Enterprise Strategy Group | Getting to the bigger truth.TM

Are Critical Infrastructure Organizations Unaware of Security Incidents?

According to the recently published ESG Research Report, “Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure,” 68% of the critical infrastructure organizations surveyed had suffered at least one security breach over the past 24 months.

As if this wasn’t bad enough, the data reveals another alarming trend — organizations with the strongest levels of security are also the ones reporting the highest number of security incidents. Based upon survey responses about cyber supply chain security, ESG created a segmentation model with three groups: 1) Strong cyber supply chain security, 2) Marginal cyber supply chain security, and 3) Weak cyber supply chain security. As expected, organizations with strong cyber supply chain security had superior overall security as well.

Here is how the data breaks out when analyzed against the ESG cyber supply chain security taxonomy:

  • 79% of “strong cyber supply chain security” organizations suffered at least 1 security breach in the last 24 months
  • 73% of “marginal cyber supply chain security” organizations suffered at least 1 security breach in the last 24 months
  • 53% of “weak cyber supply chain security” organizations suffered at least 1 security breach in the last 24 months

It could certainly be the case that the most secure organizations are the one under attack most often but there is another possible — and more frightening thesis — organizations with weak security may be unaware that they are under attack. After all, if you have weak processes, tools, controls, and security skills, it might be difficult to spot some of the more sophisticated malicious code or insider attacks.

If this is true, weak security at critical infrastructure organizations threatens national security and thus must be addressed.

Related posts:

  1. New ESG Research Report Points To Security Vulnerabilities In the US Critical Infrastructure
  2. Critical Infrastructure Organizations Want Cyber Security Help From the Government
  3. WikiLeaks, Critical Infrastructure, and Cyber Security
  4. Interesting Data about Data Breaches
  5. Corporate Executives Remain Lukewarm on Cyber Security

Tags: , Critical Infrastructure, , , , malcode, malicious code, security attack

All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.

Add a comment

Search
© 2010 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site