Large Electric Utilities Earn High Security Scores

Critical infrastructure is a big target for attack, but new data shows some operators in that industry suffer fewer security incidents than other industries.

It may sound counterintuitive, but major utilities rank as one of the most secure organizations, according to a new study.
Large electric utilities scored 751 on a grading scale of 250 to 900-- second only to the traditionally security-forward financial industry, which scored 782, according to BitSight Technologies new security index that analyzes the security performance of finance, utility, retail, and healthcare organizations in the Standard & Poors 500.
Overall, 82% of the companies in the four industry sectors were hit with a security incident during the period analyzed in the report, from April 1, 2013 through March 31, 2014.
I was looking for utilities to do poorly. But what we learned here is its mostly SCADA systems that have their [security] issues. The largest utilities in the S&P 500 are pretty high-performing when it comes to securing their networks, says Stephen Boyer, founder and CTO of BitSight, which tracks malicious traffic on the Internet. Beyond those small utilities that have a lot of problems, the larger ones are pretty sophisticated. They are pretty good at segmentation and responding very quickly to threats, he says.
Large investor owned utilities have fairly sophisticated security practices. Like large financial institutions, they have significant security budgets and cyber risk has executive level visibility, said Dave Dalva, vice president of security science at Stroz Friedberg, in a statement in BitSights report, published this week.
ICS/SCADA systems notoriously suffer from security shortcomings mainly due to plant operators priority of operations and safety, rarely patching and updating software for fear of disrupting the power supply or manufacturing process, for instance.
BitSight gathered the data for its analysis via its global sensors on the Internet that detect botnet and other malicious traffic, and tracks malware and the duration of its presence on systems for its customers.
Utilities are mostly plagued by a family of Trojans called Redyms (26%), which redirect search engine results, Zeus (15%), Zero Access (13%), Cutwail (8%), and Confickr (8%).
Financial firms are hit mostly by Zeus (33%), followed by ZeroAccess 12%), Redyms (10%), Confickr (7%), and Spambot (7%), according to BitSights findings.
Meanwhile, the healthcare industry scored poorly, 660, as did retail, 685. What was surprising was healthcare, Boyer says. The fact that Confickr was so prominant there says a lot, with 13% of the malware infections, he says.
The full report is available
here
for download.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Large Electric Utilities Earn High Security Scores