In If a global report by McAfee is anything to go by, then IT managers in our country need to quickly pull up their 'security socks'. The report reveals that India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan.
The survey comprised 200 IT security executives from global critical electricity infrastructure enterprises in 14 countries, including India and the findings suggest that the rate of security adoption in enterprises is not commensurate with the rapid growth of threats.
China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries. Currently, only 60% Indian respondents claimed to deploy a threat monitoring service and use software update and patch management service; 40% revealed having policies prohibiting USB stick usage and policy enforcement on unauthorized software. None of the Indian respondents claimed to adopt any security measures for smart grid controls.
According to the report, cyber attacks are still prevalent. 80% of global respondents confessed to have faced a large-scale Denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks.
One in four global survey respondents have been victims of extortion through cyber attacks or threatened cyber attacks. The number of companies subject to extortion increased by 25% in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure. In terms of India, 60% of the respondents have been victims of extortion or cyber attacks in the past two years.
As per Michael Sentonas, VP, Chief Technology Officer, Asia Pacific, McAfee, Threats to assets in a wide range of core sectors continue to emerge and evolve in complexity with far- reaching ramifications on a nations critical infrastructures. Todays rapidly proliferating threats require enterprises to adopt a comprehensive risk-based approach with stronger network controls.
To meet the challenges of the changing environment, McAfee advises companies to adopt true critical infrastructure protection policies focused on:
Improved authentication measures, moving away from passwords to a higher reliance on tokens and biometric identifiers.
Better hygiene of network systems to include increased use of encryption technologies and the monitoring of network use activities for role and activity anomaly detection
Increased oversight of access to industrial control systems, including how they access the internet, through the oversight and active management of internet connections, mobile devices, and removable media.
Effective partnerships with governments, which will vary from country to country and range from encouragement to mandatory action. But the nature of the new threats industry faces requires government involvement.
Add new comment