We’re into week four of National Cyber Security Awareness Month (NCSAM), which focuses last but definitely not least on the importance of securing our country’s critical infrastructure. In the U.S., it’s comprised of 16 sectors that along with other networks and systems, support the supply of food, water, financial services, public health, communications and power.
As is characteristic of the modern age, these systems are becoming more connected and digitized, which, while facilitating gains in safety and efficiency, also increases the risk for cyberattacks. A perfect example to illustrate the potential vulnerability of our critical systems was the cyberattack on four national natural-gas pipeline operators earlier this year. The attack on a shared network forced them to close customer-facing communications for an entire week, and possibly resulted in stolen customer data.
So what do cybercriminals stand to gain from attacking critical infrastructure? In most instances, the motivation is financial – hackers use ransomware as a way to leverage threats in exchange for money. The WannaCry cyberattack that crippled the UK’s National Health Service (NHS) last year infected users’ computers with malware that encrypted the whole hard drive. The only way to unlock it was to pay a ransom fee.
While this may be the current motivation for most cyberattacks, it’s important not to ignore the threat posed by nation-state attackers. Whether for political reasons or pure malicious intent, a cyber attack on critical infrastructure can have disastrous consequences power grids can fail, leaving businesses and people vulnerable to crime, companies stand to lose vital data, and police and medical teams could be left without means to communicate, maintain order or respond to calls.
The truth is that we live in exhilarating but dangerous times. When it comes to our digital work and personal lives, it’s important to be constantly aware of the cyberthreat landscape, which grows more sophisticated all the time. The best form of defense is attack, which public and private sector organizations can do by being proactive. This can include:
- Embedding security in every aspect of organizational strategy and activity. Think wider than just technology – security should be everyone’s responsibility, and fostering a culture of awareness and collaboration will go a long way to strengthening a company’s security posture.
- Planning and practicing attack response strategies. When the inevitable happens, acting fast and knowing what to do can help to shut down and mitigate the effects of a cyberattack.
- Constantly updating and adding new cyberthreat scenarios to your cyber defense plan – it’s the best way to be ready for the unexpected.
As we head into November, which sees the spotlight continue to be on critical infrastructure security, election security and resilience, watch our blog space for more insights and security-focused advice to help your organization put its best security foot forward.