It is encouraging to see initiatives like yesterday’s joint warning from the DOE, CISA, NSA, and the FBI, that acknowledge the increased cyber risk to critical infrastructure organisations, as well as the updates to the UK’s Cyber Assessment Framework from earlier in the week that similarly recognise the risk to data confidentiality that public sector organisations manage.
For, unlike a bank or retailer where the target is customer information, attacks on the logistics processes within critical infrastructure organisations like healthcare, oil and gas and defence, have immediate real-world impacts and reveal criminals increasingly realising that they can increase their profitability by disrupting operations. For example, we’ve seen gangs target healthcare and manufacturing systems potentially preventing operation. This could have a major impact on the ability to deliver healthcare, the food chain and energy.
Whilst the government agencies’ recommendations to include MFA for remote access to ICS networks, changing and rotating passwords, and using OT monitoring solutions to detect malicious indicators and behaviours in retaliation are very important, it’s vital to also consider proactive protection before an attack attempt happens. By taking a Zero Trust approach and only allowing known and verified communication between environments and segmenting critical data and assets on a network, organisations can isolate malware and prevent the lateral movement of threat actors, thereby drastically limiting the potential impact of any attack.’