Nearly 85% of CNI Firms Breached in 3 Years

  • By David Lukic
  • Dec 02, 2021

Most security leaders in critical infrastructure organizations are underestimating the scale of cyber-threats to their operations, despite having suffered breaches over the past three years.

A recent research study by Skybox Security found that 83% of organizations experienced an operational technology (OT) cybersecurity breach in the last 36 months. The research also uncovered that organizations also underestimate the risk of a cyberattack.

What are CNI Firms?

Critical National Infrastructures (CNI) are systems, facilities, information, people, networks, and processes necessary for a country to function the vast network of highways and other transportation services, supply of water, energy or banking services, utilities, and buildings necessary to maintain everyday life.
These systems are essential for the economy, health, safety, security, and social well-being of people and the loss or compromise of these critical elements could result in disaster.
  • It can detrimentally impact the availability, integrity, or delivery of essential services.
  • If compromised, disruptions to some services could result in significant loss of life or casualties.
  • There could be a significant negative impact on national security and defense, or on the effective functioning of the government.
Unlike previous years where these CNIs operated in isolation, they are becoming more complex and reliant on networks of connected devices even across sectors.
As such, the failure of one critical infrastructure could result in not only the failure of that system, it could also potentially create a devastating chain reaction.
This vulnerability of critical infrastructure to cyber-attacks has become a big concern with recent events giving even more cause for concern.

What kinds of breaches do CNIs experience?

While IT infrastructure has given rise to many cyber security jobs, consultants, products, and services, the operational technology of CNIs is a vulnerable and less focused element of cyber security.
However, this is especially important as people and infrastructure become even more reliant on connectivity and well-functioning homes and communities.
One example is the power grid incident in Texas in which 4.5 million homes and businesses were left without power, water, and heat for days during extreme cold weather in the state.
Recently, on May 7th, a devastating ransomware attack on the Colonial Oil Pipeline left nearly 11,000 gas stations without gas. The pipeline, one of the largest in the US that supplied about 45% of the East Coast’s gas, diesel, and jet fuel, was forced to shut down its networks and operations entirely.
In another case of disruptions to critical infrastructure, hackers broke into a US water authority’s cellular network to hike the bills by 15,000%, from $300 monthly to over $50,000 over a two-month period.
World-changing events like these have brought to light the need for organizations to adapt and protect their services to ensure continuity.
CNI Data Breach

What are the Common Vulnerabilities?

Some of the challenges facing OT security include OT network complexity which leaves various loopholes which can easily be taken advantage of, supply chain risk, and limited vulnerability detection and fixing options.
Hackers and threat actors commonly target energy, transportation, public services, telecommunications, and critical manufacturing sectors with the intention to
  • Disrupt critical services using ransomware
  • Target theft of intellectual property or customers’ personal data
  • Manipulate or sabotage operational equipment
  • Conduct long-term surveillance of networks looking for weaknesses and intelligence that can be monetized or exploited.

How to Safeguard Against Breaches

According to a 2021 report from IBM and the Ponemon Institute, the average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.
Despite the rise in vulnerabilities and recent attacks, OT security remains low in priority for many security teams as there is a predominant belief that their infrastructure is safe despite evidence to the contrary, which has led to inadequate OT security measures.
Here are some ways to ensure OT security is protected against data breaches.
  • Implement automation to reduce human error and ensure continuous compliance.
  • Find exposed vulnerabilities with a network model.
  • Implement long-term options that go beyond patching for security risks and vulnerabilities.
  • Rely less on cyber insurance as a security ‘strategy’.
  • Monitor Third-party access to networks.
  • Ensure adherence to security controls.
About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Welltok’s MOVEit Breach Returns, Another 426k Records Exposed

Welltok’s MOVEit Breach Returns, Another 426k Records Exposed

Welltok operates an online wellness program various organizations use to encourage healthy lifestyles. They've been in our news frequently as the global MOVEit breach continues.

Weekly Cybersecurity Recap November 24

Weekly Cybersecurity Recap November 24

This week, the cybersecurity environment continued to be rocked by the global MOVEit data breach. Various Stanford Health groups had information taken in the MOVEit event, up to 1.6 million patient records.

Work Management Company NSC Tech, Suffers 50k Employee Record Breach

Work Management Company NSC Tech, Suffers 50k Employee Record Breach

NSC Technologies is a workforce management solution pairing perfect prospective candidates with companies desiring long-term employees.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address