It’s a worrying trend as manpower and resource constraints curb enthusiasm
A Symantec survey found that companies are generally less aware of their government’s critical infrastructure protection (CIP) programme this year compared to 2010, with 37% of them completely or significantly engaged in the programme this year, compared to 56% in 2010.
According to the findings of the 2011 Critical Infrastructure Protection (CIP) Survey, 36% of respondents were somewhat or completely aware of the government critical infrastructure plans being discussed in their country compared to 55% last year.
The survey also revealed that companies are more ambivalent in 2011 than they were in 2010 about government CIP programmes, with 42% having no opinion or were neutral.
It was also found that 57% of companies are now willing to cooperate with CIP programmes in 2011, which is slightly lesser than the 66% in 2010.
Global organisations feel less prepared, as overall readiness on a global scale fell an average of eight points, from 60% to 63% in 2011 compared with 68% to 70% in 2010.
Symantec director of Global Intelligence Network Dean Turner said the findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers.
"Having said that, limitations on manpower and resources as mentioned by respondents help explain why critical infrastructure providers have had to prioritize and focus their efforts on more day-to-day cyber threats," Turner said.
"Businesses and governments around the world should be very aggressive in their efforts to promote and coordinate protection of critical industry cyber networks. These latest attacks are likely just the beginning of more targeted attacks directed at critical infrastructure."
To ensure resiliency against critical infrastructure cyber attacks, Symantec recommends companies develop and enforce IT policies and automate compliance processes, and protect information proactively by taking an information-centric approach.
The IT security firm also recommended companies to manage systems by implementing secure operating environments; protect the infrastructure by securing endpoints, messaging and Web environments; ensure 24×7 availability; and develop an information management strategy.