Energy IT pros show surprising optimism

Tripwire announced the results of a survey of 104 attendees at the EnergySec Security Summit in Texas.

Industry research shows most breaches go undiscovered for weeks, months or even longer. Despite this evidence, 66 percent of respondents were confident that they could detect a data breach on critical systems within a week:

• 23 percent said it would take less than 24 hours
• 24 percent said it would take less than 72 hours
• 19 percent said it would take less than a week.

10 percent of respondents said data breach detection would take a month, 9 percent said it would take three months and 15 percent were not confident they could detect a breach.

“The survey results reflect a surprising optimism,” said Steven Parker, president of EnergySec, a non-profit organization formed to support organizations within the energy sector in securing their critical technology infrastructures. “Attack detection is a critical capability, and I think there is much more work to be done in this area than most organizations realize.”

According to the Mandiant 2014 M-Trends 2014: Beyond the Breach threat report, the average time required to detect breaches is 229 days. The report also states that the number of firms that detected their own breaches dropped from 37 percent in 2012 to 33 percent in 2013.

“I always say that trust is not a control, and hope is not a strategy,” said Dwayne Melancon, CTO for Tripwire. “Unfortunately, this data suggests that a lot of energy security professionals are far too hopeful about their own cybersecurity capabilities.”