When most people in the cybersecurity world initially think about so-called “critical infrastructure,” what typically comes to mind are the likes of the power grid, other public utilities and dams. This is predictable, in part because two highly publicized power grid cyberattacks in recent years in Ukraine knocked out power for hundreds of thousands of people in the dead of winter.
Then proof that it could happen domestically materialized last year and made the threat yet more worrisome when a similar attack buffeted the first western U.S. electricity infrastructure, a part of the transmission grid in Utah, Wyoming and California.
Clearly, this is serious stuff but by no means representative of the primary type of “critical infrastructure” amid changing times. The definition of these two words has been steadily expanding for more than two decades and now encompasses, among other sectors, the healthcare industry and an assortment of major manufacturers. And the COVID-19 pandemic is expanding the scope still further.
New entrants into the fold include the makers of personal protective equipment, banks and other financial institutions, meat packing companies and an enormous array of diversified supply chains regularly compromised by cyber-vulnerable third-party vendors.
Despite expectations of a steep, recession-fueled decline in IT spending in 2020, corporations and government entities must shore up their cybersecurity infrastructure in ways big and small if they want to stay in good stead.
The potpourri of cyberthreats always grows, never shrinks. And some new challenges—such as the transition of millions of office workers to more easily compromised home offices, while likely to eventually backtrack somewhat—will ultimately represent a permanent change in the structure of the workforce and must be addressed accordingly. All computers and devices connected to a network represent potential backdoors for hackers.
To be sure, not every cybersecurity infrastructure challenge is daunting. Consider, for example, ubiquitous Security Operations Centers—teams of experts and the facility in which they work to prevent, detect, analyze, investigate and respond to cybersecurity incidents. Unfortunately, SOCs—the central nervous system of cybersecurity programs—have been posing a problem.
According to a recent study by the Ponemon Institute, many organizations—49 percent of those polled—are dissatisfied with the effectiveness of their SOCs’ ability to detect cyberattacks. SOCs today grapple with significant staff burnout and turnover because of their workload and high-pressure environment, partly because they’re forced to chase too many alerts that turn out to be false. Making matters worse, there aren’t enough qualified cyber-pros to fill all the openings. A step in the right direction would be to better filter alerts, in part by distinguishing between everyday malware and advanced targeted attacks.
But such internal problems, while nagging, don’t compare with the eruption of remote workers. There was a time when working remotely was limited to outside sales representatives and independent contractors. No more.
Enterprises today leverage a stack of network security tools and security hardware at the perimeter to minimize the amount of malware that can reach endpoints. External computers and devices are inherently less secure than corporate networks. Moreover, there is often no IT team monitoring the network to ensure that a remote employee has a reliable connection to the Internet.
As a result, remote workers too often send business email to their customers, partners and coworkers via their personal email, exposing themselves to additional cyberattacks.
To help mitigate this problem, enterprises must be more vigilant in increasing cyber-hygiene among the remote workforce by, for example, insisting that employees use unique and strong passwords and by adopting multifactor authentication, an additional layer of security.
In addition to teaching employees about secure practices and insisting they adopt them, here are other steps that enterprises can take to enhance the strength of their cybersecurity infrastructure:
- Update and patch everything in your systems. Always use the latest versions of the software installed on your systems, including every application used on desktop computers, laptops and mobile devices, as well as the operating system each is running.
- Mount zero trust networks. These identify every network user and verify each device before granting any kind of access and apply the security protocols regardless of the location of the user. Zero trust networks allow only authorized users to access specific areas of the system.
- Keep tight control over information transfer. “Bring your own device” (BYOD) is a common practice that allows employees to use their personal devices for work. But BYOD policies can substantially undermine security, as they contain login information and business documents that can fall into the wrong hands. Enterprises with BYOD policies must make doubly sure their personal devices are used responsibly.
The bottom line is that cybersecurity is about the depth of the cybersecurity defenses of your enterprise. To be effective, it must constantly assess risk and take appropriate steps to mitigate threats. It’s also about implementing the correct policies and working with the right third-party vendors. Keep these steps in mind, and you’ll have a sturdier organization that is safer from attacks.
Share With Your Community:
Tony Kontzer on
*** This is a Security Bloggers Network syndicated blog from RSAConference Blogs RSS Feed authored by RSAConference Blogs RSS Feed. Read the original post at: https://www.rsaconference.com/industry-topics/blog/critical-infrastructure-encompasses-more-than-it-once-did-and-must-be-better-prot