According to the recently published ESG Research Report, “Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure,” 68% of the critical infrastructure organizations surveyed had suffered at least one security breach over the past 24 months.
As if this wasn’t bad enough, the data reveals another alarming trend — organizations with the strongest levels of security are also the ones reporting the highest number of security incidents. Based upon survey responses about cyber supply chain security, ESG created a segmentation model with three groups: 1) Strong cyber supply chain security, 2) Marginal cyber supply chain security, and 3) Weak cyber supply chain security. As expected, organizations with strong cyber supply chain security had superior overall security as well.
Here is how the data breaks out when analyzed against the ESG cyber supply chain security taxonomy:
It could certainly be the case that the most secure organizations are the one under attack most often but there is another possible — and more frightening thesis — organizations with weak security may be unaware that they are under attack. After all, if you have weak processes, tools, controls, and security skills, it might be difficult to spot some of the more sophisticated malicious code or insider attacks.
If this is true, weak security at critical infrastructure organizations threatens national security and thus must be addressed.
Related posts:
Tags: CIP, Critical Infrastructure, cyber security, cyber supply chain security, DHS, malcode, malicious code, security attack
Name (required)
Mail (will not be published) (required)
Website
Your email: