Loading...

America’s core infra providers lack advanced cyber defences: Report

America’s core infra providers lack advanced cyber defences: Report
14 Apr, 2022
Loading...

Majority of the core infrastructure providers in the US, including oil and gas, healthcare and emergency services, are yet to roll out advanced cybersecurity defences, says a new survey report.

A survey report by Trellix and the Center for Strategic and International Studies (CSI) also claimed that critical infrastructure providers also called for the US government to share more threat intelligence. 

Nearly all (95%) of respondents in the oil and gas industry said that there was room for improvement in the cyber threat data shared by their federal partners, the report said. 

Loading...

The report, based on research conducted by Vanson Bourne, surveyed 900 cybersecurity professionals from organizations with 500 or more employees. Nearly three-quarters (75%) of respondents from the oil and gas sector admitted they had not yet fully deployed multifactor authentication, and more than three-quarters (77%) of those non-federal governments in charge of emergency services had not fully rolled out Endpoint Detection and Response (EDR) or Extended Detection and Response XDR solutions. 

“The hostilities in Ukraine have sharpened focus on the cyber readiness of critical infrastructure,” said Bryan Palma, CEO of Trellix. “The risks are known and well-discussed, but often these organizations do not have the cybersecurity talent to implement the necessary defences. We need to scale security skills to prevent understaffed critical infrastructure from falling victim to cyber-attacks.” 

Furthermore, many critical infrastructure providers reported that they had not fully implemented sufficient supply chain risk management policies and processes. Nearly three-quarters (74%) of healthcare providers admitted this had not been fully implemented, as claimed by the report. 

Loading...

The study also revealed the cybersecurity talent gap is slowing the implementation of defensive technologies despite the current threat landscape, availability of private-sector innovations and greater willingness to invest. The lack of in-house cyber skills was blamed by over half of US non-federal agencies running systems supporting local infrastructure and emergency services (51%) and respondents from the oil and gas sector (55%) for why their cyber defences were not fully deployed. 

The report went on to claim that the healthcare sector particularly noted underinvestment as a contributing factor, and two-fifths (38%) favoured federal funding to deliver cybersecurity improvements. 

Trellix designed its survey to gauge the maturity of advanced cybersecurity implementations among US government agencies, state and local governments and private-sector peers responsible for protecting the nation’s critical infrastructure. 

Loading...