Critical infrastructure companies are the lifelines of countries. From energy and utilities to telecommunications and logistics, the companies are at the heart of economic activity. Finding the critical nature of their work, hackers have stepped up ransomware attacks, exposing chinks in the cybersecurity armour.

“From the ransomware attack that compromised a major US gas pipeline in 2021 to the rise of nation-state attacks, particularly since the onset of the Russian invasion of Ukraine, critical infrastructure organisations are under siege,” Thales Group, a cybersecurity and digital identity solutions company, has said.

Hackers have found that targeting a critical infrastructure company would give them better chances of getting a payoff.

“For example, the 2021 Colonial Pipeline attack, which stopped the pumping of oil in the Northeastern US for five days, resulted in fuel shortages, panic buying and major economic impacts. This had cost $4.4 million in ransom ($2.4 million was later recovered),” Thales Data Threat Report Critical Infrastructure Edition for 2022 said.

About 19 per cent of critical infrastructure respondents reported having experienced a ransomware attack. Transportation and energy/utilities respondents reported even lower ransomware attacks, at 17 per cent each.

About a quarter (24 per cent) of respondents ranked financial losses, such as lost sales or penalties from lawsuits and legal expenses, as the greatest impact from a successful ransomware attack.

“The effects of cyberattacks on critical infrastructure are not only inconvenient, but they can also be life-threatening. Critical infrastructure organizations have some of the highest uptime requirements due to health and human safety concerns, resulting in even higher availability requirements than banking or healthcare,” it said.

The report was based on a survey conducted in January 2022 with responses from 2,767 respondents, including from 300 security leaders and practitioners in the sector.

Human factor and hybrid working

The found that the human factor continues to be the weakest link. A majority of malware and ransomware sneak into organisations because of mistakes committed by individual employees. “The situation has worsened due to large-scale shifts to ‘hybrid’ working arrangements. Additionally, the convergence of information technology and operational technology make it easier for attackers to infiltrate,” the report said.

Respondents have asserted that accidental incidents (human error), hacktivists, cybercriminals and nation-state actors as their top four threats. More than three-quarters (79 per cent) of respondents were concerned about security risks and threats from employees working remotely. Only 51 per cent of critical infrastructure organisations said that they use multi-factor authentication, which is considered to be an effective method to counter cyber attacks.

Transportation companies reported higher malware increases than average (65 per cent) and lower cases of ransomware (45 per cent).

No plans yet

Interestingly, about 39 per cent of respondents said they have no plans to change security spending, even with greater ransomware impacts. Ransomware’s power comes from immediate ‘kidnapping’ of data and critical systems, requiring a rapid, rehearsed response plan. “Yet only 45 per cent of respondents have a formal ransomware plan,” the report said.