FOI requests of UK critical infrastructure providers have revealed that two-fifths have not completed basic cyber security steps recommended by the government. David Emm, Principal Aecurity Researcher at Kaspersky Lab commented below.
David Emm, Principal Aecurity Researcher at Kaspersky Lab:
“The world isn’t ready for cyber threats against critical infrastructure – but criminals are clearly ready and able to launch attacks on these facilities. We’ve seen attempts on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals – and these are cases where organisations have spotted attacks and acknowledged them. However, many more companies do neither, and the lack of reporting these incidents hampers risk assessment and response to the threat.
“Security must be tailored to the specific needs of each organisation and be seen as an ongoing process. This is true also of the human dimension – tricking people into taking action that launches the initial exploit is as common in attacks on such facilities as it is in any other context.”