Web Called Vulnerable to Hacks, Malware, and Attacks

There has been a "dramatic" increase in cyberattacks on critical infrastructure but organizations remain unprepared, according to McAfee research.

Artwork: Diego Aguirre
The research found that 80 percent of critical infrastructure organizations had experienced a "large-scale" attack, while 25 percent had been victims of extortion attempts.

The joint research from McAfee and the Center for Strategic and International Studies (CSIS) looked at the threats to the likes of power grids, oil, gas and water.

The survey of 200 IT security executives in the critical infrastructure field across 14 countries, including the UK, found that 40 percent of executives believed their industry's vulnerability had increased.

Nearly 30 percent believed their company was not prepared for a cyberattack and more than 40 percent expected a major cyberattack within the next year. Vanson Bourne was commissioned to question the 200 respondents.

The "In the Dark: Crucial Industries Confront Cyberattacks" report found that the energy sector had increased its adoption of security technologies by only a single percentage point (51 percent), and oil and gas industries increased only by three percentage points (48 percent).

"We found that adoption of security measures in important civilian industries badly trailed the increase in threats over the last year," said Stewart Baker, who led the study for CSIS.

The majority of respondents frequently found malware designed to sabotage their systems (nearly 70 percent), and nearly half of respondents in the electric industry sector reported they had found the potentially damaging Stuxnet malware on their systems.

Dr Phyllis Schneck, vice president and chief technology officer for the public sector at McAfee, said, "In the past year, we've seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures.

"The fact is is that most critical infrastructure systems are not designed with cybersecurity in mind, and organisations need to implement stronger network controls to avoid being vulnerable to cyberattacks."

Now read Tech trade groups call for new cyber security incentives

Subscribe to the Security Watch Newsletter

Comments