With growing geopolitical tensions, critical infrastructure organisations across industries including finance, energy, transport and healthcare face increased risk of targeted cybersecurity attacks.
In 2021, the Colonial Pipeline in the United States was shut down by a ransomware attack, causing fuel shortages and panic buying.
More recently, healthcare firms in particular have been under fire. In February this year, a ransomware attack on Change Healthcare incapacitated the medical billing process in the US, making it the most recent in a slew of similar attacks.
These events have highlighted the significant impacts of cyberattacks on critical infrastructure organisations and have further emphasised the fundamental need for secure networks.
Attacks on critical infrastructure organisations
Cyber attacks fall into two categories, either they are financially or politically motivated.
Due to the monetary motives underpinning the reasons behind most cyber-attacks, financial institutions have long been the primary target. But now, a rise in attacks on healthcare organisations denotes that attackers are seeking to glean sensitive information they can sell on the dark web.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataSpeaking to Verdict, Ross Brewer, vice president and managing director for EMEA of threat detection and incident response company Graylog, explained: “If you look at the private health care data, which is a sort of an extension of PII (personally identifiable information) private data, it’s more valuable in the underworld as far as what you can sell a record for, that’s got health-related data that could be embarrassing.”
Brewer notes that valuable data can also be found in unexpected sectors like transport. Compromised digital information and IP addresses can, for example, reveal the locations of containers, stock and delivery addresses, which can be interrupted and extorted.
There are also various government-sponsored criminal groups with more “sinister” geopolitical motivations. These attackers will launch low-level attacks and slowly infiltrate systems then lie dormant until a need to attack presents itself. Taking a “low and slow” approach enables attackers to go undetected for a long period of time.
Such attacks have the potential to be used as an act of aggression and could bring the energy supply of a nation to its knees if grids are targeted.
“They’ll slowly compromise these systems over a period of time,” says Brewer. “They’re using some interesting vulnerabilities that are not as common. In some cases, they might use sub-zero-day exploits, which typically means that there’s no available fix at the time.”
The cybersecurity industry is now increasingly identifying hackers embedded into critical infrastructure organisations, such as healthcare, power and water companies, as well as in banks and telecommunications, Brewer says.
The importance of identification and mitigation
Graylog is seeing cyber attackers increasingly turning to supply chains, targeting cloud and technology providers, asymmetric digital subscriber lines or home routers as entry points for ransomware and distributed denial of service (DDOS) attacks.
As the integration of cloud platforms and the sharing of information across many different applications has increased in the last ten years, Brewer emphasises that application programming interfaces (APIs), must be monitored effectively.
Alongside this, he adds that hackers frequently leverage open-source communities or buy an open-source capability to insert malicious code into a trusted technology as an entry point.
“Before users know it, there are backdoors creeping into their systems,” he says.
Brewer explains that Graylog works to detect threats in an “embryonic state” and stop suspicious activity before it gets too far, essentially catching a crime that is about to be committed. Security information and event management (SIEM) solutions like Graylog monitor large volumes of data and events to “separate the signal from the noise”, identify threats and then respond according to prebuilt playbooks. Automated responses can range from resetting passwords when suspicious activity is found to reimaging compromised devices.
A central element in cybersecurity is accuracy over specifically what data and how much of it has been stolen.
Recent court proceedings over the Change Healthcare cyber-attack revealed that even after paying a $22m ransom, the company remains unclear on whether the hackers still possess sensitive patient information.
Brewer describes Graylog as the “eyes and the ears and the monitoring capability” of organisations, helping them identify exactly what information has been compromised and the next necessary steps.
Regulation, digital hygiene and compliance
The EU’s Cyber Resilience Act (CRA) and the Network and Information Security (NIS) 2 Directive are both setting the tone and standards for contemporary cyber security standards and digital hygiene.
The EU’s CRA takes into account the cybersecurity of both hardware and software, addressing insecure entry points such as internet-of-things devices.
“You don’t have to be a manufacturer in Europe but if you want to sell into Europe, then you’ve got to take cybersecurity seriously,” explains Brewer. “You’ve got to build in cybersecurity at the design stage, you’ve got to make sure that you are treating the customer data and most importantly, you’ve got to make sure you’re only capturing appropriate data.”
While Brewer sees these regulatory frameworks as an important step towards raising the bar, he fears that often with compliance companies treat it as a checkbox exercise. This can make the outcome of regulation less effective, falling short of the intended purpose. He stresses that “it’s a good first step but it’s not the end game”.
NIS2 aims to boost the overall level of cybersecurity within EU critical infrastructure. Discussing how this can be achieved Brewer adds that organisations need to focus on maintaining good digital hygiene, ensuring they use technologies in the way they are meant to, continually monitor their systems to identify problems and gather forensic data. These steps could help businesses avoid disruption from breaches and loss of critical data.
International cooperation
While good digital hygiene has been recommended for decades, Brewer states that when it comes to the gravity of cyber breaches on critical infrastructure organisations, there needs to be a culture of international cooperation.
“I think the critical infrastructure organisations need to work very closely with their country’s intelligence agencies and law enforcement, and try and collaborate as much as they can on a cross-nation, cross-industry basis,” he says.
“What I mean by that is, all the water companies from around the world should be exchanging information about cyber incidents and remediation with companies around the world, not just the ones in the UK. I also think there needs to be more collaboration across intelligence and law enforcement.”
“Since the NIS2 directive talks about the computer incident and emergency response teams having similar standards across all the European countries, I think it would be helpful to do more knowledge sharing on a global basis within industries.”