(August 3, 2021) NINJIO, a cybersecurity awareness training company serving some of the largest organizations in the world, has just released its most recent critical infrastructure whitepaper. At a time when cyberattacks on infrastructure are dominating the headlines, this whitepaper examines the sector’s vulnerabilities, how cybercriminals and hostile governments exploit them, and what can be done to keep infrastructure systems safe.
The whitepaper draws upon the latest data on infrastructure cyberattacks—from the tactics cybercriminals are deploying to the attack vectors they exploit. Here are a few key points:
The majority of critical infrastructure suppliers in the United States have reported attempts to control their systems, which is why it’s no surprise that nearly two-thirds of cybersecurity professionals expect infrastructure breaches to be among the most significant cyberthreats in the coming years.
This isn’t just because cybercriminals realize that they can extort infrastructure providers, such as Colonial Pipeline, which was recently hit with a cyberattack that shut down its 5,500-mile pipeline (the company paid $4.4 million in Bitcoin to the attackers). It’s also a direct consequence of trends such as the surging number of Internet of Things (IoT) devices, the interconnectedness of the infrastructure sector, and the increasing capacity of nation-states to carry out cyberattacks.
“Cyberattacks are becoming more frequent, sophisticated, and destructive across the board,” explains NINJIO founder and CEO Zack Schuler. “And nowhere is this trend clearer than in the infrastructure sector. Companies have a vital role to play in protecting our critical infrastructure, which is why employees need to know how to identify cyberattacks and prevent them from becoming breaches that can shut down the systems we all rely upon.”
NINJIO’s whitepaper outlines three ways companies in the infrastructure sector can protect themselves:
- All devices that have access to sensitive information should use fully updated versions of relevant security resources.
- Companies that manage critical infrastructure should minimize the co-mingling of consumer-grade IoT devices with newer IoT devices built for commercial applications such as critical infrastructure, as consumer-grade IoT devices may not have been designed with security in mind.
- Employees have to know how to spot phishing attacks. There are many warning signs, and identifying them should be second nature to employees who work in the infrastructure sector.
As Schuler observes: “A well-trained workforce is the key to keeping our infrastructure systems secure. As social engineering attacks increase, employees are the first and last line of defense.”