According to a new study from Q1 Labs, more than 75 percent of global energy companies have been the victim of at least one data breach in the past 12 months, reports V3.co.uk. Moreover, two-thirds lack state-of-the-art supervisory control and data acquisition (SCADA) security and are potentially exposing themselves to a Stuxnet-like attack.
The report found that there seems to be a disconnect between the attitudes of C-level executives and those involved in day-to-day IT security. Almost three-quarters of IT security executives said IT security is not understood or appreciated by their executive management team. Says Larry Ponemon, founder of the Ponemon Institute, which carried out the study:
These results show that energy and utilities organizations are struggling to identify the relevant issues that are plaguing their company from a security perspective. They have to bridge the gap between operations and IT, and make IT security a top priority within the organization.
The study indicates that malicious insiders were the number one cause of data breaches. More shocking, however, is that 67 percent of respondents indicated that they are not using “state-of-the-art” technologies to cut risks to SCADA networks. SCADA system security risks have become a hot topic since the discovery of the Stuxnet worm, which was thought to have targeted specific nuclear plants in Iran.