In 2022 ensuring we are cyber secure is more important than ever. While organisations continue to adapt to the ‘new normal’ that sees many of their employees adopting remote working practices, they are also seeing an increase in the threat posed by ransomware. Ransomware – defined in the UK Government’s National Cyber Strategy as ‘malicious software that denies the user access to their files, computer or device until a ransom is paid’ has been described by the National Cyber Security Centre as ‘the most significant cyber threat facing the UK’.
For no sector is this more the case than for our Critical National Infrastructure (CNI). According to the World Economic Forum, more than 60% of ransomware attacks target industries with critical infrastructure, including healthcare, utilities, and manufacturing. In May 2021, a ransomware attack on the Irish Health Service executive caused over 10 days of disruption to hospital and healthcare IT networks; while the Government of Costa Rica’s Treasury had to undertake all its processes manually following a ransomware attack in April 2022. In the same month, the United States’ Government agencies issued a statement urging critical infrastructure organisations to step-up their cyber security posture, as hackers were reportedly creating new tools specifically targeting their industrial control systems and supervisory control and data acquisition devices.
But with the current complex geopolitical environment, including Russia’s invasion of Ukraine and warnings from the head of MI5 on increased cyber threats emanating from China, it is not only their own systems that organisations need to consider. The potential for state-sponsored attacks and industrial espionage is high, and while our systems might be protected, what about those of our suppliers? Whether the attack is on the energy provider that delivers the power to drive operations, or the logistics company that transports products to customers, any attack could have a knock-on effect, causing as serious an impact upon a company as an attack upon its own organisation. To understand the risk, and to ensure resilience and business continuity, we must also consider the cyber security of the organisations that provide us with services.
The key role that CNI plays in supporting society means that keeping operational systems safe from attackers is not just important, it’s essential. In this year’s Secure by Design magazine, our experts consider the challenges we face to keep our operational technology and CNI secure from cyber attack – and suggest that we need to work together to achieve this. From identifying the business processes and the assets that our cyber security needs to protect; to delving more deeply into the specific issues facing rail, wind and electric vehicles; to exploring the threats facing physical security systems. I hope you enjoy reading them – please do get in touch if you’d like to discuss any of the issues raised.
Read the magazine here: Secure by Design 2022