A new survey from cybersecurity company Armis found that awareness of major cybersecurity incidents in the US is lacking.
Last month, the company surveyed more than 2,000 professionals, discovering that almost 25% had never heard about the ransomware attack on Colonial Pipeline that caused gas shortages along the East Coast.
More than 23% said the attack would not have any longstanding effects on the fuel industry in the US, despite the highly-publicized cybersecurity changes oil and gas companies were forced to make by the Biden Administration following the attack.
Nearly half of respondents had not heard about the malicious takeover of the water treatment plant in Oldsmar, Florida.
More than half of all respondents said their devices did not pose a cybersecurity risk when it came to personal cybersecurity. Over 70% said they expected to bring their devices from home into the office once COVID-19 restrictions were lifted.
Curtis Simpson, CISO at Armis, said the responses showed that organizations have to prioritize cybersecurity on their own because employees have little awareness of the cyber threat landscape.
“The attacks on our critical infrastructure are clear evidence of the need for cybersecurity and assurance to all our utility providers and players. Organizations must be able to know what they have, track behavior, identify threats, and immediately take action to protect the safety and security of their operation,” Simpson said.
“This data shows that there is less consumer attention on these attacks as we might expect, and so that responsibility falls to businesses to shore up their defenses.”
A bipartisan group of US House of Representatives members introduced the American Cybersecurity Literacy Act last week in an effort to improve the country’s understanding of cybersecurity and kickstart public awareness campaigns.
Rep. Adam Kinzinger, one of the leading voices behind the bill, noted on Twitter that a cyberattack occurs every 39 seconds and that since the pandemic started, cybercrime has increased drastically.
“We must protect ourselves and our interests — and it starts with cyber education. As technological advancements increase and become more complex, it is critical that everyone is aware of the risks posed by cyberattacks and how to mitigate those risks for personal security,” Kinzinger said.
“In order to prevent these attacks going forward, we must combine public awareness with targeted cyber education.”
Rep. Gus Bilirakis, the Congressman for Oldsmar, Florida, added that the bill would help “develop a national education campaign to raise awareness of attacks and the practical steps that can be taken to thwart future bad actors.”
“In my district, a hacker was recently able to penetrate a local government’s security measures and temporarily change the chemical settings of the city’s water supply to a potentially dangerous level,” Bilirakis said. “This is a matter of national security, and we must do everything we can to protect all Americans from those who wish to do us harm.”