In recent months, high-profile cyberattacks across the world have reaffirmed the very real threat on Critical National Infrastructure (CNI). From the breach of South Staffordshire Water by cybercriminal gang, Cl0p, to the attack on Finland’s Parliament following moves by the U.S. to admit the country to NATO, the threat landscape that CNI cybersecurity professionals are operating in is becoming increasingly hostile.
Indeed, new research from Forcepoint found 65% of U.K. and U.S. CNI organizations have fallen victim to a cyberattack and 57% to a ransomware attack in the last 12 months alone. But as we begin to unpack the reasoning behind the high volume of attacks, it becomes clear that there is not simply ‘one’ factor driving the high volume of attacks, and instead, a myriad of factors all adding to the severity and complexity of the challenge of securing CNI. – This is a damning insight unearthed by Forcepoint’s ‘Panic Stations’ research report.
The extensive cyber threat landscape
Research from Forcepoint found that cybersecurity professionals were concerned about the impact of the heighten geopolitical climate on the cyber landscape. When asked which threat actors concerned them the, CNI cybersecurity professionals were most concerned by cyber gangs – such as Fancy Bear or Gothic Panda – demonstrating their capabilities, acts of political retaliation, ‘hacktivists’, and by acts of cyber warfare.
Ransomware is perhaps unsurprisingly perceived to pose the greatest risk to CNI. This attack vector was behind cyber gang, Darkside’s attack on the Colonial Pipeline in 2021, which halted operations of its 5,500 miles of pipeline on the U.S. East Coast and caused temporary fuel shortages that directly affected 12,000 gas stations. The risk of disruption to essential services that ransomware attacks on CNI can provoke means that - despite guidance given by both the British National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) against it - a full 72% of those CNI professionals who admitted their organization had fallen victim to a ransomware attack admitted to having paid the attackers.
But risk posed to CNI is far greater. Cybersecurity professionals report a diverse threat landscape, with certain sectors seeing heightened risks from certain forms of attack. In healthcare, for example, cybersecurity experts are most concerned about “drive-by-download” attacks and phishing, whereas in energy, they are most concerned about ransomware, Internet of Things (IoT)-based attacks, and DoS and DDoS attacks.
Digital transformation adds to complexity challenge
CNI organizations across the globe are turning to digital transformation to modernize and reduce legacy systems and processes. The Panic Station’s Research Report found that 90% of CNI organizations in the UK and US have either recently completed a digital transformation project to modernize legacy systems and applications, or will launch one to do so within the next 24 months. Similarly, there is a significant shift towards both public and private cloud with 71% of CNI organizations currently working on or planning projects in the public cloud or private cloud over the coming 24 months.
In addition to the raft of advantages that digital transformation has brought, such as increasing efficiency and productivity, it has also introduced new risks.
Indeed, the increasing complexity of this new IT and OT (operation technology landscape) is concerning many cybersecurity professionals, particularly the need to secure technologies that are new to the organization, do not have a strong security posture, or are difficult to secure. And the increased complexity is not aided by the talent crisis. CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), reports that in the US that there were over 700,000 cybersecurity job openings for support between May 2021 and April 2022. A staggering figure when you consider the total cybersecurity workforce in the US currently only totals just over one million.
We need to be in this together
As we start to better understand the pressures being placed on those responsible for securing CNI, we need to turn our attention to finding solutions that provide support for those struggling. In this hostile and evolving threat landscape, it is critical to take steps now to guarantee a more sustainable, secure and safe future for all.
This means finding ways to reduce the complexity burden on cybersecurity professionals. Indeed, the complexity of the threat landscape and the IT and OT environments that they must secure is adding to the number of tools and processes they are required to manage. In fact, when asked what aspect of the current cyber threat landscape caused CNI cybersecurity professionals to worry the most, the challenge of managing more complex security solutions was superseded only by concerns of the Russia-Ukraine war increasing the risk of cyberattacks.
Simplicity must be at the centre of the fight against this hostile cyber threat landscape and in overcoming the challenges posed by the changing technical environment. Maintaining a strong security posture with less complex solutions will not only make it more manageable for those charged with protecting it, but will help keep CNI infrastructure more secure.
To understand this complex threat landscape for National Critical Infrastructure, download the Panic Stations report.