Assessing the Human Impact of Cyber Security Breaches on Critical Infrastructure
As organizations pursue greater automation and more interconnected systems, every new tool or integration increases the risk of a potential crack in the armor. Combined with a fierce attack landscape, CI cybersecurity consists of a high-tech, high-threat environment – creating the perfect storm for cybersecurity professionals to mitigate.
Recently, we spoke to 500 US and UK cybersecurity professionals to understand the state of cybercrime and the true human impact of CI attacks. We uncovered that almost two thirds (65%) of CI organizations have fallen victim to a cyberattack in the last 12 months.
Not only is this high-threat environment causing unease among the general public—it’s also putting increasing strain on the people tasked to defend it. And this pressure comes at a price.
Public panic and the breaches that could cause it.
Critical Infrastructure consists of high-value assets that would cause chaos if they were made unavailable. And cybercriminals know it.
From power stations to telecommunications towers and public transport networks, cybersecurity professionals are crucially aware of the risk a successful CI attack poses – not just to their organization, but to everyone that uses these critical services day in, day out.
We asked UK and US cyber professionals about different CI attack scenarios, with each respondent citing at least one which they thought would lead the general population to panic should an attack be successful.
Over two-fifths of all respondents feared the public would panic if a cyberattack took down telecoms services, government or public websites, or prevented public transport services from operating. But for cyber professionals in the UK, disruption to personal banking is a scenario believed to incite the greatest alarm among the general public. Read the full report here.
Similarly, cybersecurity workers in the US are most concerned that a power outage would cause mass public panic – perhaps influenced by the largest publicly disclosed US ransomware attack on the Colonial Pipeline in 2021.
But, not every industry is at equal risk from the same attack vectors. In healthcare, 64% of respondents cited that “drive-by-download” and phishing attacks posed the greatest risk, while just 11% of those working in public services said the same, for instance.
So, while cyber professionals are defending against cyberattacks that could result in mass, public fear, they’re also grappling with a variety of sector-specific cyberattacks.
And even though some attack vectors are less common for certain sectors today, their use against other CI organizations demonstrates just how easily they could be redirected towards others to cause future harm,.
What does this mean for the wellbeing of CI cybersecurity pros?
Ransomware is the number one threat to Critical Infrastructure according to cybersecurity professionals – with good reason. More than half (57%) have fallen victim to a ransomware attack in the past year, with 72% admitting to paying the ransom.
As the weight of maintaining national, critical services sits on the shoulders of cyber professionals, concern can quickly escalate to panic during these circumstances.
Our research revealed exactly how this pressure effects CI cyber professionals, with over one-third reporting feelings of stress (35%), anxiety (39%) and burnout (36%).
The rapid pursuit of digital transformation combined with the heightened threat landscape has created a highly pressurised working environment – with two-fifths of cyber workers reporting the strain of securing CI has caused them to have a low morale at work (40%).
Likewise, a similar number believe that protecting CI has had a negative impact on their performance (37%), productivity at work (38%) and professional relationships (38%). (See more in the report here)
Yet, what is most concerning is the impact to the wellbeing of cybersecurity professionals. One-third report the pressure has led them to pick-up unhealthy habits, such as smoking or poor dietary habits (35%). And 37% say the situation has negatively affected their personal relationships as well, rising to 50% among UK respondents.
It’s clear that change is needed. Not only to ensure resilience for Critical Infrastructure, but to protect the people charged to secure it.
Can trust overcome fear?
Whether its public panic from a national outage on utilities or banking services, or sustained pressure leading to unhealthy habits in cybersecurity professionals, one thing is clear: there is an undercurrent of fear when it comes to Critical Infrastructure cybersecurity. But this is exactly what fuels cybercrime activity. The ability to create fear and panic brings cybercriminals one step closer to the rich rewards they see housed in CI attacks. And today’s complicated IT and operational technology (OT) environments are rife with opportunity.
The importance of cybersecurity professionals and the work they do must not be underestimated. Complexity must be reduced to improve the impact protecting CI has on the wellbeing of cybersecurity professionals, as well as enable them to secure new technologies as they are introduced alongside legacy applications and architectures.
From prioritizing cyber hygiene to embracing zero trust, understand how to better support the vital people who protect crucial, everyday services, by downloading our Panic Stations report.