Utility and other critical infrastructure firms are wide open to an online attack, according to industry insiders and other experts interviewed by gateway security firm Secure Computing.
Respondents to the study were asked to indicate the state of readiness against IT threats in eight different industries. Over 50 per cent said that utilities, oil and gas, transportation, telecommunications, chemical, emergency services and postal/shipping industries were not prepared. The energy sector emerged as the most vulnerable target.
Only the financial services sector was considered to be adequately ready to defend against attack, according to the Securing Critical Infrastructure report.
Secure Computing advised critical infrastructure operators to perform ongoing vulnerability assessments, carefully monitor network automation and control systems, and share more information with each other about threats and attacks.
"An attack on any one of these industries could cause widespread economic disruption, major environmental disaster, loss of property and even loss of life," said Elan Winkler, director of critical infrastructure solutions at Secure Computing.
"This study revealed that many critical infrastructure organisations are simply not ready for the cyber-attacks which are coming soon."
In related news, web security-as-a-service firm ScanSafe released new research today highlighting the top five industries at risk from web-borne malware.
The company's Vertical Risk Report (PDF) also identified energy and oil as the most likely sector to be hit, followed by pharmaceutical and chemicals, and engineering and construction.
"We were concerned to find that the industries consistently encountering the highest rate of web-delivered malware are not typical industries, but rather industries that can have a critical bearing on infrastructure and intellectual property rights," said ScanSafe senior security researcher Mary Landesman.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away