Attacks on critical infrastructure used to be the sole domain of nation states. With hacking groups entering the fray, defence has become even more crucial.
In recent months we've seen a surge in criminal attacks on critical infrastructure worldwide, as sophisticated hacking groups attack Industrial Control Systems (ICS) to affect a country's population; for example, targeting power grids and water systems to physically harm civilians.
In October 2023 alone, about 100,000 ICS were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorised access. Included among them were power grids, traffic light systems, and security and water systems impacting 96 countries.
At the end of last year, US officials said the Chinese military had hacked into the system of about two dozen critical entities in the US over the past year, including a water utility in Hawaii, a major West Coast port, at least one oil and gas pipeline and the Texas power grid.
Until recently, attacks on ICS were mostly initiated with nation-state backing, led by countries such as China, Russia and Iran. But today, these types of attacks are also launched by criminal groups.
The rise of ransomware-as-a-service streamlined the hacking process so that now, even those with minimal hacking experience can utilise advanced ransomware programs by paying a relatively small fee to malware creators. This has led to a surge in hackers actively engaging in cybercrime. Companies with manufacturing capabilities, in particular, have become popular targets of this type of activity.
Similarly, supply chain attacks have typically been associated with nation-state sponsored groups. However, here, too, cybercriminals have started to adopt this attack vector, exploiting vulnerabilities in supply chain vendors to gain unauthorised access and infiltrate critical infrastructure organisations.
With the danger of attack on critical infrastructure rising, the question is how companies can protect themselves. Here are three key ways IT security leaders can mitigate risks:
1. Cloud security transformation
Transitioning to cloud-native security is an important step in reducing risk and staying secure, as organisations modernise their infrastructure and environments. Handled correctly, a cloud-native security environment can help organisations anticipate, adapt and respond to cyber threats with full transparency in an increasingly connected world.
2. Risk-based incident response planning
Because no approach to cybersecurity guarantees full protection, preparing an effective, rapid response to attack in advance is crucial to protecting an organisation's assets. Developing and maintaining an effective incident response plan enables companies to respond to threats quickly, to minimise their potential business impact.
An effective incident response plan should be built around a risk-based approach. It should map an organisation's top business risks with realistic attack scenarios, address "best practices" for remediation across the entire incident life cycle, and define a target response window of acceptable loss.
The plan should also include periodic risk assessments, perform systematic analysis and containment for security breaches, and utilise monitoring systems and dashboards to monitor and identify security incidents.
3. GenAI-powered security
Implementing generative AI (GenAI) into an organisation's cybersecurity strategy and implementation facilitates a deeper understanding, helping companies navigate the complexities of today's cyber threat landscape. But it isn't always easy.
It may be faster and more convenient to outsource the work to an advanced Managed Detection & Response (MDR) provider, which leverages GenAI to provide customers with faster threat detection, reduced dwell time and quicker, more effective response.
Moreover, utilising GenAI ensures that the organisation's cybersecurity needs continue to be met while, at the same time, freeing up internal resources to stay focused on their core business activities.
As geopolitical tensions continue to escalate between the US, Russia and China, as well as in the Middle East, and cyber-criminal groups become more capable and confident, it has never been more important to consider how your organisation is protected against critical infrastructure attacks. Now is the time to start assessing your organisation's risks and taking steps to implement the appropriate detection and response measures.
Yuval Wollman is president at CyberProof - a UST company. Previously, Yuval spent a decade-long career in the Israeli public sector, where he served most recently as Director-General of the Israeli Intelligence Ministry and became the senior economic adviser to the Finance Minister and Chief of Staff. He is also a certified lawyer and adjunct professor at Tel Aviv University Business School.