Cyberattacks on critical vital infrastructure can have disastrous results, forcing governments and regulatory bodies to pay close attention to intensifying the efforts to safeguard these industries. For example, #CybersecurityAwarenessMonth, celebrating its 20th anniversary this October, aims to empower people and organizations across every sector to protect critical assets against cybercrime. However, simple actions like adopting multi-factor authentication (MFA) or encrypting sensitive data everywhere should be exercised throughout the year and not just during that month.
The 2023 Thales Data Threat Report Critical Infrastructure Edition, which includes responses from 365 security leaders and practitioners within critical infrastructure organizations, serves as a fine reminder of the requirement to embed security into the culture of every organization and individual. The threat of attacks against Critical National Infrastructure (CNI) – energy, utilities, telecommunications, and transportation – is a top priority. Reducing the risk of attacks such as ransomware and malware on CNI will be paramount to the stability of national economies for the years to come.
The Threat of Ransomware
Targeted and untargeted CNI incidents are now simpler to execute than ever before. Operational Technology (OT) systems, which were once isolated, have progressively integrated with IT technology and moved to various cloud platforms powered by sophisticated IoT sensors and guided by big data analytics. The rising reliance on cloud platforms creates an expanded attack surface for threat actors and adversarial nation-states to exploit. According to the Thales Critical Infrastructure research, 32% of the questioned enterprises claim that more than 60% of the data they store in the cloud are sensitive.
Malware ranked as the top cause of increased security attacks by 64% of security and IT experts from all critical infrastructure businesses, closely followed by ransomware (47%) and phishing (36%). Phishing attacks and malware (including ransomware) are operations that provide threat actors with a higher return on investment; as a result, they are well-liked by the criminal underworld.
In fact, ransomware has almost completely changed breach economics in recent years. Given the highly regulated nature of the industries that operate CNI, the risks of increased recovery costs, financial loss due to penalties from lawsuits and legal expenses, lost productivity, and disclosure of sensitive information are identified as the most severe impacts of a potential ransomware attack.
Despite the culminating threats, the report also showed insufficient ransomware preparedness across critical infrastructure organizations. For example, 37% of the Thales survey respondents are not confident they know where their sensitive data is stored. And only a mere 2.6% of the surveyed organizations encrypt more than 90% of their sensitive data stored in the cloud. Data visibility and encryption are the two foundational controls that allow businesses to prevent and reduce the impact of a ransomware attack.
A Very Human Problem
When tackling these security challenges, the human element is the most important factor. Most successful malware and ransomware attacks gain an initial foothold in organizations due to human involvement. This includes using weak passwords that can be easily compromised or stolen and misconfiguration errors of cloud-based apps and platforms.
Additionally, the ongoing convergence of Information Technology (IT) and Operational Technology (OT) increases the reliance on third-party suppliers, making it easier for attackers to exploit supply chain vulnerabilities to infiltrate systems and move laterally within organizations. The ongoing attacks and threats to CNI demonstrate that the entire landscape of OT security has changed and can no longer be considered separate from IT.
To mitigate these challenges, 60% of the CNI organizations employ security precautions like Multi-Factor Authentication, which is a 9% increase compared to 2022. As ransomware concerns continue to affect the CNI sector, organizations across every industry need to prioritize a holistic approach to cyber resilience, which covers IT and OT and includes physical and human factors to ensure robust protection.
A Zero Trust Approach
Organizations in the CNI sector often have widely dispersed infrastructure, which can comprise assets such as warehouses, shipping ports, power lines, transmission sites, and railroad facilities. Furthermore, the shift of operational technology from private, isolated connections to the Internet of Things (IoT) has significantly enlarged the size, intricacy, and flexibility of underlying networks while also increasing potential attack points.
When it comes to improving security across these environments, adopting a data-centric security architecture, such as a zero-trust model, protects the critical data rather than system boundaries, reducing the potential impact on the organization. Adopting zero trust principles can be a key strategy to ensuring robust and effective “least privileged” access to highly distributed, high-value data and assets.
According to our report, CNI organizations invest in zero-trust technologies that harden access to sensitive data, such as Identity as a Service (IDaaS), risk-based contextual authentication, authorization tools, and passwordless authentication.
Go on the Cyber Offensive
As we rely more on technology to manage various aspects of our lives, such as healthcare, banking, energy, and utilities, these systems become more exposed to cyber-attacks. Once offline, such attacks can cause significant disruption to society and the economy. Business leaders, government officials, and industry experts must not be complacent and instead take proactive measures to prevent and protect against these threats. It's evident that they will need to go on a cyber offensive to maintain security and safety.
Download the full Thales 2023 Data Threat Report for the Critical Infrastructure for more information.