| |||||||||
| |||||||||
Current Filter: >>>>>> Powering down Editorial Type: Date: 05-2014 Views: 2377 Key Topics: Security Cyber-Attack Power Management Energy Consumption Insurance Cybercriminals Key Companies: Lloyd's of London Websense Cryptzone Key Products: Key Industries: Insurance | |||
| Many power companies are now being refused insurance cover for cyber-attacks, because their defences are perceived as too weak Underwriters at Lloyd's of London report what they are describing as a "huge increase" in demand for cover from energy firms, but surveyor assessments of the cyber-defences in place have concluded that the protections these offer are often not up to the mark and so are declining to cover those who fall short of the mark. So, is this a call to arms for utility firms in general? Websense certainly thinks so. "This is a wake-up call for utility firms seeking out insurance against cyber attacks and increasingly being refused," says Andy Philpott, the company's SVP sales, EMEA. There needs to be a mental shift refocusing from insuring against the aftermath of an attack to preventing it entering the network in the first place. Recent research we've conducted shows that over 70% of security professionals don't trust their current security programme."
LAYERED DEFENCES It's an inevitability that a determined and targeted attack will eventually be successful, but it's how you deal with it once it's inside your network. Many evasion techniques are used to easily bypass traditional security defences. The best insurance would be to test, test and test your security; understand where the weaknesses lie and have real-time security able to analyse malware on the fly. "Most importantly, put data leak prevention at the core of your business, so that, even if an attacker gets in, they will not be able to steal any data," he adds. "Security can never be 'set and forget' and needs to be at the forefront of a company's mind at all times, for any chance of ensuring security effectiveness."
NERVOUSNESS UNDERSTANDABLE The revelation at the tail-end of 2013 that internal Statoil technical documentation had been exposed on public servers caused a great deal of alarm at the time. And yet the reported causes at the root of this breach are common in many organisations, Cryptzone's Lindquist points out, with little or no consensus on what constitutes sensitive documentation "It is impossible for IT to be aware of all the confidential and sensitive information stored in the corporate IT environment. It is, of course, sensible to document and communicate a framework of what constitutes sensitive information, but it may not always be as obvious as listing particular applications or document authors. Indeed, following the recent scandal surrounding an IT contractor in the US leaking vast quantities of data, it is advisable that IT administrators neither know about, or have access to, sensitive content.
EMPOWER MANAGERS
Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |