In November 2015, Tripwire and Dimensional Research commissioned a study assessing the cybersecurity challenges faced by organizations in the energy sector. Respondents included over 150 IT professionals from the energy, oil & gas and utilities industries. In addition to this study, Tripwire surveyed 200 security professionals at the 2016 RSA conference asking them the following question: “Would a cyber attack cause physical damage to critical infrastructure?”
The results were quite alarming. In the past year alone, cyber criminals have targeted control systems and implanted malware on companies’ IT systems. This barrage of attacks has stretched cyber security resources thin and affected response times and prioritization. This challenging reality is reflected in both surveys conducted by Tripwire.
D3 Security recently published a short briefing where we introduced three challenges facing energy organizations as well as the corrective actions that security and IT professionals can implement to improve their cyber incident response capabilities.
According to data from the Tripwire survey, 83% of IT professionals reported an increase in successful cyber attacks in the past 12 months. As a result, incident responders are expected to investigate and successfully protect against more attacks every year. With the surge in cyber attacks, energy companies can no longer afford to have their incident responders manually investigate and coordinate across disparate technologies.
With D3 Security’s Incident Management platform, security analysists and incident responders can consolidate all incident-related information under one roof. This includes local and global threat intelligence, objective and subjective incident data, policies & procedures – all while making this information available for threat profiling, trend reporting, and correlation analysis. By leveraging the power of D3, threats can be identified faster to prevent costly attacks. For more information on how D3’s Incident Management platform can help protect from attacks download our Energy Industry Briefing.
Not only did IT professionals see an increase in the number of attacks; they also experienced an increase in the rate of successful attacks. Of the 350 professionals surveyed, 67% reported that the rate of successful attacks increased by at least 20% in the past month.
What is the reason behind this chilling statistic? It is quite simple; energy companies and their IT department’s incident response capabilities have not kept pace with the increase in cyber attacks.
D3 connects SIEM and threat intelligence to a full-lifecycle IR methodology with rapid response playbooks. This system provides streamlined escalation of security alerts which increases contextual awareness -helping incident responders with validation and triage. Integrated playbooks outline the tasks needed for remediation so responders can effectively respond to, and in turn prevent attacks.
When investigating an incident, responders must understand the origin of the attack. According to the survey, 30% of responders reported they could not identify the source of most cyber attacks. By having digital forensics procedures in place, organizations are able to determine the root cause of a cyber-attack.
D3’s I.T. Forensics Case Management System is designed to collect and organize all the physical and cyber evidence from a certain incident. Properly categorizing and leveraging evidence can assist with root cause analysis without having to leave the D3 platform. With D3’s root cause identification tools, investigators can perform casual analysis in one system, which eliminates the need for tiresome correlations across multiple analysis silos.
To read about D3’s insights on Tripwire’s survey and for more information on how D3 can help energy organizations implement an effective incident management strategy, click on the button below to view the industry briefing.