sb-au logo
Story image

"Utterly frightening": UK's critical infrastructure is under attack

10 Apr 2018

The National Cyber Security Council (NCSC) recently issued a warning after it became aware of ongoing malicious attacks targeting the UK’s critical national infrastructure (CNI).

What is concerning is that the NCSC admits that it appears cybercriminals have been targeting and hacking organisations in the supply chain connected to UK’s CNI since at least March of 2017.

The hackers have been working to gain access to information using a number of techniques like planting malicious links on popular sites, targeted spear phishing attacks against the organisations, and harvesting logon details with publicly available hacking tools - with the ultimate goal of breaking into systems and grinding critical infrastructure to a halt.

RSA Security advanced cyber defence practice director Azeem Aleem says protecting the nation’s critical infrastructure is a matter of national security, but cybersecurity is often more complex within these environments.

“Firstly, it is only in recent years that old manual systems have been ‘digitised’ and connected. For years prior the whole focus has been on physical security, which means these companies are often years behind those in banking and retail, per se,” says Allem.

“My advice would be to face these challenges head on and the only way to do this is by having visibility and context. This means conducting a thorough risk assessment, understanding the dependencies between systems, using threat detection to monitor and alert on attacks, and contextualising results with business context in order to prioritise events.”

Aleem says there is a critical problem within many critical infrastructure companies, making them incompetent in fighting against cybercrime.

“Critical infrastructure companies are often dependent on legacy infrastructures with complex dependencies, and little visibility. They are unable to correlate security events to specific business outcomes – a problem we call the ‘Gap of Grief’,” says Aleem.

“Take the recent wave of WannaCry and Petya attacks; the industry was quick to cry ‘patch’, but actually that isn’t always possible, as patching systems without proper testing could actually cause more damage.”

Huntsman Security head of product management Piers Wilson says these attacks on national infrastructure should be “utterly frightening” given the chaos hackers can cause through sabotage and it’s made possible in part because of a lack of qualified security personnel and historic underinvestment.

“Within 2 years there will be over 1.5m security jobs unfilled globally, meaning that there simply aren’t enough resources in the UK to cope with the growing threats facing our critical infrastructure. Before the digital era, it was relatively simple to prevent and stop attacks, but now it’s much harder,” says Wilson.

“There’s often no easy way to block all of these potential threats at the perimeter, and trying to do so will just result in security analysts becoming overwhelmed by the sheer volume of probes and false positives that mask real issues.”

Wilson says it’s time that organisations accept that traditional defences like firewalls and anti-virus are simply not enough, with emphasis needing to shift away from just blocking attackers to intelligent and rapid detection, containment and mitigation as soon as an attack begins.

“This means having first class, automated threat and security intelligence capabilities that can manage the deluge of potential problems - sorting real threats from the background noise of systems and network operation; freeing up security analysts to deal with the real problems as quickly and efficiently as possible,” says Wilson.

“In the digital age, everyone – from the government and critical infrastructure organisations to businesses and charities - needs to accept that they can’t stop every attack at the boundary. Shifting focus will help to keep them and the rest of the UK safe."

Story image
Top 10 riskiest IoT devices for enterprises, according to Forescout
IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent Forescout research shows businesses need to be aware of this and put adequate security measures in place.More
Story image
New report reveals countries most targeted by 'significant' cyber-attacks
Specops Software has unveiled its report listing the countries most-often falling victim to assaults on government agencies, defence departments and other high-value infrastructure.More
Story image
Interview: Checkmarx on the state of software security in Asia Pacific
"While the benefits of software are obvious, this proliferation also creates a massive and ever-evolving attack surface,” says Checkmarx A/NZ country manager Raygan Flores.More
Story image
Airlock Digital seeks to empower Aussie SMEs with AustCyber funding
“With more SMEs and other organisations looking to adopt application whitelisting as a primary cyber defence mechanism, we plan to significantly expand Airlock Digital's partner network."More
Story image
Gartner recognises Pulse Secure for Zero Trust Network Access solution
In the market guide, Gartner states that ZTNA augments traditional VPN technologies for application access, and removes the excessive trust once required to allow employees and partners to connect and collaborate. More
Download image
Ultimate security: The best authentication just got better
Cloud applications can hold sensitive data, and top-notch authentication is key. But having separate tools for separate applications can be cumbersome - here's how to overcome that.More