Half of critical infrastructure providers in 15 countries, including the UK, have been targeted by politically...
motivated attacks on their networks, a report reveals.
Over 1,500 companies said they had experienced such an attack on an average of 10 times in the past five years, according to the Symantec 2010 Critical Infrastructure Protection Study.
The average cost to the private businesses in critical infrastructure industries of each attack was pegged at $850,000.
Critical infrastructure providers were defined as industries that are of such importance either to a nation's economy or society that if their networks were successfully attacked and damaged, the result would threaten national security.
By sector, survey participants from the energy industry reported that they were best prepared for such an attack, while participants from the communications industry were the least prepared.
By company size, small companies reported being the least prepared.
Only a third said they were extremely prepared against all types of attacks and 31% percent felt less than somewhat prepared.
Respondents cited security training, awareness and comprehension of threats by executive management, endpoint security measures, security response and security audits as the safeguards that needed the most improvement.
"Critical infrastructure protection is not just a government issue," said Justin Somaini, chief information security officer at Symantec.
In countries where the majority of a nation's critical infrastructure is owned by private corporations, he said, there is significant presence of small and medium-sized businesses in addition to large enterprises.
"Security alone is not enough for critical infrastructure providers of all sizes to withstand today's cyber attacks," said Somaini.
The Stuxnet worm targeting energy companies around the world represents the advanced kind of threats that require specialised storage, back-up, authentication and access control systems, he said.