The nation’s critical infrastructure industries face a great deal of work to identify and protect, detect and respond, and ultimately recover from cyberattacks, even as signs of some progress emerge.
According to results of a new survey conducted CyberRisk Alliance Business Intelligence and underwritten by eSentire and the Cortex XDR team at Palo Alto, healthcare organizations came out as clear laggards: Only 28% of healthcare organizations said they had established integrity baselines of files and systems to monitor for potentially suspicious changes. And only 24% can enforce configuration baseline/policies on target systems throughout their environments with yet-to-be-mitigated vulnerabilities.
Other concerns: Just 43% of respondents in the chemical industry sector have conducted an inventory of systems and devices that hold their data. In manufacturing — also long considered a laggard — only 27% have integrity monitoring capabilities, just 22% aggregate logs into an event detection system, only 29% are analyzing logs for anomalies, and just 27% have automated or integrated security teams to stop the execution of ransomware or malware in progress.
The data released from the report are based on an online CRA survey conducted from July through September 2021. The survey targeted members of InfraGard — a nonprofit organization that serves as a public-private partnership between U.S. businesses and the FBI.
Some 380 respondents from the manufacturing, chemical, healthcare, and financial services sectors responded to questions about how well they can identify and protect against malware and ransomware attacks, as well as their ability to detect and respond to such attacks, and their ability to recover.
The Cybersecurity and Infrastructure Security Agency (CISA) defines critical infrastructure as the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on the nation’s physical and economic security, as well as on public health and safety.
One of the critical industries that has been generally slow to make the investments necessary to protect its systems has been the manufacturing industry. As manufacturers become more connected online and increasingly embrace connected supply chains, the report notes, they become vulnerable to software and network attacks. The Colonial Pipeline attack last May was a case in point.
The study pointed out that only 24% of manufacturers surveyed have effective backup recovery capabilities in place. However, 50% say they are working to get them in place soon. The chemical industry also lacks in recovery capabilities. Only 41% of chemical industry respondents currently protect their backup files, a major concern because corrupting backup files before announcing their presence with a ransom note has been a longtime attacker strategy. And only 40% of healthcare organizations have the full ability to back up their data and recover their backups based on priority, while 45% can protect their backup files and ensure those backup files remain unaltered.
On a more positive note, more comprehensive security capabilities are potentially on the way, as 45% of total respondents implemented a method of protecting backup files and ensuring that backup files remain unaltered until they are needed. Another 43 percent reported that implementation is on the way.
Even with 43% of manufacturing respondents saying they now have network protection for defense against network intrusion and lateral movement when attackers gain entry onto the network, the vast majority still don’t have such capabilities. In fact, all industries expressed frustration when it comes to the ability to identify indications of compromise, some pointing to lack of resources.
“Detection of lateral movement is difficult without proper staff or tools," said one respondent from the financial services industry.