Critical infrastructure cyberattacks increase across the Americas
A report from the Organization of American States shows cybersecurity is a hemispheric concern.
(Image: Arthimedes / Shutterstock)
What: "Report on Cybersecurity and Critical Infrastructure in the Americas," from the Organization of American States and Trendmicro.
Why: Attacks on critical infrastructure providers by attackers looking to steal information and even destroy critical government, energy, banking and other industries' networks have spread across dozens of countries in the Americas. OAS's survey of 575 critical infrastructure CIOs in 26 countries in North and South America found that more than 75 percent had seen an upswing in attacks. Most of those were seeking information, but an increasing number looked to do physical damage to systems. Attacks were driven by cybercrime, geopolitics and hacktivism. The survey included government systems, which along with the energy sector were the top two industries that experienced destructive attacks. Communications and banking sectors followed.
Phishing was the top attack technique, with 70 percent of the respondents saying they had experienced such an attack. Unpatched vulnerabilities were next on the attack list, with 50 percent saying they'd experienced such an attack. Next, in descending order were distributed denial of service, SQL injection, cross site scripting, hacktivist-originated attacks and advanced persistent threats.
Flat budgets and lack of planning among critical infrastructure companies were part of the increasing problem, said the report. It found that 52 percent of the CIOs it polled in the region said they had a cyber incident response plan in place. The same percentage said their security budgets hadn't increased in the last year, however. Only 5 percent said they were very prepared for a cyberattack, with 35 percent saying they were prepared, and 40 percent said they were somewhat prepared.
There was some good news. The survey found that 68 percent of critical infrastructure companies trusted their government to support advancements in dealing with the threat. That could indicate the barrier to more dialogue among public/private critical infrastructure companies might be lower than it has seemed and could only require them to reach out to each other to start the process.
Verbatim: "There is no doubt that this hyper-connectivity is a powerful development tool and opportunity for growth for governments, business, and individuals alike—a tool that must remain open and accessible despite the inherent risks. The challenge lies in our ability to balance and manage these risks for the foreseeable future. The openness and ease of access of a hyper-connectivity has lowered the barriers to entry for criminal entrepreneurs as they can participate in illicit activities from almost anywhere. This makes it difficult for law enforcement to link the crime to the perpetrator and jurisdiction."