A lot has changed over the last decade when it comes to cyberattacks and the threat landscape. We have seen an evolution of cyberattacks moving from cybercrime for monetary gain, to strategic and targeted cyberwarfare and nation-state (government) hacking intended for political disruption and attempts to cause catastrophic damage at scale. ‘Critical infrastructure,’ which consists of industries and systems that underpin American society (and serve as the backbone of our nation's economy, security, and health) are some of the most vulnerable and fragile systems that if penetrated can cause irreparable damage and even loss of life. With so many of these systems growing ever more interconnected, the possibility of being hit by a cyberattack is a clear and present danger.
This month marks National Critical Infrastructure Security and Resilience Month in the U.S., which is intended to build awareness around our critical infrastructure while reaffirming the nationwide commitment to keeping our communities safe and secure. For us here at ESET, a cybersecurity company that has been researching cyberthreats for over 30 years, it raised the question of what Americans know about critical infrastructure attacks, and the perceptions about these types of threats.
Our survey found that Americans are most worried about a cyberattack disrupting the financial/banking system, more than attacks against hospital/emergency services, voting systems, or power grid/energy supply companies. And although many do know that physical damage can occur via hacking tools, people still believe that the financial/banking industry is their top concern when it comes to cyberattacks.
Take a look at the findings broken down below.
Despite the news headlines and concerted efforts to provide education and awareness across the country, many people are still not aware of the risks that cyberattacks pose. In 2017, ESET published its discovery of Industroyer, the malware that caused a power outage in the Ukrainian capital city of Kiev. Dragonfly malware was found lurking across U.S. power grid companies (and to our knowledge did not cause any damage, but certainly had the ability to). Fifty percent of respondents said they were not aware that hackers have been able to cause citywide blackouts in some countries due to a cyberattack. Prior to both of these incidents, Stuxnet, a piece of malware that infiltrated Iranian centrifuges, took the world by storm. And, let us not forget the not so distant WannaCry, a massive ransomware attack that impacted the UK’s National Health System, FedEx, and Deutsche Bahn, among numerous other victims.
Some Americans seem to be skeptical about the transparency and availability of information on what causes energy grid disruptions. Nearly 40 percent of respondents indicate they believe there has been a cyberattack in the U.S. that has caused a blackout, but was just not made public.
So what is the outlook? Fifty-eight percent of people say that they believe it is ‘likely’ that the U.S. will suffer a large-scale disruption on critical infrastructure in the next two years.
ESET continues to monitor the cyberthreat landscape closely. Read about our latest industrial control system (ICS) cybersecurity research, on the GreyEnergy group, here.
In the last year ESET has also released a number of enterprise security tools to help companies better defend against targeted attacks. More information can be found here.
Survey Methodology
Conducted online via Google Surveys from October 8, 2018, to October 11, 2018. Results based on responses from 1,500 American adults. Respondents were asked four total questions with answer options appearing in randomized order. Survey respondents were between the ages of 18 and 65+. Not every respondent answered every question. Google Surveys is a member of the American Association of Public Opinion Research's (AAPOR) Transparency Initiative. The initiative was founded in 2014 and establishes disclosure standards for organizations who run and publish surveys. More about Google Survey methodology here.