Categories: Security

Critical Infrastructure Firms ‘Skip’ Basic Security Checks

More than one-third of critical infrastructure organisations have admitted to skipping basic IT security precautions, according to findings by Corero Network Security.

The firm found 39 percent of the organisations who responded to its freedom of information (FOI) requests said they hadn’t completed the ’10 Steps to Cyber Security’ programme issued by the UK government.

Critical infrastructure threat

Amongst the NHS trusts who responded the figure was higher, at 42 percent.

The findings indicate many of the organisations designated as critical national infrastructure could be open to fines of up to £17 million or 4 percent of their global turnover under recent government proposals to implement the EU’s Network and Information Systems (NIS) directive from May of next year.

Corero sent requests in March of this year to 338 organisations including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations. It received 163 responses, with 63 saying they hadn’t completed the recommended programme.

The firm said the responses suggest critical infrastructure organisations could be doing more to protect themselves.

“These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats,” stated Corero director of product management Sean Newman.

Loading ...

NIS directive

The government launched a consultation on the NIS directive earlier this month, saying the measure is aimed at dealing with an increasingly hostile online environment.

“The NIS directive will help make sure UK operators in electricity, transport, water, energy, transport, health, and digital infrastructure are prepared to deal with the increasing numbers of cyber threats,” the government stated at the time. “It will also cover other threats affecting IT – such as power failures, hardware failures, and environmental hazards.”

Corero said its findings also indicate most critical infrastructure organisations (51 percent of respondents) aren’t monitoring low-level distributed denial-of-service (DDoS) attacks, those that are short in duration. That suggests they could be vulnerable to the malware infection attempts that often accompany such attacks, Corero said.

Analytics firm Neustar found that 42 percent of European organisations polled in May said DDoS attacks were accompanied by malware infections, up 10 percent from the previous year.

‘Challenging’ implementation

Industry observers have noted that awareness of the NIS directive is signficantly lower than that of the General Data Protection Regulation (GDPR), also set to take effect in the UK in May 2018.

James Castro-Edwards, partner and head of data protection law at Wedlake Bell, said in a recent research note that compliance with the NIS directive was “more challenging since the final details have not been specified yet”.

While the GDPR applies broadly to organisations that handle personal data, the NIS directive only targets ‘operators of essential services’ in the energy, transport, banking, financial market infrastructures, health sector, water and digital infrastructure sectors.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Fiber Plans US Network Expansion – Report

Google Fiber resurfaces. Network to be expanded to offer speedy internet connectivity to cities in…

9 hours ago

Samsung Unveils Two New Folding Smartphones

Foldable updates from Samsung. include new versions of its pocket sized square (Galaxy Z Flip…

9 hours ago

Elon Musk Sells Tesla Shares Worth $6.9 Billion

Tesla CEO Elon Musk admits he could need the funds if he loses legal showdown…

10 hours ago

Facebook At Centre Of US Teenager Home Abortion Case

Court documents show Facebook provided police in the US state of Nebraska with a teenager's…

12 hours ago

President Biden Signs $53 Billion US Chips Act

President Joe Biden signs landmark bill to encourage chip makers to build more semiconductor manufacturing…

14 hours ago

WhatsApp Update To Allow Users To Leave Groups Silently

Privacy changes to WhatsApp. No more blanket notifications to a group if a user decides…

15 hours ago