In yet another recent study of critical infrastructure IT professionals, this time the experts believe a major CIP-related attack is just around the corner:

While 80 percent of survey respondents believe cybersecurity is “either greatly or extremely concerning,” most also believe they’re prepared for an eventual cyberattack. Twenty-seven percent of respondents feel “very or extremely vulnerable” today, whereas three years ago, half of respondents felt that way.

More than 600 IT professionals from critical infrastructure organizations participated in Intel’s survey. A majority live in the U.S.

Raj Samani, VP and CTO of Intel, told that this confidence could stem from critical infrastructure attacks not being top of mind, as they might have been three years ago. But for him, the results definitely seem to communicate an overconfidence among IT security professionals.

He especially emphasized this point given that 90 percent of respondents experienced at least one attack on secure systems, and the average came out to nearly 20 attacks per year. In most cases, these virtual attacks resulted in physical damage. Thirty-three percent ended in service disruption, and more than 25 percent allowed data to be compromised.

Seems like a lot of people are quite overconfident in their ability to withstand a cyber attack. Is it due to ignorance or actual belief their security controls are capable of preventing an attack.

I especially like how the article ended with this nugget of truth:

With this in mind, Samani reminds that most frequently, human error represents the biggest misstep in cybersecurity defenses, and for that reason, he suggests moving beyond code to address the human element in cyberattacks.