 of 10 respondents stated that, their networks had been attacked by cybercriminals during the last year (2010). Nearly 70% of the survey respondents stated that, they regularly identified malware designed to damage their computers during 2010, and almost half of those in the electric industry stated that, they identified Stuxnet on their machines.
As per the report, respondent were also asked regarding how much engagement they had with their governments on dealing with the cyber security problems. Japan ranked no. 1, along with China and the United Arab Emirates, though the survey did not requested if that corporation was intentional or implemented.
In spite of the augment in the risks and the executives' concerns about them, firms aren't beefing up their security enough. Energy companies, for example, augmented their adoption of security technologies by just a single percentage point, to 51%, and oil & gas firms by 3percentage points, to 48%.
Commenting on the matter, Carl W. Baker, Director of program and co-editor of Comparative Connections at CSIS, stated that, the message is that their industrial control systems are quite vulnerable to attacks and the security they have deployed presently is inadequate to protect them, as reported by Cnet News on April 18, 2011.
He further added that, he was worried that the industry is not receiving that message, in spite of having the evidence in front of them.
» SPAMfighter News - 26-04-2011