Critical infrastructure under attack -- and unprepared

What: "Critical Infrastructure: Security Preparedness and Maturity," a report from the Ponemon Institute and Unisys, based on a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies in 13 countries; conducted in April and May.

Why: Critical infrastructure providers are a prime target of cyberattackers across the globe. In the U.S., critical infrastructure providers are working with federal authorities to strengthen their defenses. The threat against the supervisory control and data acquisition (SCADA) systems that run electric, water, gas and other systems are under almost constant electronic assault from outsiders. For instance, in late June, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team posted warnings about a targeted ICS-focused malware campaign wielding a multipronged assault on critical infrastructure providers.

Only 17 percent of the companies surveyed said most of their IT security program activities had been deployed. Forty-three percent said they have defined activities that were only partially deployed, while 7 percent said their IT security activities have not been defined or deployed. That gap could be attributed to the fact that only 28 percent of respondents said security was among the top five strategic priorities at their companies.

Verbatim: "The risk to industrial control systems and SCADA is believed to have substantially increased. Fifty- seven percent of respondents agree that cyber threats are putting industrial control systems and SCADA at greater risk. Only 11 percent say the risk has decreased due to heightened regulations and industry-based security standards."

Full report: Click here.