Critical Infrastructure Is Permanently Under Attack
In recent years, ransomware has almost completely changed the business model of breaches. Given the nature of the sectors that the CNI operates, the risks of financial loss are extremely high. For example, due to fines as a result of lawsuits, legal costs, loss of productivity or repair costs. Paying ransom can in some cases be less harmful than risking these additional consequences.
Also read: derecho al olvido
However, this attitude indicates a lack of understanding of the effects that ransomware attacks can have on affected parties, such as cyber insurance providers, incident response firms and the government. The power of ransomware lies in the instant ‘kidnapping’ of data and critical systems. That’s why organizations need a quick, rehearsed response plan, such as a ransomware plan, for example.
Human element
The human element is a crucial factor in addressing these security risks. The most successful malware and ransomware attacks take root in organizations as a result of user error. For example, by using easy-to-guess passwords, phishing or socially manipulated techniques such as compromising a business email. The situation has deteriorated significantly in recent years due to large-scale shifts to remote work arrangements, such as working from home.
Prior to the events of 2020, all work would likely have taken place in a secure work site, making it more protected. In addition, the convergence of information technology (it) and operational technology (opt) makes it easier for attackers to move within organizations, turning it problems into much more pervasive problems with opt systems. The ongoing attacks and threats from the CNI show that the landscape of OT security has changed and can no longer be viewed in isolation.
Also read: sharenting que es
Authentication
Employees working remotely can pose a major threat or security risk. Security measures such as multi-factor authentication can protect against user errors. Concerns about ransomware are mounting, and organizations in every industry must prioritize a comprehensive approach to cyber resilience, encompassing it, opt, and physical and human factors to ensure robust protection.
Zero-trust
“The adoption of IoT and multiple cloud platforms has greatly increased the size and complexity of hybrid IT” Chi organizations typically have a highly distributed infrastructure, which can encompass anything. Think of power plants, seaports, power lines, transmission sites and railway assets. In addition, the adoption of It and multiple cloud platforms have greatly increased the size and complexity of hybrid IT. At the same time, the potential attack surface has been greatly increased.
To improve the security of these environments, a security architecture, such as a zero-trust model, should be used instead of system boundaries. In turn, this securely protects vulnerable, individual and vital data that is at risk of not only being exposed but also impacting critical infrastructure. Therefore, adopting a zero-trust model can be an important strategy by ensuring “least privileged” access to valuable data and assets. It is extremely important that leaders look seriously at these strategies. Not surprisingly, organizations with a zero-trust strategy are less likely to be victims of data breaches.
Also read: mario costeja gonzález
Disruption
Attacks on critical national infrastructure continue to increase and will occur as often, if not more often than attacks on IT networks. We use technology to bring all aspects of our lives online. Everything is connected, from healthcare to banking to energy and utilities. Threats targeting these systems can potentially cause major social and economic disruption.
Leaders from business, industry and national governments should not lose sight of the impact of any threats on the CNI. It is clear that a cyber offensive is necessary to effectively prevent and protect against these ever-growing threats.
