<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Critical Infrastructure

Security Performance in the Utilities Sector: Steps for Progress

Noah Simon | April 15, 2015

For years, it has been widely-known that the Utilities industry has struggled with cyber security in relation to other industries. In 2014, Unisys and the Ponemon Institute found that 70% of Utility companies surveyed around the world had been breached. The vast majority of breaches are often not reported publicly- or even worse, they aren’t discovered at all. However, breaches for Utility companies are a big problem: beyond safeguarding critical infrastructure, these companies often hold a large amount of customer data.

In previous years, breaches of Utility companies have led to the loss or destruction of hundreds of thousands of records. In 2013, Central Hudson Gas & Electric Corporation notified 110,000 of its customers that personal information including bank accounts had been accessed. In addition to data loss, Utility companies are also at risk to have data completely destroyed. A recent survey conducted by TrendMicro and the Organization of American States (OAS) found that 44% of critical infrastructure companies have experienced attempts to delete files. Recent analysis from BitSight has confirmed that Utilities are struggling to secure their networks against potential cyber attacks.

Botnet grades as a key security metric

The most recent Insights report, Beware the Botnets, uncovered that organizations with a BitSight botnet grade of B or lower were more than twice as likely to experience a publicly disclosed breach. Alarmingly, Utilities fared poorly in this category with 52% of these companies receiving a botnet grade of B or lower. While botnets do not necessarily lead to data loss, they signal a loss of protective controls and that some systems or data are at risk.

blogUtilitiesImage

Greater adoption of continuous monitoring solutions in the Utilities sector could translate to significant improvements in security performance. Due to the severity and complexity of botnets, it is vital that Utilities companies detect infections as early as possible. Additionally, since botnet infections are linked with a higher likelihood of public breaches, they should be viewed as a key indicator of security performance. Despite the unique security challenges Utilities companies face, better detection and remediation of botnet infections and other security events, configuration issues and risky user behaviors would be a big step towards reaching a higher level of security performance. 

 

Suggested Posts

From Framework to Application: Security Ratings and NIST

This is the introductory post in a series exploring how security ratings can address key aspects of the National Institutes of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity. The purpose of...

READ MORE »

Security Performance in the Utilities Sector: Steps for Progress

For years, it has been widely-known that the Utilities industry has struggled with cyber security in relation to other industries. In 2014, Unisys and the Ponemon Institute found that 70% of Utility companies surveyed around the world had...

READ MORE »

2015 Information Security Predictions Round-up

It's the time of year that every media outlet talks about predictions and resolutions. We've compiled a list of the most interesting and/or relevant information security predictions for 2015 and added a few of our own, courtesy of BitSight...

READ MORE »

Subscribe to get security news and updates in your inbox.