The Enterprise Strategy Group (ESG) recently surveyed 303 IT and information security professionals with awareness of or responsibility for cyber supply chain policies and processes and with overall knowledge of the state of cybersecurity at their organizations. Survey respondents were located in the United States and work for large midmarket (i.e., 500 to 999 employees) and enterprise (i.e., 1,000 or more employees) organizations that operate in critical infrastructure industries as designated by the U.S. Department of Homeland Security. This research project was intended to assess the state of cyber supply chain security and the overall cybersecurity status of organizations in critical infrastructure industries since these entities face constant cyber-attacks from a variety of adversaries including cyber-criminals, hacktivists, and nation states, so they have a bird’s eye view of the threat landscape on a daily basis. When asked to assess this threat landscape in comparison to two years ago, nearly one-third (31%) of organizations claim that the threat landscape is much worse than it was two years ago while 36% believe that the threat landscape is somewhat worse than it was two years ago. While not surprising, this is discouraging, as an attack on U.S. critical infrastructure could be the “cyber Pearl Harbor” predicted by numerous politicians and pundits.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program