ScanSafe issues critical infrastructure warning

Cyber criminals are targeting critical operations such as energy supply

Critical infrastructure organisations are more than twice as likely to suffer from cyber attacks than other organisations, according to the latest annual threat report from security-as-a-service vendor ScanSafe released today.

The report was compiled from an analysis of more than a trillion web requests processed by the firm last year, and found that organisations in energy and oil, pharmaceutical and chemical, government, and banking and finance are most at risk from data theft Trojans.

"There is a misconception that cyber criminals are only intent on stealing data intended for credit card fraud and identity theft. In reality, cyber criminals are casting a much wider net," said Mary Landesman, senior security researcher at ScanSafe.

"Consumer credit card details are child's play compared to the value of infrastructure and intellectual data from these sensitive verticals. The message is clear: cyber war is already here. The web is the battlefield and the enterprise is on the frontline."

There is increasing anxiety in the security industry about the potential for attacks to severely disrupt critical infrastructures.

Security giant McAfee recently surveyed over 600 professionals responsible for critical infrastructure protection, and found that a third had actually suffered large-scale distributed denial-of-service attacks several times a month, most of which had an impact on operations.

The ScanSafe report also revealed that web-based malware doubled over the past 12 months, from an average of eight web malware encounters per organisation per day to 19.

Twenty-three per cent of those encounters were with zero-day malware, and 19 per cent were direct encounters with data theft Trojans, according to ScanSafe.

"Our defences must extend beyond the confines of bricks and mortar and into the cloud to ensure end-to-end protection of our most sensitive assets and people, regardless of operating system, device or location," said Landesman.