More than half of the companies worldwide that support critical services such as banks and energy believed they were victims of cyberattacks inspired by political motives, according to a survey a major security software vendor released on Wednesday.
Symantec reported 53 percent of the 1,580 companies it surveyed, including those in the energy, finance, communications, information technology, health care and emergency services sectors, said they suspected, or were fairly confident, they had been the target of a cyberattack motivated by a political goal.
Companies that said they were likely attacked reported being hit 10 times on average in the past five years, and estimated as many as 61 percent of the attacks were somewhat to extremely effective.
Forty-eight percent believed, or were fairly sure, they will be attacked in the future, and 80 percent believed the frequency of attacks is either staying constant or increasing.
An unnamed IT director of a midsize energy company quoted in the survey said management had to take "some dramatic actions" to cut off people attempting to break in and retrieve documentation saved on the network, including industry data shared between oil companies in its digital library.
Respondents also were asked to rate their level of preparedness against common attacks, including attempts to steal electronic information, alter or destroy electronic information, shut down or degrade computer networks, or manipulate physical equipment. While nearly half believed they will experience such attacks in the future, 31 percent felt less than somewhat prepared to defend their systems.
"Major holes exist in our electric Web across the United States, and it wouldn't take much for hackers to get in and shut it down," Symantec quoted an unnamed IT director for a medium-size finance company as saying.
Survey respondents generally supported government involvement to protect critical infrastructure, choosing words to describe their countries' critical infrastructure plans as "accepting," "appreciative" and "enthusiastic." Nearly all reported being engaged with their countries' critical infrastructure protection programs to at least some degree. Two-thirds said they were somewhat to completely willing to cooperate with their government on security efforts.
"Security alone is not enough for critical infrastructure providers of all sizes to withstand today's cyberattacks," Justin Somaini, chief information security officer at Symantec, said in a statement. He pointed to the Stuxnet worm, a highly sophisticated virus that takes control of industrial facilities' networks.
"[These] are the advanced kind of threats that require security, storage and backup solutions, along with authentication and access control processes to [ensure] true network resiliency," he said.