Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

Critical Infrastructure Companies Face Immense Cyber Risk

down-arrow

Imagine the U.S. lost all power; transportation systems have failed; businesses have been forced to shut down, and millions of people are in a panic. No one would be able to deny the importance of critical infrastructure. Cyberattacks of late are allowing us to imagine, for better or for worse, that incidents like these, but typically at a smaller scale, are more possible than ever. The growing threat of advanced cyberattacks on critical infrastructure and industrial control systems indicates a serious challenge for organizations.

There are many critical infrastructure sectors in the U.S. from energy to transportation to health, and “their incapacitation or destruction would have a debilitating effect on national economic security, national public health and safety, etc. Cybersecurity threats impact companies, reputations as well as the ability to innovate. Therefore, the protection of all sectors is critical, and now is the time to take action.

Many of the cyber defenses used by organizations and operators to avoid attacks are outdated and ineffective, however, as hackers always seem to be one step ahead. Also, visibility within cyber teams is lacking and human error is difficult to keep track of, leaving vulnerable spots for hackers to enter.

Energy

Energy and utility organizations worldwide are focusing on cybersecurity attacks, and because without a stable energy supply the economy cannot function, the sector is a priority target for cyber terrorists.

In 2012, Saudi Aramco, a Saudi Arabian oil company, was hacked, and hackers replaced data on hard drives with an image of a burning U.S. flag. It prompted the then Secretary of Defense Leon Panetta to label the incident as a significant escalation of the cyber threat.

Between 2010-2014 hackers had stolen source code and blueprints to the U.S. oil, water pipelines, and power grid, and had infiltrated the Energy Department's networks on 150 occasions. In 2015, a cyber attack on Ukraine’s power grid left 700,000 people without electricity for several hours just days before Christmas. Strikingly, the hackers behind this incident have attempted few cyber attacks against the U.S. energy sector.

Transportation & Logistics

The transportation industry is of utmost importance when it comes to prioritizing cyber program management. According to Security Trends in the Transportation Industry (published by IBM in 2016), cybercriminals are targeting all the systems used in this industry, including navigation, tracking, positioning, and communication systems. Those who facilitate our daily use of trains, planes, ships, and automobiles are under constant attacks.

In 2014, the Chinese national train reservation system was targeted by hackers who stole customers’ personal data. In 2015, the Polish national airline, LOT, had to cancel 10 flights due to a cyber attack against the airline’s computer system at a local airport.

Earlier this year A.P. Moller-Maersk, a Danish business conglomerate with activities in transport and logistics, fell under a cyber attack. Hackers managed to damage Maersk’s computer system, and it led to disruption in transport across the globe, including delays at the Port of New York and the Port of Los Angeles.

These examples prove that without a complete security system, cybercriminals could destroy the infrastructure that critical infrastructure industries have worked so hard to build. Over the past few years, industries have begun the process of turning paper processes digital and using advanced analytics in order to meet needs, and more technology evolution leads to more doors for a cyber terrorist to enter. 

As a stakeholder in a critical infrastructure organization, where do I start?

It is important for industries to assess their cybersecurity risks and to protect themselves. An optimal way to start is to adopt a cybersecurity framework.

NIST developed the Cybersecurity Framework (CSF) to enhance the security and resilience of the nation’s critical infrastructure and is considered the fullest set of best practices for any business's cyber program. The voluntary risk-based framework compiles a set of controls to help organizations manage cybersecurity risks. As a matter of fact, all government agencies are required to use this framework for protection purposes. It creates a common language for all the stakeholders to address and manage risks.

As of 2015, 30% of U.S. organizations were using the NIST CSF, and use is predicted to rise to 50% by 2020. Only when more and more companies get on board with this framework, we can better prepare for cyber attacks. Don’t wait until the attack hits for your business's wake up call. Realizing the significance of how a framework can exponentially increase your resilience can help you immensely as you work to make your cybersecurity program more robust.

Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption

You may also like

How to Streamline Your ...
on December 24, 2024

Many industry regulations require or promote cybersecurity risk assessments to bolster incident response, but what is a cybersecurity risk assessment? For example, cyber risk ...

Alison Furneaux
CISO Reporting Structure ...
on December 23, 2024

The Changing Landscape of CISO Reporting The Chief Information Security Officer (CISO) role has evolved dramatically in recent years. Traditionally reporting to the Chief ...

How to Leverage the FAIR Model ...
on December 19, 2024

In light of the Colonial Pipeline cyberattack, measuring risk is on everyone’s minds. However, quantifying risk is often not easy. So many factors go into determining and ...

Kyndall Elliott
How to Effectively Communicate Top ...
on December 9, 2024

Effective cybersecurity reporting is more important than ever for CISOs, CIOs, and other security leaders in today's complex threat landscape. Reporting isn’t just about sharing ...

November Product Update
on November 27, 2024

The CyberSaint team has been working hard to deliver the latest updates to streamline and improve our customers’ user experience and address their top-of-mind challenges. We’re ...

Putting the “R” back in GRC - ...
on December 5, 2024

Cyber GRC (Governance, Risk, and Compliance) tools help organizations manage and streamline their cybersecurity, risk management, and compliance processes. These tools integrate ...