The research found that 80% of critical infrastructure organisations had experienced a “large-scale” attack, whilst 25% had been victims of extortion attempts.
The joint research from McAfee and the Center for Strategic and International Studies (CSIS) looked at the threats to the likes of power grids, oil, gas and water.
The survey of 200 IT security executives in the critical infrastructure field across 14 countries, including the UK, found that 40% of executives believed their industry’s vulnerability had increased.
Nearly 30% believed their company was not prepared for a cyberattack and more than 40% expected a major cyberattack within the next year. Vanson Bourne was commissioned to question the 200 respondents.
The “In the Dark: Crucial Industries Confront Cyberattacks” report found that the energy sector had increased its adoption of security technologies by only a single percentage point (51%), and oil and gas industries increased only by three percentage points (48%).
“We found that adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study for CSIS.
The majority of respondents frequently found malware designed to sabotage their systems (nearly 70%), and nearly half of respondents in the electric industry sector reported they had found the potentially damaging Stuxnet malware on their systems.
Dr Phyllis Schneck, vice president and chief technology officer for the public sector at McAfee, said, “In the past year, we’ve seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures.
“The fact is is that most critical infrastructure systems are not designed with cybersecurity in mind, and organisations need to implement stronger network controls to avoid being vulnerable to cyberattacks.”