Critical infrastructure cyberattacks increase across the Americas
- By Mark Rockwell
- Apr 13, 2015
What: "Report on Cybersecurity and Critical Infrastructure in the Americas," from the Organization of American States and Trendmicro.
Why: Attacks on critical infrastructure providers by attackers looking to steal information and even destroy critical government, energy, banking and other industries' networks have spread across dozens of countries in the Americas. OAS's survey of 575 critical infrastructure CIOs in 26 countries in North and South America found that more than 75 percent had seen an upswing in attacks. Most of those were seeking information, but an increasing number looked to do physical damage to systems. Attacks were driven by cybercrime, geopolitics and hacktivism. The survey included government systems, which along with the energy sector were the top two industries that experienced destructive attacks. Communications and banking sectors followed.
Phishing was the top attack technique, with 70 percent of the respondents saying they had experienced such an attack. Unpatched vulnerabilities were next on the attack list, with 50 percent saying they'd experienced such an attack. Next, in descending order were distributed denial of service, SQL injection, cross site scripting, hacktivist-originated attacks and advanced persistent threats.
Flat budgets and lack of planning among critical infrastructure companies were part of the increasing problem, said the report. It found that 52 percent of the CIOs it polled in the region said they had a cyber incident response plan in place. The same percentage said their security budgets hadn't increased in the last year, however. Only 5 percent said they were very prepared for a cyberattack, with 35 percent saying they were prepared, and 40 percent said they were somewhat prepared.
There was some good news. The survey found that 68 percent of critical infrastructure companies trusted their government to support advancements in dealing with the threat. That could indicate the barrier to more dialogue among public/private critical infrastructure companies might be lower than it has seemed and could only require them to reach out to each other to start the process.
Verbatim: "There is no doubt that this hyper-connectivity is a powerful development tool and opportunity for growth for governments, business, and individuals alike—a tool that must remain open and accessible despite the inherent risks. The challenge lies in our ability to balance and manage these risks for the foreseeable future. The openness and ease of access of a hyper-connectivity has lowered the barriers to entry for criminal entrepreneurs as they can participate in illicit activities from almost anywhere. This makes it difficult for law enforcement to link the crime to the perpetrator and jurisdiction."
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.