The pandemic has shone a light on the importance of critical infrastructure to our everyday lives. However, their importance attracts attacks, but so does their vulnerability, which is why we’ve seen a rise in cybercrime against our vital infrastructure including supermarkets, schools, healthcare, and hospitality.
Every day, new risks and responsibilities are thrust upon them. With changing consumer habits, the pandemic, and the rise of cybercriminals, what can they expect? And how can they adapt to understand, manage, and protect against risk most effectively?
Soft targets
There is no honour among cybercriminals. If earlier waves of hacking and ransomware targeted large financial institutions, energy firms, and multinational businesses, it was because that’s where the most significant rewards were. Why hold a school ransom when you can (virtually) hold up a bank?
Things have changed. Recent research found a 29% increase in cyber-attacks against the global education sector, with a stunning 93% rise against schools and colleges in the UK. The actual cost of these hacks is impossible to judge since no one knows how many schools are paying up – or how much. But it’s obvious why schools are such an attractive target for criminals: they are a big part of our national infrastructure yet still relatively undefended. The problem has become so bad that the UK’s National Cyber Security Council (NCSC) has urged all educational establishments to sign up for its Early Warning Service.
It’s not just schools, either. Recently, we have seen an alarming increase in attacks against the healthcare sector, most ominously against Ireland’s Health Service Executive earlier this year, where ransomware hackers demanded $20m/€17.27m to unlock devices and systems. It’s been estimated that the actual cost of this attack could approach €100m/$115m.
But organisations aren’t only targeted simply because they are part of critical national infrastructure; just as often, it’s merely because they are vulnerable. Take hospitality. While hotels, bars, and restaurants were not traditionally considered “critical infrastructure”, the pandemic made us realise how many jobs depend on hospitality – over 3 million in the UK alone. It’s an industry thath is always seeking to offer more digital services to its guests, which has multiplied the number of gateways and therefore vulnerabilities which could be exploited by cyber attackers.
And sometimes organisations fall victim simply because they’ve been caught in a broader dragnet. When 500 Co-op supermarkets in the UK were forced to close earlier this summer, the attack came via a software supplier. To the hackers, the stores and their customers were merely collateral damage.
Risk and responsibilities
Businesses in various industries suddenly find themselves on the frontline of cybersecurity. Still, they are often ill-prepared for this new burden of responsibility to their customers, service users, shareholders, or broader business community.
There’s a temptation to believe that the solution to cyberthreats is solely technological, but the truth is that having the right processes is every bit as necessary. The first task facing our critical infrastructure’s newest members is to identify, understand, prioritise, and remediate the primary cyber risks they face.
At ThreatConnect, we talk about the Risk – Threat – Response paradigm, which equips business leaders with the ability to understand the risks they face, quantify the potential costs, prioritise the most effective response, and allocate the right resources. But the threat landscape is constantly changing. That is why every organisation must develop a cyber threat intelligence (CTI) programme that enables continuous assessment of the who, where, how and when of digital threats.
Organisations today tend to be in a constant state of reacting to threats, vulnerabilities, and incidents. It’s time to be proactive with a CTI programme that helps inform an organisation of its risk, and aligns with the business as a whole to defend against threats that matter most based on primary response and secondary loss. This damage comes to the business as a result of the breach.
Many businesses may be reluctant cybersecurity warriors, but as threats continue to increase, they have no choice but to take effective steps against these highly sophisticated online criminals. The first and most crucial step in any security posture is to adopt a risk-led cybersecurity programme that helps organisations focus on the most significant risks and use threat intelligence to drive an orchestrated, highly effective response.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.