Your SlideShare is downloading. ×
SYMANTEC2010CRITICALINFRASTRUCTUREPROTECTIONSTUDY
Symantec 2010
Critical Infrastructure
Protection Study
Global Results
Oc...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
2
CONTENTS
Executive Summary...................
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
3
EXECUTIVE SUMMARY
Cyberattacks have been a...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
4
METHODOLOGY
Applied Research performed a t...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
5
FINDING 1:
The threat of attack is real
Th...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
6
FINDING 2:
Industry is a willing partner w...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
7
FINDING 3:
There is room for readiness imp...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
8
RECOMMENDATIONS
To Ensure Resiliency Again...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
9
For Government to Promote Critical
Infrast...
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
10
APPENDIX
All questions included.
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
11
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
12
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
13
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
14
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
15
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
16
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
17
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
18
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
19
Symantec 2010 Critical Infrastructure Protection Study - Global: October
2010
20
Upcoming SlideShare
Loading in...5
×

Symantec 2010 cip_study_global_data

572

Published on

Published in: News & Politics, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
572
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Symantec 2010 cip_study_global_data"

  1. 1. SYMANTEC2010CRITICALINFRASTRUCTUREPROTECTIONSTUDY Symantec 2010 Critical Infrastructure Protection Study Global Results October 2010
  2. 2. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 2 CONTENTS Executive Summary......................................................................3 Methodology .................................................................................4 Finding 1: The threat of attack is real............................................5 Finding 2: Industry is a willing partner with Government...............6 Finding 3: There is room for readiness improvement....................7 Key Recommendations.................................................................8 Appendix.....................................................................................10
  3. 3. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 3 EXECUTIVE SUMMARY Cyberattacks have been a fact of life for companies for decades. But there exists a special class of attack: Cyberattacks that are initiated by terrorists or foreign governments with specific political goals in mind. For example, the Stuxnet worm that targeted energy companies around the world represents a recent example of a threat designed to spy on and reprogram industrial control systems. Many countries are pursuing Critical Infrastructure Protection (CIP) initiatives aimed at working with industry to address these threats.
  4. 4. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 4 METHODOLOGY Applied Research performed a telephone survey in August 2010. The survey included 1,580 private businesses that are in industries that are considered critical infrastructure providers. The respondents are from 15 countries worldwide, with companies ranged from 10 employees to more than 10,000. The median company had between 1,000 and 2,499 employees. Confidence level is 95 percent +/- 2.5 percent. We focused on six key critical infrastructure segments:  Energy  Banking & Finance  Communications  IT  Healthcare  Emergency services
  5. 5. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 5 FINDING 1: The threat of attack is real The threat of attacks with a specific political goal in mind is real. Companies are being targeted by specific political attacks, and the attacks are becoming increasingly frequent and costly. The Stuxnet worm that targeted energy companies around the world is a recent example of a threat designed to spy on and reprogram industrial control systems. Symantec found that half (53 percent) of all firms said they suspected or were pretty sure they had experienced an attack waged with a specific political goal in mind. In fact, of those hit, the typical company reported being hit 10 times in the past five years. Banking and finance were most likely to report they had been attacked and expect to be hit by politically- minded attacks in the future, while IT was the least likely. One IT director of a mid-sized energy company remarked, “We’ve had people attempt to break in and retrieve documentation, especially the shared material between the oil companies in our library. We had to take some dramatic actions to be able to cut them off.” Forty-eight percent suspect or are pretty sure they will be attacked in the future, and 80 percent believe the frequency of such attacks is either staying constant or increasing. Furthermore, the attacks are serious, with respondents estimating that three in five (59 to 61 percent) attacks were somewhat to extremely effective. In North America, 74 to 77 percent of the companies surveyed reported that attacks were effective. The attacks were also reported more effective in small businesses versus large enterprises. The average cost of these attacks was $850,000 in total.
  6. 6. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 6 FINDING 2: Industry is a willing partner with Government Industries are more than willing to cooperate with their government in Critical Infrastructure Protection (CIP). Companies are both aware of and engaged in government CIP programs, and their attitudes about the programs are markedly positive. Nearly all (90 percent) have engaged with their country’s CIP programs to at least some degree, with 56 percent being significantly or completely engaged. The energy sector has the highest significantly/completely engaged levels at 83 percent, while IT showed the lowest at 49 percent. The respondents are upbeat about CIP programs as well. Two-thirds (65 percent) say their attitude is somewhat to significantly positive. Companies in Latin America responded with the highest somewhat-to- significantly positive attitude (76 percent). Given a list of terms, respondents most frequently choose “accepting,” “appreciative” and “enthusiastic” to describe their reactions to their country’s CIP plans. An IT manager in a mid-sized energy company noted, “I think it’s great for government to give the private sector a hand in handling these types of attacks.” Finally, two-thirds (66 percent) say they are somewhat to completely willing to cooperate with their government on CIP.
  7. 7. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 7 FINDING 3: There is room for readiness improvement Though companies are willing to work with government in CIP programs, there is still room for improvement in readiness. As we saw in Finding One, respondents are suffering frequent and effective attacks and are incurring real costs. We asked the companies to rate their level of preparedness against the following common attack vectors: - Attempt to steal electronic information - Attempt to alter or destroy electronic information on networks - Attempt to shut down or degrade computer networks - Attempt to manipulate physical equipment through control network Only one-third (28 to 33 percent) felt “extremely prepared” against the attacks. Thirty-six to 41 percent said they felt “somewhat prepared,” while 31 percent (across all types of attack) felt less than somewhat prepared. An IT director for a medium-sized banking and finance company stated, “Major holes exist in our electric Web across the United States, and it wouldn't take much for hackers to get in and shut it down.” When it came to specific safeguards, the top five safeguards that respondents felt had less than a high state of readiness were the following: - Security training - Awareness and appreciation of threat by executive management - Endpoint security measures - Security response - Completed security audit
  8. 8. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 8 RECOMMENDATIONS To Ensure Resiliency Against Critical Infrastructure Cyberattacks:  Develop and enforce IT policies and automate compliance processes. By prioritizing risks and defining policies that span across all locations, organizations can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.  Protect information proactively by taking an information-centric approach. Taking a content-aware approach to protecting information is key in knowing who owns the information, where sensitive information resides, who has access, and how to protect it as it is coming in or leaving your organization. Utilize encryption to secure sensitive information and prohibit access by unauthorized individuals.  Authenticate identities by leveraging solutions that allow businesses to ensure only authorized personnel have access to systems. Authentication also enables organizations to protect public facing assets by ensuring the true identity of a device, system, or application is authentic. This prevents individuals from accidentally disclosing credentials to an attack site and from attaching unauthorized devices to the infrastructure.  Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.  Protect the infrastructure by securing endpoints, messaging and Web environments. In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities. Organizations also need the visibility and security intelligence to respond to threats rapidly.  Ensure 24x7 availability. Organizations should implement testing methods that are non-disruptive and they can reduce complexity by automating failover. Virtual environments should be treated the same as a physical environment, showing the need for organizations to adopt more cross-platform and cross- environment tools, or standardize on fewer platforms.  Develop an information management strategy that includes an information retention plan and policies. Organizations need to stop using backup for archiving and legal holds, implement deduplication everywhere to free resources, use a full-featured archive system and deploy data loss prevention technologies.
  9. 9. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 9 For Government to Promote Critical Infrastructure Protection:  Governments should continue to make resources available to establish critical infrastructure programs. o The majority of critical infrastructure providers confirm that they are aware of critical infrastructure programs. o Furthermore, a majority of critical infrastructure providers support efforts by the government to develop protection programs.  Governments should partner with industry associations to develop and disseminate information to raise awareness of CIP organizations and plans. Specific information should include how a response would work in the face of a national cyberattack, what the roles of government and industry would be, who the specific contacts are for various industries at a regional and national level, and how government and private business would share information in the event of an emergency.  Governments should emphasize that security alone is not enough to stay resilient in the face of today’s cyberattacks. In addition, critical infrastructure providers and enterprises in general should also ensure that their information is stored, backed up, organized, prioritized, and that proper identity and access control processes are in place.
  10. 10. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 10 APPENDIX All questions included.
  11. 11. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 11
  12. 12. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 12
  13. 13. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 13
  14. 14. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 14
  15. 15. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 15
  16. 16. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 16
  17. 17. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 17
  18. 18. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 18
  19. 19. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 19
  20. 20. Symantec 2010 Critical Infrastructure Protection Study - Global: October 2010 20

×