Critical infrastructure under continual cyber attack, says report

More than half the world's critical infrastructure organisations admit being targeted by cyber attacks, research commissioned by security firm McAfee...

More than half the world's critical infrastructure organisations admit being targeted by cyber attacks, research commissioned by security firm McAfee has revealed.

Some 54% of IT security executives at 600 critical infrastructure providers surveyed said they have been hit by large-scale attacks or infiltrations.

Twenty nine per cent said they are facing multiple attacks every month, according to the survey by the Center for Strategic and International Studies (CSIS).

Attacks by cybercriminals, terrorists and nation states vary from massive distributed denial of service (DDOS) attacks to stealthy efforts to enter networks undetected.

These attacks are also on the rise, according to the CSIS report on critical infrastructure in the age of cyberwar released at the annual World Economic Forum meeting in Davos, Switzerland.

Despite a growing number of laws and regulations, 37% of respondents said the vulnerability of critical infrastructure to cyber attack has increased in the past year.

Only 20% believe the sector is safe from serious cyber attack in the next five years, and 40% expect a major incident within the next year.

The CSIS report highlights that many of the world's critical infrastructures have been designed to be highly reliable and available, but with little attention paid to security.

Traditionally, organisations have relied on physical security and have little or no cyber protection, the report found.

The recent cyber attacks on Google and more than 20 other companies could easily have been targeted at critical infrastructure, said Dave DeWalt, chief executive at McAfee.

The attacks were the most sophisticated threat in years, making it a watershed moment in cybersecurity because of the targeted and co-ordinated nature of the attack, he said.

The CSIS report said the research offers no easy answers for governments and organisations seeking to improve cybersecurity of critical infrastructure.

But the report said authentication of users and encryption of data are two key areas that need to be improved.

Other key challenges, the report said, include modifying government structures to deal with threats and finding useful ways so share information about threats and vulnerabilities to improve defence capabilities.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...