Get Your Free Risk Report Today
  1. Home
  2. /
  3. Resources
  4. /
  5. Blogs
  6. /
  7. How Critical Infrastructure Can...

How Critical Infrastructure Can Balance Business & Security

What is Critical Infrastructure and Why is it at Risk?

A data breach targeted at a normal organization could be catastrophic for its operations. A data breach targeted at a critical infrastructure organization could be catastrophic for the entire country. 

To understand why, we must first understand what comes under its scope. Critical infrastructure (CI) involves all the organizations, systems, and structures that form the backbone of a nation’s economy, health, and security. A wide range of sectors come under critical infrastructure –  from dams to defense, from energy services to emergency services, from food & agriculture to financial markets. A breach in critical infrastructure could lead to economic crisis, public disorder, and even loss of life. 

The bad news is? Attacks against critical infrastructure are growing. A study by KnowBe4 saw that global critical infrastructure faced over 420 million cyberattacks between January 2023 to January 2024. That equates to about 13 attacks per second. And they are increasing not just in frequency, but also financial severity – the IBM 2023 Cost of Data Breach Report puts the average cost of a data breach involving CI at $5.04 million, which is $1.26 million higher than the overall average.

The attacks are increasing, because the range of threat actors is wider. In general, private organizations mostly face attacks from financially motivated hackers. For CI, there are a lot more antagonists in the picture:

  • State-sponsored attackers from other nations who are perpetually engaged in cyber-warfare
  • Attackers from rogue groups that engage in cyberterrorism
  • The same financially motivated attackers involved in cybercrime
  • Insider threats from disgruntled or rogue employees

Business vs. Security: A False Dichotomy in Critical Infrastructure

Amid these escalating attack vectors, CI organizations are faced with a multitude of challenges:

  • They may employ older legacy systems that have outdated security standards, leading to major vulnerabilities that attackers can exploit.
  • CI systems are highly interconnected. A breach in one specific part of the ecosystem could have serious ramifications for everyone involved, especially if there are improper access controls.
  • You cannot scan for vulnerabilities in a CI ICS the same way you can for a virtual IT environment, because doing so can take industrial systems offline and bring down operations. It is imperative to maintain business continuity in critical infrastructure.
  • Digitization in these sectors has led to the use of many insecure, misconfigured IoT devices that are prone to attack.
  • Most CI organizations have to adhere to myriad regulations that can prove to be a big challenge. Most recently, SEBI released an exhaustive Cyber Security and Cyber Resilience Framework (CSCRF) that features several mandates for all its regulated entities in the financial markets to follow. You can read more about that here.
  • Finally, and most relevant to this blog, the majority of critical infrastructure is privately held. Cybersecurity is often treated as a hindrance to operations, so there is a perpetual tug-of-war between business vs. security.

The truth is, that the battle between security vs. business operations in critical operations is a myth. Business operations will cease to exist without proper security measures in place, and our entire way of life could be compromised as a result.

Here’s the good news –  the best cybersecurity programs (like ours!) help optimize your operations, through benefits like automated processes, unified oversight, and data-driven insights. The rest of this blog will focus on how to secure critical infrastructure by exploring several infamous attacks in the sector and taking the learnings from them to construct CS programs that will give your organization an extremely strong security posture.

Lessons from Infamous Critical Infrastructure Cyberattacks

The 2016 Ukrainian Power Grid Attack

Long before the Russia-Ukraine war broke out and became an insidious battle to weaken each other’s critical infrastructure, Russian hackers successfully conducted an attack back in 2016 that left over 700,000 Ukrainians without power in the middle of the winter. What’s interesting about this attack is that it was not conducted by exploiting one particular vulnerability. Hackers used a multitude of tools & tactics to succeed, including KillDisk, credential theft, remote access exploits, spear phishing, and DoS telephony attacks.

Lessons Learned: Simply put, cybersecurity is not something where one solution fits all. You have to incorporate defense-in-depth, which involves using multi-layered security systems (IDS, firewalls, stringent access control, encryption tools, etc.) for more responses to different kinds of cyber threats.

The AIIMS hack

For the next example, we look at an incident closer to home. In 2022, AIIMS Delhi saw 5 of its 100 servers breached through ransomware, leading to the attackers possessing 1.3 terabytes of sensitive hospital data. But more than that, it created absolute panic across the ecosystem and severely impacted business operations – appointments got muddled, treatments got delayed and the hackers demanded Rs. 200 crore to remove the ransomware. After the Indian Computer Emergency Response Team (CERT-In) got involved, the cause of the breach was determined to be improper network segmentation.

Lessons Learned: In such an interconnected environment, network segmentation is crucial to mitigate the fallout should an incident occur. This countermeasure helps contain the breach to that particular area in your system, making it impossible for attackers to move around the network. We at iValue have industry-standard network segmentation solutions like VMware NSX as part of our suite, which help isolate critical systems while enhancing security controls.

The Colonial Pipeline Attack

This breach is particularly infamous in the critical infrastructure world because of how widespread the fallout became. Colonial Pipeline was essential to distributing oil across the East Coast of the US, covering 5,500 miles from Texas to New Jersey. Hacker group DarkSide got in through an exposed password of an employee for a VPN account, which was the same password used for other accounts. 

The rest is history – Colonial Pipeline paid close to $4.4 million in Bitcoin for a decryption key, but by that time, nearly 11,000 gas stations were still out of gas, and the average cost for fuel per gallon became the highest it’s been in over 6 years. It led Joe Biden, POTUS at the time, to sign an executive order demanding better cybersecurity measures in CI soon after.

Lessons Learned: Attackers these days don’t hack in – they log in. This makes stringent access control imperative to ward off threats. In the case of the Colonial Pipeline, the attackers gained access and immediately self-elevated their privileges to access the most sensitive information. This can be avoided by a watertight Privileged Access Management solution, like the one we have with CyberArk. This state-of-the-art solution reduces the risk of unauthorized access by continuously monitoring all your privileged accounts.

The Change Healthcare Breach

This can be described as the cyberattack of 2024, with the President of the American Health Association claiming that the attack is “the most significant and consequential incident of its kind against the US healthcare system in history.” Change Healthcare is one of the largest health payment processing companies in the world, accounting for nearly 40% of all claims with over 15 billion medical claims every year. The attack led to a backlog of unpaid claims, which resulted in hospital cash flow problems that seriously threatened patients’ access to care. AHA reports that nearly 94% of hospitals have experienced financial repercussions from the cyberattack.

A subsequent Senate hearing revealed that the reason for the attack was because Change Healthcare wasn’t using multi-factor authentication in its processes.

Lessons Learned: For industries dealing in essential operations, MFA is a must. Otherwise, the only safeguard between an attacker and your system could be a weak, reused password. However, not all factors in multi-factor authentication are created equal. Through solutions involving physical passkeys and biometrics like Yubikey, OpenText NetIQ, and RSA SecurID, iValue enforces strong authentication in your ecosystem.

As a final word, we’d like to point out that critical infrastructure security is paramount in such a dynamic, complex, heterogeneous environment, with multiple threat vectors and serious challenges. However, an end-to-end, mission-critical solution like the one iValue provides can not only fortify your organization’s security but also transform your operations. 

Long story short, our solutions never make you decide or compromise between business and security. Instead, it optimizes both aspects, together.

Authored by

admin

Similar Posts

Understanding CSPM And DSPM

If your business follows a cloud-first model, like most of today’s organizations choose to, you’re probably constantly looking for new ways to strengthen your security posture. During this search, you

Read More »
December 2, 2024

Search

Categories

 

At iValue, we recognize technology as both an ingredient and catalyst for growth and transformation.

Linkedin Facebook Twitter

Corporate

Explore

Locations

Newsletter

Subscribe to our newsletter and stay up to date with all events coming straight in your mailbox:

Scroll to Top

Welcome to iValue Group

Locations

Global

Bangladesh

Singapore

Cambodia

Sri Lanka

Contact Us
Linkedin Facebook Twitter