grandeduc - Fotolia
The recent crop of high-impact security incidents has garnered far less public attention than expected.
According to a survey from security firm Armis, which polled consumers and end users, high-profile incidents such as the ransomware attack on Colonial Pipeline Co. and the breach of a Florida city's water utilities were either overlooked or ignored by many outside the IT and information security fields. As a result, the responsibility for keeping users informed and aware of the need for heightened security appears to fall on administrators and IT staff.
The Armis survey polled 2,000 employees across various industries on their knowledge of current security events and best practices, and some of the results were eye-opening. Of the 2,000 professionals surveyed, 21% said they had not heard about the Colonial Pipeline breach and shutdown.
Additionally, 24% of those who were aware of the attack did not believe it would have any sort of lasting effect on the U.S. oil industry, despite the shutdown causing a brief fuel panic across much of the U.S. and dominating headlines for several days as experts flagged the incident as a major turning point in U.S. cybersecurity and response.
The response to the February attack at a water treatment facility in Oldsmar, Fla., was even more disheartening. Despite having a near disaster when an attacker compromised a control system and attempted to taint the municipal water supply, some 45% of users said they were not even aware of the incident.
Armis argued when users are unaware of these cyberthreats and the risks they pose, they are less likely to follow basic security procedures. The researchers noted 54% of those surveyed did not believe bringing their personal devices onto their company network will pose any sort of security risk to their company.
As a result, Armis said, companies are going to have to step up and improve their network security, while also keeping end users informed of the heightened risk for attacks in the current climate.
"The attacks on our critical infrastructure are clear evidence of the need for cybersecurity and assurance to all our utility providers and players," said Armis CISO Curtis Simpson. "This data shows that there is less consumer attention on these attacks as we might expect, and so that responsibility falls to businesses to shore up their defenses."
Armis is not alone in seeing this risk for enterprises. A recent study from Enterprise Strategy Group, a division of TechTarget, found that just 14% of business, IT and security executives believe their endpoint security programs have reached maturity, meaning end users are still being left vulnerable.
The data indicated IT and security professionals face a busy summer, as they juggle a lack of end-user knowledge and underdeveloped security programs with a growing threat landscape and a greater risk of targeted attacks and network breaches.