U.S. energy sector sees dramatic rise in successful cyberattacks: study

Tripwire, Inc., a Portland, Oregon-based provider of endpoint detection and response, security, compliance and IT operations solutions for enterprises, service providers and government agencies, has found that more than three-quarters of survey respondents in the energy sector in the United States reported an increase in successful cyberattacks over the past year.

Tripwire released the results of the study, conducted by Dimensional Research, on Thursday. The Tripwire 2016 Energy Survey: Attacks on the Rise assessed cybersecurity challenges faced by organizations in the energy sector. Study respondents included more than 150 IT professionals in the energy, utilities and oil and gas industries, Tripwire said in a press release. [click image below to enlarge]

When asked if their organization had experienced a rise in successful cyberattacks in the last 12 months, 77% of study respondents replied yes. In addition, more than two-thirds of the respondents (68%) said the rate of successful cyberattacks had increased by over 20% in the last month.

“It’s tempting to believe that this increase in attacks is horizontal across industries, but the data shows that energy organizations are experiencing a disproportionately large increase when compared to other industries,” said Tim Erlin, director of IT security and risk strategy for Tripwire, in the release. “At the same time, energy organizations face unique challenges in protecting industrial control systems and SCADA (supervisory control and data acquisition) assets.”

Additional findings from the study include:

• Energy executives were more than twice as likely to believe their organization detected every cyberattack (43%) than non-executives (17%);
• In the last 12 months, 78% of respondents said they experienced a cyberattack from an external source, and 30% have seen an attack from an inside employee;
• 44% of the respondents indicated they have not gathered enough information to identify the sources of cyberattacks on their organizations; and
• Nearly one-fourth (22%) of the respondents admitted their organizations do not have business processes to identify sensitive and confidential information.

“Energy organizations need to invest in greater prevention and forensic tools to decrease the rate of successful attacks and fully investigate those they can’t prevent,” Erlin suggested in the release.