Study: Half of critical infrastructure IT professionals believe major attack looming
A survey from Intel Security found that many information security professionals are overconfident in their systems' ability to thwart an attack.
The seemingly endless stream of data breaches and cyber attacks isn't intimidating people tasked with defending critical infrastructure, according to a new report from Intel Security.
While 80 percent of survey respondents believe cybersecurity is “either greatly or extremely concerning,” most also believe they're prepared for an eventual cyberattack. Twenty-seven percent of respondents feel “very or extremely vulnerable” today, whereas three years ago, half of respondents felt that way.
More than 600 IT professionals from critical infrastructure organizations participated in Intel's survey. A majority live in the U.S.
Raj Samani, VP and CTO of Intel, told SCMagazine.com that this confidence could stem from critical infrastructure attacks not being top of mind, as they might have been three years ago. But for him, the results definitely seem to communicate an overconfidence among IT security professionals.
He especially emphasized this point given that 90 percent of respondents experienced at least one attack on secure systems, and the average came out to nearly 20 attacks per year. In most cases, these virtual attacks resulted in physical damage. Thirty-three percent ended in service disruption, and more than 25 percent allowed data to be compromised.
The Office of Personnel Management (OPM) data breaches thrust the idea of information sharing among private, federal and public groups into mainstream conversation, and Intel's survey indicates that most professionals believe in cooperation with governments.
Seventy-six percent of respondents said cooperation with their own government is important, while 74 percent said it was also important to share with similar organizations. Overall, 86 percent believe cooperation between government agencies and private firms on infrastructure is “critical to successful cyberdefense.”
Given the inter-government work to bring down dark web forums, including Darkode this past week, and arrest various cybercriminals, Samani says this statistic backs up already formed coalitions.
“To an extent, we're kind of further down the information sharing path than we've ever been,” he said. “These positive results are when you know that sharing information and collaborating and working together really does have a positive impact.”
Even with a high degree of confidence in their systems, half of respondents admitted to thinking its “likely or extremely likely” that an attack on critical infrastructure in the next three years will take systems down and cause the loss of human life.
With this in mind, Samani reminds that most frequently, human error represents the biggest misstep in cybersecurity defenses, and for that reason, he suggests moving beyond code to address the human element in cyberattacks.