Saturday, 30 May 2020

Research reveals that only 36 percent of critical infrastructure providers have achieved a high level of cyber resilience

posted by Greenbone Networks
Wednesday 20 May 20

Greenbone Networks, a leading provider of vulnerability management, today revealed the findings of new research assessing critical infrastructure providers’ ability to operate during or in the wake of a cyberattack. The research, which was undertaken on Greenbone’s behalf by Frost & Sullivan, investigated the cyber resilience of organisations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies: UK, US, Germany, France and Japan. Of the 370 companies surveyed, only 36 percent had achieved a high level of cyber resilience…

Greenbone Networks, a leading provider of vulnerability management, today revealed the findings of new research assessing critical infrastructure providers’ ability to operate during or in the wake of a cyberattack. The research, which was undertaken on Greenbone’s behalf by Frost & Sullivan, investigated the cyber resilience of organisations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies: UK, US, Germany, France and Japan. Of the 370 companies surveyed, only 36 percent had achieved a high level of cyber resilience.

To benchmark the cyber resilience of these critical infrastructure providers, the researchers assessed a number of criteria. These included their ability to manage a major cyberattack, their ability to mitigate the impact of an attack, whether they had the necessary skills to recover after an incident, as well as their best practices, policies and corporate culture.

Infrastructure providers in the US were the most likely to score highly, with 50 percent of companies considered highly resilient. In Europe, the figure was lower at 36 percent. In Japan, is was just 22 percent.

There were also marked differences between industry sectors, with highly-regulated organisations, such as finance and telecoms, most likely to be cyber resilient (both at 46 percent). Transport providers were the least likely to be considered highly resilient (22 percent), while energy providers (32 percent), health providers (34 percent) and water utilities (36 percent) were all close to the average.

Characteristics of a highly-resilient infrastructure provider

Those critical infrastructure providers which were benchmarked as highly resilient shared some key characteristics:

• They are able to identify critical business processes, related assets and their vulnerabilities: Highly-resilient organisations thoroughly analyse their critical business processes and know which digital assets underpin these processes. They continuously check for vulnerabilities, taking appropriate measures to mitigate or close them.

• They deploy cybersecurity architectures that are tailored to their business processes: This focus places them in a strong position to mitigate damage caused by an attack.

• They have well-established and well-communicated best practices: The highest performing organisations have well-defined policies and best practices. For example, in 95 percent of highly-resilient organisations, the person responsible for managing a digital asset is also responsible for securing it. This level of expertise and responsibility allows organisations to close gaps and repair damage quickly.

• They are more likely to seek third-party support: These companies are more likely to engage with specialist providers, not only to manage security technologies, but also to obtain advice. For example, they might employ consultants to help develop a security strategy for the company, select suitable technology, implement managed security services, establish metrics for success or calculate the business case for a security project.

• They place greater importance on the ability to respond to cyber incidents and mitigate the impact on critical business processes: The ability to prevent cyber incidents is of secondary importance to highly-resilient organisations as they recognise attacks are inevitable. They are more likely to focus on procedures that lessen the impact of an attack or accelerate their ability to bounce back after an incident.

• They prepare for attacks through simulation: They simulate various what-if scenarios in training sessions and also involve stakeholders outside the IT department. They also apply the same cybersecurity rules to all digital assets.

“Cyberattacks are inevitable so being able to firstly withstand them and then recover from them is vital. Nowhere is this more important than in the critical infrastructure industries where any loss or reduction in service could be devastating both socially and economically, so it’s a concern than only just over a third of providers are what we consider to be highly-resilient,” said Dirk Schrader, cyber resilience architect at Greenbone Networks. “Being cyber resilient involves much more than having enough IT security budget or deploying the right technologies. We hope that – by highlight the key characteristics of highly-resilient organisations – this research will provide a blueprint for others.”

The report is available to download here: https://www.greenbone.net/en/businessrisk/


View more of the latest press releases from across the industry or post your company's news.

Since you're here...

...the Telecoms industry is characterised by constant change and evolution. That's why it's crucial for telecoms professionals to keep up-to-date with what is happening. Join 35,000+ of your peers and sign up to our free newsletter service today, to be in the know about what is going on. PLUS, as a member you can submit your own press releases!

See all membership options

Please enable JavaScript to view the comments powered by Disqus.

Newsletter signup

Quickly get on board and up to date with the telecoms industry