Cyber-attacks on critical infrastructures are progressively appearing in news headlines. Adversaries see an advantage in going after critical infrastructures owing to the chances of making huge profits. This year, in July, a group known as Gonjeshke Darande claimed the responsibility of cyber-attacks on 3 Iranian steel companies, following which they were compelled to stop production. In another incident, a ransomware group compromised the security of a UK water supply company named South Staffordshire Water plc that supplies drinking water to over 1.6 million people in the country.

According to FBI’s Internet Crime Complaint Center (IC3) 2021 report, it received 649 complaints of ransomware attacks targeting critical infrastructure organizations in 2021. This rapid surge in complexity and frequency of targeted cyber-attacks have made “cybersecurity” an agenda for both organizations and nations.

Global Challenges for Organizations

• Rate of zero trust adoption is still short in critical infrastructures. In a recent Thales report, it was found that only 30% of organizations have a formal zero trust strategy and have actively embraced zero trust policies.
• Due to the convergence of Information Technology and Operational Technology, it has become easier for cyber attackers to penetrate and move laterally within the organization. They leverage common IT issues and turn them into critical OT system problems.
• Growing geopolitical tensions is another prime factor driving the increase in cyber-attacks. Consequently, we have seen a surge in nation-state-sponsored attacks in the last few years.
• With no surprise, human factor still remains the weakest link in cybersecurity. Because of conventional user errors like weak/same passwords and falling victim to social engineering attacks such as phishing and business email compromise, malware and ransomware attacks gain an initial foothold in organizations.

Concreate Cyber-Resilience is the Need of the Hour

When it comes to cybersecurity, there are no silver bullets. As per a recent report from Trellix, cyber-attacks on India’s critical infrastructures have increased by huge 70% in the final quarter of 2021. Adoption of better security measures that must align with business objectives and cyber risk strategies could help in curbing the damage. Moreover, with in-depth visibility of the growing threat landscape and prompt actions, organizations can shore up the cyber defence of critical infrastructures.

• Adopt a Zero-Trust Approach

  Implementing zero trust model can help enterprises to ensure strict access controls and provide least-privilege access to highly distributed, high-value data and assets.

• Be Ready with Network Segmentation

  Organizations must be prepared in advanced to tackle any adverse situation. In the event of a cyber-attack, say ransomware, strong network segmentation can safeguard critical data by slowing down the attackers and limiting the damage. Additionally, it also help in meeting compliance requirements.

• Maintain Air-Gapped Backups

  Air gapping can be your best defence against any cyber-attack as it ensures your backups remain secured even if the ransomware/malware had compromised admin access and began spreading across the network. It also encourages data recovery and compliance with industry regulations, such as HIPAA, FISMA, GDPR, etc.

• Conduct Regular Security Audits

  In cybersecurity, we often say that you can’t protect what you don’t know about. This is quite true as a single vulnerability can lead to massive losses. Assets, including individual systems, servers, networks, IoT devices, third-party applications, etc., must be thoroughly monitored and scanned for potential vulnerabilities before threat actors exploits them.

• Improve Communication and Collaboration among Teams

  Organizations can create a centralized cybersecurity team that is responsible for maintaining security across entire network. This team can further define policies that everyone will follow consistently across OT and IT networks. Additionally, it must exchange regular briefs to key stakeholders on cybersecurity trends, vulnerabilities and priorities.

• Promote Cyber Hygiene Across All Levels

  Most successful security breaches are a result of human errors. Cybersecurity is a shared responsibility and every employee must exhibit cyber-safe behaviour. For instance, people must be encouraged to use strong passwords and enable two-factor authentication wherever possible. They should be made aware of common social engineering attacks to prevent successful data breaches.

Final Thoughts

In last few years, organizations and governments have witnessed numerous attacks on critical OT and SCADA systems. To cut down the success rate of such complex attacks, we require a collective effort among both private and public sectors, along with proactive approach to cybersecurity. Recommendations will include (but not limited to) secured remote access for users, strong user authentication, swift patch management, active monitoring of critical assets, incident response plan, creating a layered network, etc.