Is your critical infrastructure under cyber threat? 50:50 chance says Symantec

Net and enterprise security leader Symantec Corp. has released the India findings of its 2010 Critical Infrastructure Protection (CIP) Survey, which show that attacks against critical infrastructure providers in India have become more frequent and increasingly effective .

“Critical Infrastructure Protection is not limited to protecting government and defense infrastructure, but extends to both publicly and privately run infrastructure such as telephone networks, power generation and distribution, oil refineries and gas pipelines,” said Shantanu Ghosh, vice president, India Product Operations, Symantec. “Today’s advanced threats require a comprehensive and risk-based approach that encompasses security, and disaster recovery, along with information management technology to maintain true network resiliency.”

“Stuxnet, the first computer worm to impact critical infrastructure such as nuclear power plants, water treatment facilities and other factories, reaffirms that cyber attacks have evolved to extremely sophisticated activities capable of compromising utilities, government and private infrastructure, and corporate intellectual property, ” said Gulshan Rai, Director General, Indian Computer Emergency Response Team (CERT In). “Symantec is working intensively with CERT-In. to identify Stuxnet infected systems as well as their sanitization. We are continuously monitoring the online threat landscape to ensure that India’s critical assets are secured.”

“Today’s sophisticated cyber criminals are increasingly exploiting new and unpatched software vulnerabilities to attack systems and steal confidential information,” said Lizum Mishra, director, Business Software Alliance (BSA) India. In the case of critical infrastructure, it is even more important for industries and government organizations to prioritize information security to prevent falling victim to malicious threats.”

India Highlights : Targeted attacks are increasing in effectiveness and frequency: 43 per cent of Indian companies said attempts to shutdown or degrade their computer network were effective, and 37 per cent said attempts to manipulate physical equipment through network were somewhat effective. More than two-thirds of critical infrastructure providers said these attacks were staying the same or increasing.

Nearly 80 per cent of Indian providers are enthusiastic, appreciative or accepting of the government’s plans to protect critical infrastructure. One in five respondents are also engaged with the government on these plans.

Just more than half of Indian respondents are prepared for attacks carried out with political intentions, including attempts to steal electronic information, manipulate physical equipment through the network, shut down or degrade networks and alter or destroy electronic information. Respondents cited security training, response, audits and disaster recovery planning as safeguards that needed the most improvement. In fact, nearly half (42 per cent) said lack of trained resources within industry sectors is a challenge.

Global Highlights:

53 percent of companies suspected they had experienced an attack waged with a specific political goal in mind
, with companies being attacked 10 times on average in the past five years.

48 percent expect attacks in the next year and 80 percent believe the frequency of such attacks is increasing. The average cost of these attacks was $850,000.

Two-thirds have positive attitudes about programs and are willing to cooperate with their government on CIP.

Only one-third of critical infrastructure providers feel extremely prepared against all types of attacks.

Link to global study ( 20 poage PDF)

Dec 13 2010