When it comes to protecting the UK’s Critical National Infrastructure (CNI), achieving sustainable cyber resilience is vitally important as this ecosystem of enterprises largely contributes to the lives of all UK citizens. The CNI is essential as it provides everything to maintain the nation’s energy providers, financial services institutions, hospitals, and much more, writes Dirk Schrader, pictured, Global VP of Security Research at the data security product company Netwrix.
Upholding the standards of cyber resilience to protect the CNI and other critical infrastructures from cyber threats should be an ongoing priority for Government and industry leaders. When considering what is truly at risk, how can these organisations ensure the sustainability of their cyber resiliency over time?
The prime targets
Cybercriminals and their chosen methods of attack are becoming increasingly well organised and highly sophisticated. With the tremendous amount of vital data, wealth, and overall turmoil that can be gained by attacks on banks and hospitals, hackers have shown particular interest in targeting the UK’s critical infrastructure. These attacks have the potential to effect entire regions that, if successful, can result in a damaging ripple effect, not least to essential services that can lead to the disruption of crucial resources, such as water and energy. This is highly concerning as severe interferences to these services can put citizens at risk and cause significant damage to the UK economy too.
Targeted cyberattacks on critical infrastructure providers are a looming fear, with vital sectors such as healthcare, Government, and transportation in the direct line of fire. The UK’s National Cyber Security Centre (NCSC) recently revealed to have defended against 777 major cyberattacks, breaking a new record in 2021. A significant amount of these attacks were targeted against the UK’s public and private sectors within the CNI.
Protecting what is important
To get ahead of potential cyberattacks, it is imperative for critical organisations to reconsider their cybersecurity approaches and aim for practical, yet effective, long-term solutions to protect the nation’s infrastructure. Even the most seemingly insignificant vulnerabilities within a digital environment could be all that is needed for cybercriminals to launch an attack and infiltrate critical systems.
In May 2017, the cybercriminal group WannaCry sparked major concerns after successfully deploying a malware attack on the NHS via a vulnerability within its systems. This came as a massive shock to the NHS, as it was very clear just how unprepared it was to withstand the force of such an attack. Several years since, the consequent effects of the EternalBlue malware that was deployed are still being felt even now. According to Shodan research, it has revealed that countless devices within the NHS systems currently remain vulnerable to another attack of this magnitude if it was to reoccur.
Despite being informed about the faults within their cybersecurity and the attack being widely covered in the media, many organisations have still failed to make the necessary changes. Worryingly, millions of pieces of sensitive patient files and network vulnerabilities are left strewn about the internet, ready for cybercriminals to exploit due to the wide scale inaction by those who are meant to stop it from happening.
Sustainable cyber resiliency
A big problem with CNI organisations is that they tend to react to their cybersecurity faults only after the damage is already done. In some cases, there are those that are completely unaware of what resources lay within their systems – many of which can be easily accessed by an attack. Instead, it is always best to take a tactical and reactive approach to addressing system vulnerabilities and enable security protections as soon as possible – as a measure of precaution.
In general, to achieve sustainable cyber resilience, critical organisations need to protect themselves pre-emptively and proactively from emerging cyberattacks. Through creating a system aimed to recognise, categorise, prioritise, and fortify all the vulnerabilities throughout IT infrastructures, organisations are sure to sustain their security measures over a prolonged period of time. Especially as many organisations’ workforces have enacted remote and hybrid work models, implementing a sustainable cyber resilience system could not come at a better time.
CNI services, government institutions and infrastructures must be able to successfully ward off cyberthreats and regularly match new levels of attack methods as they develop. As we face an increasingly digitalised world, with cyberattacks onto the nation’s infrastructure becoming more frequent and dangerous, achieving sustainable standards of cybersecurity has never been more important.