Business Standard

McAfee report reveals increase in cyberattacks on critical infrastructure

Organizations remain unprepared

Image

Announcement Corporate
  • 60% Indian respondents have been victims of extortion or cyber attack in 2009 and 2010
  • India ranked as fourth in terms of lowest levels of security adoption after Brazil, France and Mexico.

McAfee and the Center for Strategic and International Studies (CSIS) today revealed the findings from a global report ‘In the Dark, Crucial Industries Confront Cyberattacks’ that reflects the cost and impact of cyber attacks on critical infrastructures. Critical infrastructure refers to computer systems of vital economic assets such as power grids, railways, nuclear energy plants, etc. that make strong targets for criminal threats, industrial espionage and politically motivated sabotage. The survey comprised 200 IT security executives from global critical electricity infrastructure enterprises in 14 countries, including India and the findings suggest that the rate of security adoption in enterprises is not commensurate with the rapid growth of threats.

 

Michael Sentonas, VP, Chief Technology Officer, Asia Pacific, McAfee commented, “Threats to assets in a wide range of core sectors continue to emerge and evolve in complexity with far- reaching ramifications on a nation’s critical infrastructures. Today’s rapidly proliferating threats require enterprises to adopt a comprehensive risk-based approach with stronger network controls.”

“We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study on behalf of CSIS.  Industry executives made modest progress over the past year in securing their networks, as the energy sector increased its adoption of security technologies by only a single percentage point (51 percent), and oil and gas industries increased only by three percentage points (48 percent).

The report is a follow up to a report released in 2010 called “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” that found that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattacks on these networks. 

Some key findings from the report include:

Weak Security adoption: India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries. Currently, only 60% Indian respondents claimed to deploy a threat monitoring service and use software update and patch management service; 40% revealed having policies prohibiting USB stick usage and policy enforcement on unauthorized software. None of the Indian respondents claimed to adopt any security measures for smart grid controls.

Cyber attacks still prevalent: 80% of global respondents confessed to have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks.

High frequency of extortion attempts: One in four global survey respondents have been victims of extortion through cyber attacks or threatened cyber attacks.  The number of companies subject to extortion increased by 25 percent in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure. In terms of India, 60% of the respondents have been victims of extortion or cyber attack in the past two years.

To meet the challenges of the changing environment, McAfee advises these companies to adopt true critical infrastructure protection policies focused on:

  • Improved authentication measures, moving away from passwords to a higher reliance on tokens and biometric identifiers
  • Better hygiene of network systems to include increased use of encryption technologies and the monitoring of network use activities for role and activity anomaly detection
  • Increased oversight of access to industrial control systems, including how they access the Internet, through the oversight and active management of Internet connections, mobile devices, and removable media
  • Effective partnerships with governments. The nature of these partnerships will vary from country to country and range from encouragement to mandatory action, but the nature of the new threats industry faces requires government involvement

About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com

About CSIS
The Center for Strategic and International Studies (CSIS) is a bipartisan, non-profit organization founded in 1962 and headquartered in Washington, D.C. It seeks to advance global security and prosperity by providing strategic insights and policy solutions to decision makers.

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Apr 20 2011 | 7:36 PM IST

Explore News