Dive Brief:
- Utilities scored second on a grading scale designed by BitSight Technologies to rank companies on their cyber security efforts.
- On a 250 to 900 scale (with 900 being the highest possible score and most secure), utilities scored 751. The financial sector scored highest with 782.
- Utilities were found to be most under threat from various kinds of Trojan viruses, including Redyms (26%), Zeus (15%), Zero Access (13%), Cutwail (8%), and Confickr (8%).
Dive Insight:
Utilities scored higher than expected on the scale.
"Large investor owned utilities have fairly sophisticated security practices. Like large financial institutions, they have significant security budgets and cyber risk has executive level visibility," analyst Stroz Friedberg said.
"I was looking for utilities to do poorly," said BitSight CTO Stephen Boyer. "The largest utilities in the S&P 500 are pretty high-performing" when it comes to securing their networks. "Beyond those small utilities that have a lot of problems, the larger ones are pretty sophisticated. They are pretty good at segmentation and responding very quickly."
One thing the utilities are very vulnerable to, he said, was SCADA attacks. SCADA systems are often highly vulnerable, as plant operators don't like to upgrade them or change their security features too often in case the changes cause operational failures on the grid.