Cyberattacks and The Security Professionals - The Cat and The Mice

34 - Cyberattacks and The Security Professionals - The Cat and The.jpg

Cyberattacks and The Security Professionals - The Cat and The Mice

34 - Cyberattacks and The Security Professionals - The Cat and The.jpg
Publish Date : 07-01-2024
Tags :
Author : Open-CISO

Cyberattacks and The Security Professionals - The Cat and The Mice

Critical Infrastructures incorporate assets, strategic networks, and core systems that can be digital or physical and are vital to a community or a nation. Moreover, they are so significant that any damage or corruption could have a debilitating effect on the nation's physical security, economic sustainability, and public health. As defined by the Cybersecurity and Infrastructure Security Agency of the United States, there are 16 critical sectors which range from nuclear reactors to commercial facilities. As a cybersecurity professional saddled with the responsibility of ensuring the cybersecurity of these critical sectors, there are things to know and do, which we shared in this article. For instance, prevention, identification, and discovery of threats and deterrence need to be tactfully balanced and coupled with a formidable response strategy, damage control, crisis management, and a recovery procedure after an imminent attack. This is not child's play, as you need to understand the present expanding threat landscape and how malicious players think and act. Why Are Cybersecurity Professionals Finding it Hard to Securing Critical Infrastructures? Threat actors are going after critical infrastructures because they are systems leveraged by stakeholders and the government to secure other assets. According to IBM X-Force discovery, attempts made by cybercriminals on Industrial Control Systems and other OT infrastructures increased by over 2000% between 2018 and 2019. NETSCOUT, a few months later, also reported about 1,780 DDoS attacks on utilities globally between June and August of 2020. These discoveries only raise pertinent questions, "Why are cybersecurity professionals finding it difficult to secure critical infrastructures?" 

Internal Resources

Many organizations lack the required internal resources to achieve their security objectives, such as trained cybersecurity experts. For example, a survey conducted by (ISC)2 revealed a gap of 4.07 million security-related positions yet to be filled. As a result, companies need cybersecurity professionals to execute their cybersecurity objectives. 

Threat Landscape

The OT Threat Landscape is huge when compared to that of IT. Interestingly, most organizations that manage critical infrastructures have yet to upgrade to the latest technologies. Malicious actors can exploit this weakness in legacy systems to hijack these critical assets.

Breach Detection

Cybersecurity professionals need to monitor any anomalies on OT networks in real time. Most organizations leverage agent-based solutions to do this. In the event of breach detection, OT assets might need to be shut down to be updated and upgraded. This downtime can affect or undermine the economy, public safety, or national security. 

Skill Gaps

The skill gap in the cybersecurity industry is getting widened. Organizations don't have the requisite skills to secure OT systems and networks. A Dimensional Research study revealed that 83% of cybersecurity professionals are getting worked out in 2020. Most security experts are trained in reactive cybersecurity, not detective or proactive. 

Not being Proactive

Cybersecurity professionals need to be proactive with ICS security. They must monitor the operational environments in real time for threats and detect them before they cause damage. 

5 Ways Cybersecurity Professionals Can Help Secure Critical Infrastructure

Securing critical infrastructures should be a top priority for cybersecurity professionals to avoid infiltration by cybercriminals, leading to data loss, corruption of files, and damage to computer networks and systems. This will result in spending some resources to fight back these attacks and recover the system from cyber attackers or hackers. The following strategies are possible ways to help do this. 

1. Have a skillful cybersecurity team

Investing in safeguarding your organization's computer systems and the network would go a long way to avoid the hassle of dealing with data breaches or malware invasions. Investing in cybersecurity begins with forming a solid team to oversee your organization's computer network and system security. Your cybersecurity team should be made up of proactive, talented, and skillful professionals to focus majorly on the cyber health of the organization and the development of a robust risk management approach to any cyber-attack or threat. 

2. Practice Information Security Standards and ensure Compliance

Compliance with security standards is a big concern for enterprises and public organizations today. Aside from regulatory standards such as HIPAA, PCI DSS, and ISO 27001, which prescribed recommendations for protecting user data and enhancing cybersecurity management at the enterprise level, there are standards also outlined by the National Institute of Standards and Technology (NIST). The two recent guidelines are Security Measures for EO-Critical Software Use, which detailed the measures for utilizing critical software such as: 

  • Network Segmentation 
  • Applying Practices of Least Privilege 
  • Proper Configuration. 

The second guidance is Recommended Minimum Standards for Vendor or Developer Verification (Testing) of Software Under Executive Order (EO) 14028. This guidance outlines the basic standards for developers and vendors in verifying software. Cybersecurity professionals must guide and interpret these new guidelines for their organizations and ensure vendors and employees practice them. Examples of information security controls are establishing physical access controls such as security guards at building entrances, locks, close circuit security cameras, and perimeter fences, creating cybersecurity controls and policies within the organization, and encryption of sensitive data, amongst other controls. 

3. Get everyone in the organization involved

The success of cybersecurity doesn't lie solely on the shoulders of the cybersecurity team in your organization. It is the duty of every staff or team member who has access to the organization's computer network and system to participate in activities that promote securing critical infrastructures within the organization. This can be done by organizing a security awareness education and security framework compliance training for all team members. 

  • An extensive Incident Response Plan along with Playbooks [reviewed & validated] 
  • Creating privacy laws and standards to minimize security risks and 
  • Activating multi-factor user authentication at login. 

4. Adopt effective cybersecurity practices 

There are certain cybersecurity practices that cyber professionals are engaged in to secure critical infrastructures. These practices can also be adopted across every team in an organization. These practices include: 

  • Installation of the software from a trusted source: Whatever software needs to be installed on the organization's system should be from a trusted source to avoid granting malware access to infect the system. 
  • Installation of antivirus software to scan the devices, detect threats and remove malicious software. 
  • Deploying the firewall, password, and data encryption processes. 
  • Installing software that is capable of alerting you of possible cyber security attacks like phishing. 
  • Ensure that all connected devices are secured and free from threats. 
  • Monitor the connected devices' communications, Internet Protocol, and other activities. 
  • Updates systems and applies patches across the organization, including servers and endpoints. 

5. Strengthen communication patterns within and between teams

Ensure that a communication platform supports the quick dissemination of information between the cybersecurity team members and other organization members. This will allow the cybersecurity team to stay in touch with other team members, give them updates about the threat landscape and equip them with the right cybersecurity tools and technologies to use. Also, they would be able to guide the non-IT members on how to use these tools to overcome cyber-attacks. The financial cost and resultant effect of overcoming cyber threats and attacks are enormous. However, this can be mitigated by a combination of strategic, wholesome, and proactive plans and actions to ensure tight and secured cybersecurity. These plans are to be evaluated regularly to check for efficiency and effectiveness. A report by Deloitte on Critical Infrastructure gives insight into how critical infrastructure protection programs address only physical threats. Unfortunately, this makes the network vulnerable to other cyber threats, such as service disruption and public safety concerns, amongst others. 

Colonial Pipeline paid cybercriminals around $4.4 million to restore their systems. However, attacks on critical infrastructure may have more devastating consequences. The first death directly linked to a cyber-attack was in September 2020, when a woman died in a local hospital in Germany because a ransomware attack delayed her treatment. As critical infrastructure providers come into the 21st century, cybersecurity should be a top priority for leaders and stakeholders in the industry.

Stick to Basics, Plan and Practice