Despite the incessant headlines and mainstream attention over the last year, we’re very far from seeing the end of the ransomware epidemic. With ransomware groups successfully targeting organizations of all sizes and industries, this unscrupulous business model has evolved into an incredibly sophisticated and organized worldwide cybercrime operation.
Critical infrastructure organizations are well-acquainted with cyberattacks, dating back to the Saudi Aramco incident, but the increasing sophistication and frequency of attacks are a warning that the industry remains an attractive target to a variety of threat actors. Last year’s Colonial Pipeline incident put the industry in the international spotlight, and private and public sector leaders alike continue to call for improved security posture to prevent another attack. As part of these continued efforts, CISA’s latest joint cybersecurity advisory highlights the urgent actions organizations must take to protect themselves from high-impact ransomware incidents, specifically targeting critical infrastructure organizations across the world.
As critical infrastructure organizations fight to protect themselves and their customers from threat actors, including nation-state operators, here are a few fundamental focus areas where leaders can affect change in their journey to end cyber risk as they reference CISA’s latest advisory:
- Implement a security culture that starts with users.
Organizations need to implement a user training program to help employees build resilience against potential threats – such as phishing attacks, social engineering, and credential theft. In fact, 60% of executives believe their individual employees lack the ability to identify a cyberattack; coupled with 2020’s 64% increase in phishing and ransomware attacks, there’s no doubt that businesses must put security at the forefront of culture. Given this, organizations need to be held accountable for prepping their employees – regardless of whether they are an intern or in the C-Suite – on identifying a well-orchestrated phishing or ransomware attack when it occurs. Leveraging third-party resources can help encourage employees to engage in training and offer them content that focuses on real-world threat tactics. A well-developed training program can empower employees to effectively identify and mitigate threats in the early stages while strengthening their security posture congruently.
- Set security teams up for success.
If hackers are working together, we must too. Organizations within the critical infrastructure sector, such as those in the oil and gas industry, have a lot at stake – especially if a ransomware attack targets operations. In fact, the FBI, CISA, and NSA disclosed cybercriminals were leveraging ransomware tactics and targeting 14 of the 16 U.S. critical infrastructure sectors including government facilities, thus causing the potential for additional nation-state attacks. In this type of environment, no one is safe – and many organizations face shared challenges when attempting to manage their own internal security operations centers (SOCs).
With 66% of companies struggling to retain cyber talent, short-staffed security teams are at a disadvantage when faced with a threat that doesn’t adhere to business hours. Holidays and weekends are popular times for threat actors to launch their attacks. To mitigate potential threats, organizations need to work with a partner that delivers capabilities that amplifies their existing resources and leverages an operational approach to their security posture. By focusing on shoring up security operations, leaders will not only alleviate the staffing issue, but they will also reinforce the existing talent with improved monitoring, detection, and response needed to identify and mitigate threats immediately.
- Get back to basics: patch, patch, patch.
The broken record of the cybersecurity industry and more recently, the federal government, will continue to ring true – timely software updates and patch cadences are imperative to protecting critical infrastructure systems. There’s a reason that WannaCry brought ransomware into the mainstream – no number of defensive technologies could replace timely patching of a zero-day exploit.
Put together a vulnerability management program and work with security and IT teams to prioritize vulnerabilities based on risk factors. Ensure that teams are aware of mission-critical systems that are potentially highly susceptible to vulnerabilities. Patch and vulnerability management are critical to a proactive approach that will ultimately set up an organization for security success.
Once again, it’s promising to see CISA and other government agencies bring more awareness to the threats businesses are facing across the country. Within critical infrastructure, the stakes are incredibly high, and a cyberattack could disrupt an organization’s day-to-day operations, as well as an entire city or state. The industry needs to take an operational approach to cybersecurity to strengthen the cyber resilience of our critical infrastructure and tighten up defenses to face tomorrow’s threats.
Dan Schiappa, chief product officer, Arctic Wolf