via Gov Info Security
Recognizing the reality of cyberthreats doesn’t mean that organizations take the proper actions to prevent them.
That’s a takeaway of a new survey of IT security executives in energy sector conducted by the Center for Strategic and International Studies (the public policy think thank that sponsored the Commission on Cybersecurity for the 44th Presidency) for security vendor McAfee.
The authors of the report – In the Dark: Crucial Industries Confront Cyberattacks – make that point with a quote from former CIA Director Jim Woolsey: “Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check.”
Though the report focuses on energy, the lessons from the study are applicable to all sectors, be it government, banking, healthcare or some other industry. And that lesson is the strategic importance of IT security. A generation ago, government and business leaders began to accept the strategic importance of information technology to their enterprises, as evidenced by the growing number of chief information officers who began to report to either to the chief executive officer or chief operating officer. Today, IT security is approaching that similarlevel of importance.
Not doubt, more non-IT leaders understand the cyberthreats in the abstract, but as this survey suggests, they don’t feel the threat in their gut.
“Perhaps one of the most frightening findings in the report is the fact that, although the security threat and awareness of the threat have increased exponentially, the energy sector increased its adoption of security technologies by only 1 percent,” Phyllis Schneck, McAfee chief technology officer/public sector, writes in her blog. She says these energy companies don’t have the incentives to invest in cybersecurity in economically hard times when little tangible evidence exists that IT threats have caused them harm.