Trellix logo
Trellix Xpand Live
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Gartner Marketplace Guide (XDR)
Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."

The Threat Report - Summer 2022
Latest Report

Our Summer 2022 threat report details the evolution of Russian cybercrime, research into medical devices and access control systems, and includes analysis of email security trends.

Critical Flaws in Widely Used Building Access Control System
Critical Flaws in Widely Used Building Access Control System

At Hardwear.io 2022, Trellix researchers disclosed 8 zero-day vulnerabilities in HID Global Mercury access control panels, allowing them to remotely unlock and lock doors, modify and configure user accounts and subvert detection from management software.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Trellix Xpand Live
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.

News

Breaking updates and news

Trellix Report Reveals Key U.S. Critical Infrastructure Providers Lack Advanced Cyber Defenses

Majority of U.S. Providers in Oil & Gas, Healthcare, and State & Local Emergency Services Have Not Implemented Full Cybersecurity Capabilities due to Lack of In-House Cyber Skills

News Highlights

  • 77% of respondents from U.S. state and local governments in charge of emergency services have not fully implemented endpoint detection and response (EDR) and extended detection and response (XDR) solutions
  • 75% of U.S. oil and gas sector survey respondents have not yet fully deployed multifactor authentication (MFA) making remote access to systems much easier for bad actors
  • 74% of U.S. healthcare respondents have not fully implemented software supply chain risk management policies and processes
  • Over half of U.S. critical infrastructure providers in state and local government (51%), oil and gas (55%) blame lack of in-house cyber skills for not fully implementing cybersecurity measures
  • 38% of healthcare respondents favor U.S. government funding to help them improve sector cybersecurity

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released a global Cyber Readiness Report investigating how U.S. critical infrastructure providers are preparing to defend themselves against cyberattacks. The report, based on research conducted by Vanson Bourne, surveyed 900 cybersecurity professionals from organizations with 500 or more employees. Trellix designed its survey to gauge the maturity of advanced cybersecurity implementations among U.S. government agencies, state and local governments and private sector peers responsible for protecting the nation’s critical infrastructure.

Worryingly, the report found that despite high-profile breaches, many critical infrastructure providers, particularly those in U.S. oil and gas, healthcare and state and local governments in charge of emergency services, have not yet fully implemented cybersecurity best practices. For example, three-quarters (75%) of respondents from the oil and gas sector admitted they had not yet fully deployed multifactor authentication, and more than three-quarters (77%) of those non-federal governments in charge of emergency services had not fully rolled out EDR or XDR solutions.

In addition, many critical infrastructure providers reported that they had not fully implemented sufficient supply chain risk management policies and processes, which is a particular concern following the SolarWinds and Microsoft Hafnium breaches in 2020 and 2021. Nearly three-quarters (74%) of healthcare providers admitted this had not been fully implemented.

The study revealed the cybersecurity talent gap is slowing the implementation of defensive technologies despite the current threat landscape, availability of private sector innovations, and greater willingness to invest. The lack of in-house cyber skills were blamed by over half of U.S. non-federal agencies running systems supporting local infrastructure and emergency services (51%) and respondents from the oil and gas sector (55%) for why their cyber defenses were not fully deployed.

“The hostilities in Ukraine have sharpened focus on the cyber readiness of critical infrastructure,” said Bryan Palma, CEO of Trellix. “The risks are known and well-discussed, but often these organizations do not have the cybersecurity talent to implement the necessary defenses. We need to scale security skills to prevent understaffed critical infrastructure from falling victim to cyber-attacks.”

The healthcare sector particularly noted underinvestment as a contributing factor, and two-fifths (38%) favored federal funding to deliver cybersecurity improvements. Critical infrastructure providers also called for the U.S. government to share more threat intelligence, with nearly all (95%) of respondents in the oil and gas industry saying there was room for improvement in the cyber threat data shared by their federal partners.

That said, the report shows the recent U.S. Executive Order on Improving the Nation’s Cybersecurity (EO 14028) could play an important role in strengthening the nation’s cyber defenses. Three-quarters (75%) of respondents anticipate using the EO as justification to obtain funding to meet their objectives. Over three-quarters (79%) of respondents believe that by setting higher cybersecurity standards for federal agency implementations, the government could raise standards for the IT industry and, through it, non-federal government and private sector implementations.

“By raising security requirements in areas such as software development for government implementations, the federal government is in a unique position to influence and raise related standards for the entire software industry,” said Thomas Gann, Chief Public Policy Officer at Trellix. “The Biden Administration has demonstrated constructive, responsible cybersecurity leadership over the last year, and we foresee the existing public-private partnerships as a sound foundation for building policy initiatives in this and other areas.”

The study also gauged the state of technology adoption and public-private collaboration among government and critical infrastructure providers in Australia, France, Germany, India, Japan, and the United Kingdom.

Additional Resources

About Trellix
Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 40,000 business and government customers. More at https://trellix.com.

Media Contact
Christopher Palm
media@trellix.com

Source: Trellix

Get the latest

We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.

Please enter a valid email address.
Zero spam. Unsubscribe at any time.