Te critical infrastructure we all rely on from day-to-day is open to and potentially already under cyber attack, research published today has revealed.
IDC surveyed 199 security experts from utilities, oil and gas, financial services, government, telecommunications, transportation providers in Europe, Canada and the US.
More than half of these experts believed that most critical infrastructure continues to be vulnerable to cyber attack and the majority said that major attacks have already begun or are likely to occur in the next 12 months.
Only the financial services industry was considered prepared, although nearly 40 per cent also believed that even this sector was not ready to defend itself. And for some - such as postal, shipping and transportation sectors - as many as three out of four experts indicated that the infrastructure was under-prepared.
Out of all the industries covered by the survey, respondents said energy was not only the biggest target for cyber attack, but also the sector that could cause the most disruption if attacked - as well as the most vulnerable to attack.
And, when asked to name the biggest bottleneck to improving cyber security, the largest number of experts (29 per cent) said the cost of security measures was holding them back. Apathy was second most likely to be a barrier, with government bureaucracy and internal issues tying for third.
Rick Nicholson, research vice president for IDC's Energy Insights and author of the Secure Computing-sponsored research, said: "Most utility CIOs [chief information officers] believe that their companies will be compliant with relevant standards, but still have a long way to go before being adequately prepared for all cyber attacks."
The research concluded that, at the same time that attacks are becoming more likely, many networks are becoming less secure. Almost all (98 per cent) of respondents believed direct connectivity of their control systems to internet protocol (IP) based network or the internet had made them more vulnerable.
It also warned that, as companies deploy new technologies such as smart meters, sensors and advanced communications networks, they run the risk of increasing their vulnerability unless they include security as an integral part of the projects.
And it said the increased quest for standardisation of IT platforms in response to cost pressures during turbulent economic times would also not help those critical infrastructure systems be any less vulnerable to attack.
