Cybersecurity firm Trellix releases report on critical infrastructure providers' readiness for attacks
Cyberattacks are something every organization fears. Perhaps those who should be most concerned, and which should scare us most, are the ones that control vital infrastructure -- nuclear power plants (recall Stuxnet in Iran?), banks, telephone carriers, healthcare and power grids.
Today, security firm Trellix releases its latest report on the current state of affairs in the industry and, as expected, the news isn’t all rainbows and unicorns.
The results of the in-depth check the company did on the United States are less than confidence-building. Seventy-five percent of those in the gas and oil, and healthcare industries, as well as local and state government, have not yet implemented cybersecurity best practices. That’s a sobering thought.
The report goes on to state, "In addition, many critical infrastructure providers reported that they had not fully implemented sufficient supply chain risk management policies and processes, which is a particular concern following the SolarWinds and Microsoft Hafnium breaches in 2020 and 2021. Nearly three-quarters (74 percent) of healthcare providers admitted this had not been fully implemented."
This is despite the recent war in Ukraine which could result in Russian cyber-attacks on the US because of American support for the besieged nation.
Perhaps the scariest part of the report involves US healthcare, which is holding out for government funding of its ungraded security. The number was only 38 percent, but that’s still a large amount of services seeking a hand-out.
A whopping 75 percent cited a President Joe Biden executive order as an incentive as justification for improving their lax implementation of security.
Are they too late? Only time will tell. But movement in the right direction, regardless of the kick in the ass it took, is a good thing. Are you worried about potential attacks that could occur in the future? Let us know in the comments.