India is 4th lowest in security adoption: McAfee study
By siliconindia   |   Friday, 22 April 2011, 00:44 IST   |    2 Comments
Printer Print Email Email
Mumbai: McAfee and the Center for Strategic and International Studies (CSIS) revealed the findings from a global report "In the Dark, Crucial Industries Confront Cyberattacks" that reflects the cost and impact of cyber attacks on critical infrastructures. Critical infrastructure refers to computer systems of vital economic assets such as power grids, railways, nuclear energy plants that make strong targets for criminal threats, industrial espionage and politically motivated sabotage. The survey comprised 200 IT security executives from global critical electricity infrastructure enterprises in 14 countries, including India and the findings suggest that the rate of security adoption in enterprises is not commensurate with the rapid growth of threats. Michael Sentonas, VP, Chief Technology Officer, Asia Pacific, McAfee said, "Threats to assets in a wide range of core sectors continue to emerge and evolve in complexity with far- reaching ramifications on a nation's critical infrastructures. Today's rapidly proliferating threats require enterprises to adopt a comprehensive risk-based approach with stronger network controls." Industry executives made modest progress over the past year in securing their networks, as the energy sector increased its adoption of security technologies by only a single percentage point (51 percent), and oil and gas industries increased only by three percentage points (48 percent). The report is a follow up to a report released in 2010 called "In the Crossfire: Critical Infrastructure in the Age of Cyberwar," that found that many of the world's critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattacks on these networks. Some key findings from the report include: Weak Security adoption: India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries. Currently, only 60% Indian respondents claimed to deploy a threat monitoring service and use software update and patch management service; 40% revealed having policies prohibiting USB stick usage and policy enforcement on unauthorized software. None of the Indian respondents claimed to adopt any security measures for smart grid controls. Cyber attacks still prevalent: 80 percent of global respondents confessed to have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks. High frequency of extortion attempts: One in four global survey respondents have been victims of extortion through cyber attacks or threatened cyber attacks. The number of companies subject to extortion increased by 25 percent in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure. In terms of India, 60 percent of the respondents have been victims of extortion or cyber attack in the past two years. To meet the challenges of the changing environment, McAfee advises these companies to adopt true critical infrastructure protection policies focused on: - Improved authentication measures, moving away from passwords to a higher reliance on tokens and biometric identifiers - Better hygiene of network systems to include increased use of encryption technologies and the monitoring of network use activities for role and activity anomaly detection - Increased oversight of access to industrial control systems, including how they access the Internet, through the oversight and active management of Internet connections, mobile devices, and removable media - Effective partnerships with governments. The nature of these partnerships will vary from country to country and range from encouragement to mandatory action, but the nature of the new threats industry faces requires government involvement

siliconindia