We Need To Protect Our Critical Infrastructure – NOW.
The cyber landscape has made it easier for criminals to steal all kinds of information – usernames, passwords, banking information, you name it! Cyber attacks are imminent across all industries and sectors, affecting our society on an individual and global economic scale.
Critical infrastructure refers to sectors such as healthcare, financial services, agriculture, power, etc. These industries form the backbone of a nation’s economy and security – in other words, they’re very important !! They also happen to be tightly connected within the internet of things (IoT) – and cybercriminals know exactly how to exploit this.
In June, businesses around the world suffered a massive ransomware attack – two in fact – starting with Ukraine’s critical infrastructure. Entire computer systems were shut down after the Wannacry ransomware attack: ATMs, government computers, you name it ! Workers at the Chernobyl power plant even had to monitor radiation levels manually.
Once cybercriminals have access to the inner IT network, they can disrupt or manipulate any service. If one asset isn’t secure, the rest will suffer as well. A group of security researchers were even able to prove that they could hack into a water plant and change the chlorine levels – crazy !!
Here’s the thing: the 5 most-attacked industries in the cybersecurity space are all part of a country’s critical infrastructure: healthcare, manufacturing, financial services, government, and transportation. Knowing this, imagine how vulnerable entire cities and countries really are to cyber warfare.
So how do we protect these industries?
Greater collaboration and information sharing between the public and private sectors.
Building partnerships between sectors.
Establishing risk management strategies – no matter what industry you’re in!
Have a plan B – meaning have a clear and approved incident response plan.
Have simulated incident response practices – if an incident occurs, you know what to do and can jump straight into remediation and recovery.
Focusing on raising security awareness for employees to ensure they don’t fall victim to common scams.
Use threat intelligence services (such as threat hunting). Ask “Who is thinking about attacking our industry? What types of attacks are prevalent?” Using threat hunting is a great way to proactively search for criminals who might target you.
Segment your networks – if a threat actor does get into your network, they will be contained. The rest of your network that’s sealed off won’t be affected.