How to adopt a state of sustainable cyber resilience

Adopting a state of sustainable cyber resilience is necessary to protect the UK’s critical national infrastructure.

Essential services are prime targets

Critical national infrastructure (CNI) plays a fundamental part in our everyday lives. From providing healthcare to the sick, energy to heat our homes, and a secure place to keep our money, the likes of hospitals, energy providers and banks cannot be taken for granted; if they are compromised or should fail, the results would be catastrophic. Severe disruption of such services could irreversibly damage the economy and put thousands of lives at risk.

As the world becomes increasingly more digital, and our CNI becomes more interconnected, the threat of these essential services being thrown into disarray looms even larger. If water supplies stop functioning, then healthcare providers could be putting patients in jeopardy; those needing to contact emergency services over the phone would be lost if network service providers were to go down; and everywhere would be thrown into complete chaos if electricity networks were to cease operating. The many ramifications of a digital outage are unthinkable.

The threat of cyber attacks on our CNI is therefore a frightening one indeed. With the extremely valuable data, wealth, and general upheaval that can be obtained by attacking the likes of banks and hospitals, hackers have found easy prey in our CNI.

Indeed, the Joint Committee on the National Security Strategy found that an attack on critical infrastructure providers isn’t a question of if, but when, and the Allianz Risk Barometer 2020 report puts cyber incidents at the top of the most important business risk globally.

From the WannaCry attack on the NHS to state-controlled Advanced Persistent Threat (APT) groups attacking Britain’s networks, the cybersecurity issues facing CNI are making the headlines, for all the wrong reasons.

Nation states won’t bother with backdoors — they’re more likely to walk through the front entrance

Mike Beck, global head of threat analysis at Darktrace, believes that while organisations are busy fretting about nation state back doors, they’ll miss the real cyber threats. Read here

Nation-state threats

GCHQ’s National Cyber Security Centre (NCSC) defended against 658 major cyber attacks last year. Over half were nation-state attacks, many of which targeted the UK’s private and public sectors.

These attacks are particularly concerning as the cybercriminals behind them are typically highly capable, extremely well-funded and have CNI organisations in their sights.

The NCSC review also revealed the motivations behind such attacks, with North Korea being financially motivated; China preferring to use hackers for corporate espionage and intellectual property theft; and Russian and Iranian cybercriminals targeting CNI. The top sectors targeted include the government, transport, and health; attacks which, if successfully carried out, would be disastrous in their fallout.

Indeed, WannaCry, which resulted in £92 million in costs for the NHS, has been linked to the North Korean threat group, Lazarus. The group has dubious government connections, and there are indicators that WannaCry’s motive wasn’t purely monetary, primarily the Lazarus Group’s infamous 2014 hack of Sony Pictures before its planned release of The Interview.

On the Russian front, UK and US officials recently put an end to Evil Corp, a group of hackers that targeted online vulnerabilities and stole millions of pounds from the UK alone, targeting schools amongst other essential service providers. Russia’s nefarious online activities are no secret, and one of the hacker’s alleged involvement with the FSB raises questions over the Kremlin’s association with this severely costly attack.

Most recently, Huawei’s entrance into the UK’s 5G market has remained a controversial topic, as the alleged threat of foreign state interference from the Chinese government is no small worry, especially as it could affect connectivity across the entirety of the UK, causing disruption on a hitherto unheard-of scale.

Whether an APT group is linked to a specific foreign government, or if global companies come under government influence, CNI organisations have to improve their security posture.

What are the newest cyber attacks to look out for?

With cyber attacks constantly developing and getting sneakier, we look at some of the newest attacks that companies must look out for. Read here

A vulnerability is all it takes

CNI organisations tend to take a tactical, reactive approach to their IT security, addressing problems when the damage has already been done. Some don’t even know what information on their systems can be accessed by hackers. WannaCry, for example, which took advantage of a system vulnerability, was a massive wake-up call for the NHS and demonstrated how vastly unprepared it was to combat such an attack. Even a few years on, the consequences from EternalBlue, the malware behind WannaCry, still aren’t over, with Shodan research recently indicating that millions of computers connected to the internet are still vulnerable.

The problem is that many systems related to these organisations aren’t being proactively checked for vulnerabilities. For example, it was recently discovered that millions of patient data files were freely available online, without any kind of security in place. Even when informed about these gaps in their security, many organisations failed to act and have subsequently left millions of patients’ data online for anyone to access.

Acting after the fact, or not acting at all, will not go far in protecting essential services from hackers and their designs to obtain highly sensitive information and a hefty pay-out. If CNI organisations are to protect themselves, they must become cyber resilient.

How to make cyber security intelligence-driven for a more proactive cyber defence

In this article, four experts explain how to make cyber security intelligence-driven and, in turn, create a more proactive cyber defence. Read here

It’s time for a proactive approach

In order to get ahead of potential cyber attacks, it’s essential that critical organisations rethink their approach and aim for a workable, long-term solution.

Adopting a state of sustainable cyber resilience will enable critical organisations to pre-emptively defend themselves from attacks that are looming in the distance. This method involves organisations identifying, classifying, prioritising and remediating all the vulnerabilities in their IT infrastructures so that, even if a hacker does come along sniffing for an opportunity, they’ll struggle to find the key to the door.

Even the government has highlighted the importance of “Resilience, not security” against the “’wicked’” problem of cyber attacks on the UK’s CNI and that organisations that provide essential, everyday services must be continually prepared for an attack to occur.

Especially in our increasingly digital world, and as nation-state attacks more frequently become the weapon of choice for hostile states, being resilient in their cyber security strategy will enable CNI services to proactively stave off their attacker, “whoever that attacker may be, whatever their motive and however they choose to attack.

Written by Dirk Schrader, cyber resilience architect at Greenbone Networks

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com