Printer Friendly

ESG Research Discovers Sub-Standard Cyber Supply Chain Security in U.S. Critical Infrastructure and Key Resources.

Report Identifies Security Weaknesses in IT Procurement, Software Development and Inter-Organizational Sharing of IT Systems

MILFORD, Mass. -- The Enterprise Strategy Group (ESG), a leading IT industry analyst and consulting organization, today announced the availability of a new research report titled, Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure. The report is based upon data gathered from a survey of 285 security professionals working at organizations that operate in the 18 industries designated as "critical infrastructure" by the United States Department of Homeland Security.

The report, co-sponsored by Hewlett-Packard (NYSE: HPQ) and other leading IT vendors, found that:

* Sixty-eight percent of the critical infrastructure organizations surveyed have experienced at least one security breach in the past 24 months, and 13% suffered more than three security breaches in the past 24 months.

* Twenty percent of respondents working at critical infrastructure organizations rated the effectiveness of their organization's security policies, procedures, and technology safeguards as either "fair" or "poor."

* Seventy-one percent of the critical infrastructure organizations surveyed believe that the security threat landscape will grow worse in the next 24-36 months--26% believe it will be "much worse."

The research also focused specifically on the cyber supply chain policies, processes, and technical safeguards used by critical infrastructure organizations. The ESG report uncovered that only a small subset of the critical infrastructure organizations surveyed employ cyber supply chain security best practices--therefore many of these firms face an increased risk of a cyber supply chain attack that could impact business operations and service delivery to the public.

Tweet This: ESG Research Discovers Sub-Standard Cyber Supply Chain Security in U.S. Critical Infrastructure and Key Resources

"This report highlights that many critical infrastructure organizations can immediately benefit by adopting basic cyber security and supply chain security best practices" said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group and author of this research report. "Most of the critical infrastructure organizations surveyed are not doing adequate security due diligence on the IT vendors that provide them with products and services. They haven't instituted secure software development lifecycles across their enterprises and they don't have a set of security requirements for third-party business partners with whom they share IT systems. These weaknesses create a real vulnerability and need to be addressed as soon as possible."

"Clients must feel confident in the security of the products they deploy within their data centers," said Chris Whitener, chief security strategist at HP. "This report demonstrates a strong client desire for secure processes throughout the supply chain, ensuring the integrity of the IT products that are developed. Based on the findings from this report, HP is already identifying additional security tests that can be performed during development and QA using HP capabilities like Fortify and the HP Comprehensive Applications Threat Analysis service."

Survey respondents were also asked for their input on the cybersecurity role of the U.S. Federal Government. A vast majority (71%) of respondents believe that the Federal Government should be more active with cybersecurity strategies and defenses--31% believe that the government should be significantly more active. Respondents suggested that the Federal Government should engage in actions like doing a better job of sharing security information and providing incentives like tax credits to organizations that invest in cybersecurity. Oltsik comments, "The report clearly indicates that critical infrastructure organizations are vulnerable to attacks and expect help from the Federal Government. I can only hope that this report encourages greater public/private dialogue on cybersecurity and accelerates Federal Government action."

The Report, Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure, is being provided free of charge and is available for download on the websites of ESG and HP.

Download the report: Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure .

About Enterprise Strategy Group

Enterprise Strategy Group (ESG) is an integrated, full-service IT analyst and business strategy firm, world-renowned for forward-looking market intelligence, analysis, and consulting services that deliver proven, measurable results. Recognized as one of the world's top 10 analyst firms by offering a unique blend of capabilities--including world-class market research, hands-on technical product testing, and expert consulting methodologies such as the ESG Strategy Lifecycle--ESG is relied upon by IT professionals, technology vendors, institutional investors, and the media for actionable IT and business intelligence.

For more information visit:
COPYRIGHT 2010 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2010 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Nov 29, 2010
Previous Article:BeyondCore Wins UP 2010 Overall Most Innovative Cloud Provider Award.
Next Article:No Pen Required - Online Applications Open for 40 U.S. Bank Internet Scholarships.

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters