Despite the lack of major headline-grabbing cyberattacks against US critical infrastructure so far in 2022, our global cyber battles continue to escalate.
July 31, 2022 •
The Washington Post reported this week on how the cyberwar between Iran and Israel escalated. The story began as follows: “At the end of June, the Iranian state company Khuzestan Steel Co. and two other steel companies were forced to stop production after Suffering a cyberattack. A hacking group claims responsibility on social media, saying he was targeting Iran’s three largest steel companies in response to “the aggression of the Islamic Republic”.
“Both incidents show how the cyber conflict between the two countries has become increasingly public over the past two years.”
The article goes on to point out that global cyber actions are becoming less and less secret.
“Critical infrastructure lags behind in Zero Trust – Nearly 80% of critical infrastructure organizations surveyed do not adopt zero-trust strategies, and average breach costs reach $5.4 million, an increase of $1.17 million over those that do. Meanwhile, 28% of breaches among these organizations were ransomware or destructive attacks. …
COSTS OF HEALTH DATA BREACHES REACH RECORD $10M PER ATTACK
“A healthcare data breach now comes with a record price – averaging $10.1 million, according to IBM Security’s annual Cost of a Data Breach report. .”
TREND MICRO CRITICAL INFRASTRUCTURE REPORT
- 40% of respondents were unable to block the initial attack.
- 48% of those who say there have been disruptions do not always make improvements to minimize future cyber risks.
- Future investments in cloud systems (28%) and private 5G deployments (26%) were the top two drivers of cybersecurity among respondents.
- The OT security function tends to be less mature than average IT in terms of risk-based security.
“The addition of cloud, edge and 5G in mixed IT and OT environments has rapidly transformed industrial operations and systems. Organizations need to stay ahead of the curve and take security measures to protect corporate assets. Improving risk and threat visibility is a quick first step towards a secure industrial cloud and private network.
Also, I like this Accenture OT and ICS security video covering “the art of the possible”:
THE CYBER INDUSTRY STILL ASK: IS THE “BIG” COMING?
Much like discussions of the California earthquakes, we seem to keep coming back to questions about the imminent arrival of cyber 9/11 or cyber Pearl Harbor.
You might be wondering: is this a new topic for “Lohrmann on Cybersecurity”?
The answer is no, and here are some of the previous blogs where I have covered this critical infrastructure protection topic:
I expect this topic will not go away in the next decade.
In fact, despite no Colonial Pipeline-like event in 2022 so far, cyberattacks on critical infrastructure are quietly on the rise around the world.
Daniel J. Lohrmann is an internationally acclaimed cybersecurity leader, technologist, keynote speaker, and author.
*** This is a syndicated blog from the Security Bloggers Network of Lohrmann on cybersecurity written by Lohrmann on cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cyber-attacks-against-critical-infrastructure-quietly-increase