sb-nz logo
Story image

"Utterly frightening": UK's critical infrastructure is under attack

10 Apr 2018

The National Cyber Security Council (NCSC) recently issued a warning after it became aware of ongoing malicious attacks targeting the UK’s critical national infrastructure (CNI).

What is concerning is that the NCSC admits that it appears cybercriminals have been targeting and hacking organisations in the supply chain connected to UK’s CNI since at least March of 2017.

The hackers have been working to gain access to information using a number of techniques like planting malicious links on popular sites, targeted spear phishing attacks against the organisations, and harvesting logon details with publicly available hacking tools - with the ultimate goal of breaking into systems and grinding critical infrastructure to a halt.

RSA Security advanced cyber defence practice director Azeem Aleem says protecting the nation’s critical infrastructure is a matter of national security, but cybersecurity is often more complex within these environments.

“Firstly, it is only in recent years that old manual systems have been ‘digitised’ and connected. For years prior the whole focus has been on physical security, which means these companies are often years behind those in banking and retail, per se,” says Allem.

“My advice would be to face these challenges head on and the only way to do this is by having visibility and context. This means conducting a thorough risk assessment, understanding the dependencies between systems, using threat detection to monitor and alert on attacks, and contextualising results with business context in order to prioritise events.”

Aleem says there is a critical problem within many critical infrastructure companies, making them incompetent in fighting against cybercrime.

“Critical infrastructure companies are often dependent on legacy infrastructures with complex dependencies, and little visibility. They are unable to correlate security events to specific business outcomes – a problem we call the ‘Gap of Grief’,” says Aleem.

“Take the recent wave of WannaCry and Petya attacks; the industry was quick to cry ‘patch’, but actually that isn’t always possible, as patching systems without proper testing could actually cause more damage.”

Huntsman Security head of product management Piers Wilson says these attacks on national infrastructure should be “utterly frightening” given the chaos hackers can cause through sabotage and it’s made possible in part because of a lack of qualified security personnel and historic underinvestment.

“Within 2 years there will be over 1.5m security jobs unfilled globally, meaning that there simply aren’t enough resources in the UK to cope with the growing threats facing our critical infrastructure. Before the digital era, it was relatively simple to prevent and stop attacks, but now it’s much harder,” says Wilson.

“There’s often no easy way to block all of these potential threats at the perimeter, and trying to do so will just result in security analysts becoming overwhelmed by the sheer volume of probes and false positives that mask real issues.”

Wilson says it’s time that organisations accept that traditional defences like firewalls and anti-virus are simply not enough, with emphasis needing to shift away from just blocking attackers to intelligent and rapid detection, containment and mitigation as soon as an attack begins.

“This means having first class, automated threat and security intelligence capabilities that can manage the deluge of potential problems - sorting real threats from the background noise of systems and network operation; freeing up security analysts to deal with the real problems as quickly and efficiently as possible,” says Wilson.

“In the digital age, everyone – from the government and critical infrastructure organisations to businesses and charities - needs to accept that they can’t stop every attack at the boundary. Shifting focus will help to keep them and the rest of the UK safe."

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Five security challenges for the Enterprise of Things
Many enterprise networks aren't adequately managed, creating risk for businesses that don’t have full visibility into all of the devices on their network, writes Forescout regional director for A/NZ Rohan Langdon.More