Critical infrastructure organizations have become prime targets for malicious ransomware attacks. As essential companies that keep North America running, these organizations can’t afford even minor downtime.
Recently, multiple significant attacks have targeted our gas supply (Colonial Pipeline), food supply (JBS Foods) financial institutions (CNA Financial) and public transportation (New York City Metro). Colonial Pipeline is a large corporation supplying roughly 2.5 million barrels a day – half of the East Coast’s supply of gasoline, diesel, heating oil and jet fuel. But smaller businesses are also seeing increased incidents – with the average cybersecurity breach costing over $25,000 to address and correct1. It’s now a matter of when, and not if your organization will be affected.
While governments tackle this growing threat with new policies to combat cyberattacks, businesses can take immediate steps to better defend themselves on the frontlines. Most importantly, it’s time to revisit how their Information Technology (IT) and Operational Technology (OT) systems are interconnected. Most OT systems were deployed over a decade ago, and they’re less likely to be kept updated than newer networked assets. This leaves them incapable of running the latest cybersecurity tools. More concerning is that the increasingly common practice of connecting these legacy systems to an organization’s IT systems (and therefore the Internet) exposes them to a world of threats they were never designed to address. Hackers now have potential access to a company’s entire operations.
With this in mind, updating your legacy control system and separating it from your IT system should be your first priority. Even better, you should consider replacing a legacy system with one that incorporates the latest cybersecurity features. Though it’s difficult for organizations to consider the expensive replacement of control systems that still function well, it’s critical to weigh those concerns against the possibility of cybersecurity breaches. A single shutdown could cause a smaller company to shut its operations down permanently.
With the main technology issues addressed, the next key step is employee training and better security protocols. In 2020, 85% of cybersecurity breaches took advantage of human error to access encrypted resources and sensitive company information. Most malware and ransomware attacks relied on employees unknowingly clicking insecure links, downloading malicious software/attachments, visiting illegitimate websites or connecting insecure devices (like USB memory sticks) to company equipment2.
The Internet of Things (IoT) is another attack vector. Outdated cybersecurity software and practices usually are not able to effectively monitor next generation Internet-connected devices. Hackers could use those devices as their entry point onto your internal network.
Lastly, something as simple as weak (and overused) passwords can be a culprit. If hackers obtain one password from inside your organization, it’s possible that the same credentials will grant them access to other equipment and platforms on your network.
The above threats reinforce the importance of employee education, two-factor authentication (for much stronger password protection) and general awareness of current online scams.
Cybertech Automation is ready to assist your organization with everything from network design to control system upgrades to employee education. We can help you build strong defences against cybersecurity breaches and guard both your safety and profitability long-term. Contact a Cybertech Automation cybersecurity specialist today to take the first step in protecting your business at firstname.lastname@example.org or 412.770.3135.
- The Average Cost of a Cyber Attack on a Small Business is More than $25,000 (smallbiztrends.com)
- Verizon’s 2021 Small & Medium Business Data Breach Investigations Report