Eighty-five percent of security professionals believe cybersecurity threats will lead to an attack on major critical infrastructure over the next five years, according to a recent survey. The annual Pwnie Express study, The Internet of Evil Things, polled approximately 500 security professionals about a range of cybersecurity threats, including malware and devices connected as part of the Internet of Things (IoT).

Cybersecurity vs. Online Evil

The research looked at the variety of industry sectors that might be least prepared for an attack. Health care topped the list at 51 percent — but was followed closely by the waste and wastewater sectors (47 percent) and the energy sector (43 percent).

Security professionals may be predicting major attacks on critical infrastructure because they’re already dealing with so many issues in their own organizations. Malware attacks affected 59 percent of those polled, for example. Additionally, 32 percent were impacted by ransomware. More serious cybersecurity threats — specifically distributed denial of service (DDoS) attacks — struck 30 percent.

Security Professionals Still Lack the Right Tools

Perhaps more worryingly, security professionals suggested they aren’t necessarily strengthening their defenses — even after grappling directly with some of the most serious cybersecurity threats. While WannaCry affected 21 percent of those surveyed, for instance, approximately 18 percent said they still lack the tools to deal with the ransomware cryptoworm. Fourteen percent weren’t sure one way or the other. There were similar findings about other well-known malware and ransomware strains, including NotPetya, Locky and Mirai.

The gaps between the risks and the capability to deal with them weren’t limited to specific malware — it spread to entire areas of data protection. While a majority of 80 percent said they are concerned about cybersecurity threats as a result of bring-your-own-device (BYOD) policies in the workplace, less than half said they had real-time monitoring tools for personal devices.

About the same percentage said they were worried about the risk inherent in IoT-connected smart devices, but only 23 percent claimed to be keeping track of such devices effectively. Overall, while 64 percent said they are more concerned about the security of connected devices than they were last year, the authors said there was no improvement in the frequency at which they’re checking them.

More from

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

What CISOs Should Know About CIRCIA Incident Reporting

In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the Cybersecurity and Infrastructure Security Agency (CISA). These new requirements will change how CISOs handle cyber incidents for the foreseeable future. As a result, CISOs must…

Will the 2.5M Records Breach Impact Student Loan Relief?

Over 2.5 million student loan accounts were breached in the summer of 2022, according to a recent Maine Attorney General data breach notification. The target of the breach was Nelnet Servicing, a servicing system and web portal provider for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. An investigation determined that intruders accessed student loan account registration information between June and July 2022. The stolen data includes names, addresses, emails, phone numbers and social security numbers for 2,501,324 student loan…

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…