Systems security in energy and utilities companies gives cause for concern
Security ratings specialist BitSight Technologies has released a new report highlighting the differences in security performance across industries from August 2014 to August 2015.
Having analyzed security ratings of nearly 10,000 organizations across six sectors -- finance, federal government, retail, energy and utilities, healthcare and education. It reveals worrying performance trends in the critical energy and utilities sector, however, the federal government (despite recent headlines) is revealed as high performing and second only to finance.
BitSight Security Ratings range from 250 to 900, with higher ratings equating to better security performance. Industry ratings are calculated using a simple average of the BitSight Security Ratings of companies in that sector.
Over the past year, BitSight researchers noted a dip in the performance of energy and utility companies, with the average rating in this sector being 652. This is higher than the healthcare sector, which averages a 634 rating, but below the retail sector which averages 684 and has been grabbing the data breach headlines.
Analysis of federal government organizations shows that many are performing well when it comes to overall security performance. The average rating for the federal government sector was 688, while the average rating for finance, the top performing industry, was 716.
"There is no question that energy and utility systems are vulnerable and will be attacked. Organizations will never be able to protect against everything, but they need to continuously monitor their security posture in order to identify and mitigate issues before too much damage is done," says Stephen Boyer, co-founder and CTO of BitSight. "Benchmarking can also serve as a key indicator of security performance, allowing an organization to better understand their own posture, as well as that of the third parties with which they share their data. Given recent headlines that illustrate this security gap, we must look beyond our own companies and focus attention on those that access our information".
Other findings are that whilst most organizations have updated their servers to guard against Heartbleed, many haven't acted when it comes to POODLE and FREAK. The vulnerability rates for FREAK range from 30 percent in finance to 75 percent in education, meaning that at best, one in three finance organizations is vulnerable to FREAK. 79 percent of federal government entities analyzed were vulnerable to POODLE as were 90 percent of higher education institutions.
Finance has consistently been the top performing industry in BitSight's industry benchmark reports. In this report, the average rating was 716, in line with the 712 rating a year earlier. At the other end of the scale, education has consistently been the lowest performing industry, with an average rating of 554.
You can find out more in the full report which is available to download from BitSight's webpage.
Image Credit: Meryll / Shutterstock