recommended reading

More than half of major corporations report politically motivated cyberattacks

More than half of the companies worldwide that support critical services such as banks and energy believed they were victims of cyberattacks inspired by political motives, according to a survey a major security software vendor released on Wednesday.

Symantec reported 53 percent of the 1,580 companies it surveyed, including those in the energy, finance, communications, information technology, health care and emergency services sectors, said they suspected, or were fairly confident, they had been the target of a cyberattack motivated by a political goal.

Companies that said they were likely attacked reported being hit 10 times on average in the past five years, and estimated as many as 61 percent of the attacks were somewhat to extremely effective.

Forty-eight percent believed, or were fairly sure, they will be attacked in the future, and 80 percent believed the frequency of attacks is either staying constant or increasing.

An unnamed IT director of a midsize energy company quoted in the survey said management had to take "some dramatic actions" to cut off people attempting to break in and retrieve documentation saved on the network, including industry data shared between oil companies in its digital library.

Respondents also were asked to rate their level of preparedness against common attacks, including attempts to steal electronic information, alter or destroy electronic information, shut down or degrade computer networks, or manipulate physical equipment. While nearly half believed they will experience such attacks in the future, 31 percent felt less than somewhat prepared to defend their systems.

"Major holes exist in our electric Web across the United States, and it wouldn't take much for hackers to get in and shut it down," Symantec quoted an unnamed IT director for a medium-size finance company as saying.

Survey respondents generally supported government involvement to protect critical infrastructure, choosing words to describe their countries' critical infrastructure plans as "accepting," "appreciative" and "enthusiastic." Nearly all reported being engaged with their countries' critical infrastructure protection programs to at least some degree. Two-thirds said they were somewhat to completely willing to cooperate with their government on security efforts.

"Security alone is not enough for critical infrastructure providers of all sizes to withstand today's cyberattacks," Justin Somaini, chief information security officer at Symantec, said in a statement. He pointed to the Stuxnet worm, a highly sophisticated virus that takes control of industrial facilities' networks.

"[These] are the advanced kind of threats that require security, storage and backup solutions, along with authentication and access control processes to [ensure] true network resiliency," he said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.