Recent high-profile attacks on critical infrastructure (CI), such as the Colonial Pipeline attack in 2021 which resulted in fuel shortages across the East Coast of the US, have highlighted the possible consequences of what could happen if cybersecurity fails. This isn’t lost on the cybersecurity professionals charged with protecting that infrastructure, for whom the impact of cyber-attacks is a real, ongoing concern.
The threat landscape in which they operate is becoming increasingly complex, however, and the attacks they have to deal with increasingly sophisticated. There’s an urgent need, therefore, for cybersecurity professionals to follow a set of best practices to ensure CI is properly protected.
New Risks and Challenges
The digital transformation of CI has delivered several advantages, including improved efficiency, productivity, and sustainability. At the same time, though, the rapid implementation of new technologies has also introduced new risks and challenges. Greater connectivity and a higher volume of devices demand new approaches to security, for instance, while traditional methods for air gapping between IT and OT networks can’t be applied to new concepts, like smart grids.
Threat vectors are becoming more complex, too, and will vary depending on what type of CNI is being targeted. According to Forcepoint’s recent study, ‘drive-by-download’ and phishing attacks are seen as the biggest risks to healthcare organizations, while the greatest threats to energy companies are ransomware, IoT-based attacks, and DoS and DDoS attacks. But such threats are not exclusive to these particular industries. While some attack vectors may be less common against certain sectors today, their use by threat actors against other CI organizations suggests they could easily be redirected elsewhere in the future.
Fortunately, there are steps that CI cybersecurity professionals can take to limit this complexity and reduce the burden they face.
1. Make Cyber Hygiene a Priority
Following a set of precautionary cyber hygiene measures is fundamental to maintaining an organization’s security, and that that of its users, networks, devices, and data. Therefore, it is vital that cybersecurity professionals ensure they not only have the right practices in place for ensuring the security of their networks and the safe handling of data, but that those practices are constantly maintained and updated as digitalization continues to transform their organization’s IT and OT environments.
2. Simplify in the Face of Complexity
As an organization’s IT and OT environments expand, and the threat landscape becomes ever more complex, so the number of tools needed to manage security increases. But the integration of every new tool increases the risk of a potential crack in the armor. It’s little surprise, then, that 44% of CNI cybersecurity professionals – and 50%of CISOs - want to cut down on the number of tools they use. Consolidated security platforms are a way of simplifying matters, helping to reduce the number of tools required to manage an organization’s security posture.
3. Embrace Zero Trust
Embracing the philosophy of ‘never trust, always verify’ will help frustrate any threats that have already infiltrated an organization’s network, and make it more complicated for attackers to achieve their aims. More than two in five (42%) cybersecurity professionals believe encouraging the entire organization to adopt a zero-trust framework - encompassing a range of different technologies and best practices that center around reliably knowing who’s trying to access or use data, and whether they have permission to do so - would help reduce the pressure of securing CI.
4. Secure the Route to the Cloud
Seven out of 10 CI organizations are either currently working on or planning projects in the public or private cloud over the next 24 months. It is unsurprising that 46 percent of CNI cybersecurity professionals would like to introduce better air gap security to protect the route to the cloud. It’s important, therefore, to adopt a zero-trust security posture for all inbound content arriving at the enterprise network from the cloud – whether via email, web, file upload, or social media. Establishing a modern air gap between connected networks and services in this way will eliminate the risk of known and zero-day attacks concealed in file-based malware before they enter the network.
5. Implement Secure Data Flows
An organization’s data is among its most valuable assets. But the interconnectedness of IT and OT networks puts the safety of that data at risk, requiring cybersecurity professionals to secure the flows of data between networks and devices. Creating one-way data channels between trusted and untrusted networks, for example, means data can be received, but is never permitted to exit, thereby minimizing the risk of data exfiltration by malicious external parties, and helping to further reduce the challenge of securing CI.
Cybersecurity professionals working in CI today face a complex and increasingly sophisticated threat landscape. Ensuring the security of an organization’s network, the devices connected to it, and the data that flows through it, can be hugely challenging. Fortunately, though, new technologies and best practices are available that, if properly implemented, can help ease the burden and keep CNI safe and secure for all who rely on it.
Simplifying complexity will be key to improving resiliency in the face of sustained digital transformation.
Navigate the high tech and high threat environment to protect your organization’s critical assets by downloading Forcepoint’s Panic Stations report.