Business should think twice about the security of its critical infrastructure in face of the current thread landscape, according to a recent Symantec survey.
While the results of Symantec’s Critical Infrastructure Survey highlight some of the challenges in the space in the last 12 months and the importance of critical infrastructure protection, Symantec Pacific region vice-president and managing director, Craig Scroggie, said he was concerned about attacks on critical infrastructure that are starting to feature heavily in the threat landscape.
“These are things that are not going away but instead are becoming more prevalent. The role that critical infrastructure has to play in Australia is becoming even more important now when we think about the NBN and eHealth, so protecting our critical infrastructure is going to be paramount in the future,” he said.
Despite wide reports about the Stuxnet worm last year and, more recently, the Nitro trojan attack, Symantec’s survey found that awareness about critical infrastructure programs has dropped year on year, with the current level of awareness at 36 per cent.
Scroggie sees the lower awareness and engagement in government programs as a worrying trend, especially at a time when the threats to critical infrastructure are escalating.
“When you see the attacks on law enforcement agencies and the rise of hactivism, it’s going to be very, very important for organisations to pay attention to the critical infrastructure programs themselves, and the question is whether organisations are more and less prepared,” he explained.
“Unsurprisingly, what we found was as the organisation’s assessment of risk goes down, so does their readiness to respond.”
Another finding that concerns Scroggie is when organisations are "less prepared they’re less sensitive to the risk", and as a result they’re “less prepared to respond to those threats”.
Companies such as Symantec have seen several businesses in Australia impacted by cybercrime in the last 12 months, such as a local Web hosting company taken down by an attack.
“Literally, in the space of 30 minutes, they went from being a company to being completely destroyed,” Scroggie said.
“Whilst we have seen these attacks happen, what would happen if that attack had been on mission critical infrastructure?”
As a result, Symantec hopes that the survey will prompt business to re-evaluate the requirements around the organisation’s capacity or ability to continue to trade or recover from a critical incident.
Symantec recently unveiled a Managed Service Provider (MSP) strategy that makes it easier and more cost effective for its partners to deliver its backup and security solutions as managed services.