Organisations in the transport and aviation sector take almost two months to detect a cyber attack, according to new research from UK cyber security services firm, Bridewell.
The research, which surveyed UK cyber security decision-makers across the UK’s critical national infrastructure (CNI), reveals that the transport sector is lagging behind communications, utilities, finance, and government in the timely detection of security breaches. Respondents in the sector said that it takes their organisation an average of 51 days to detect a cyber attack on the business, with almost a third (30%) claiming it takes between 61 and 90 days.
This comes despite rising investment in cyber security, with 82% of transport and aviation organisations increasing their cyber budgets over the past 12 months. On average, operators are now spending 40% of their IT budget on cyber security, and investment is predicted to rise by a further 36% in the year ahead.
Even with significantly increased budgets, many organisations are struggling with the volume, sophistication, and detection of cyber threats. Over three-quarters (77%) of decision-makers in the sector say that the number of successful attacks has increased over the past year, while the same number claim it has become harder to detect and respond to threats. Furthermore, 71% admit to still struggling to understand how and why a breach occurred. This suggests that cyber security investment is not currently being directed towards the right areas, which ultimately leads to slow detection and response times.
Poor cyber security investment choices could also be causing problems with visibility. The research found 86% of transport and aviation cyber leaders say they don’t have sufficient visibility across the IT/OT boundary and 8 in 10 do not have sufficient visibility over all end user, networks, and systems.
Martin Riley, Director of Managed Security Services at Bridewell, comments: “It only takes minutes for a cyber attack to inflict severe harm on critical systems, so the transport and aviation sector must prioritise finding new ways of detecting and responding to threats as soon as they occur.
“As cyber security budgets rise to meet escalating threats, organisations should seize the opportunity to implement proactive security approaches, such as cyber threat intelligence and detection and response, to ensure they have the crucial speed and visibility to identify and shut down attacks before they cause substantial damage.”
Currently, only 29% of transport and aviation cyber decision-makers say they have a managed detection and response (MDR) solution in place, and just a fifth (20%) have implemented extended detection and response (XDR) to enable detection and response capabilities across network, web and email, cloud, endpoint and most crucially, identity.
To learn more, download the full report ‘Cyber Security in UK Critical National Infrastructure 2022: Part 2’ here.
