Ransomware in critical infrastructure has been saved
Ransomware in critical infrastructure
Ten questions and actions to tackle this major threat
This article considers how ransomware is evolving globally and we call out what could and should be done about it.
Critical infrastructure assets are high value targets for state-based cyber espionage and asymmetric warfare, and increasingly, active ransomware criminal groups. Aided by rapid digitisation, 2020 was characterised by a significant increase in cyber-criminal activity, in particular ransomware attacks. Research indicates a seven-fold rise in ransomware attacks over the first half of 2020.
Indeed, all our essential services are increasingly at risk, as a successful cyber attack on critical infrastructure can:
- disrupt operations and the supply of electricity, oil, gas, water, waste management, and transport
- further threaten the safety of workers and citizens as dependent services, including emergency services and health facilities, suffer shortages or are compromised as collateral damage
- impact revenue, result in reputational damage, and lead to litigation or regulatory consequences to the service outage
- bring an economy to a standstill in a serious and sustained scenario, due to the domino effects described earlier, and the possibility of public disturbance and civil unrest
- be leveraged to weaken a country’s government and essential services in preparation for a conventional military attack by another nation-state.
The ransomware landscape
Numerous other incidents in the Asia Pacific region have increased both public and private awareness of the domino effect of a cyber attack on a critical industry, and the need for both preventative measures and robust recovery plans to avoid and mitigate local disasters. In 2020, a report from cybersecurity company Lumu reported that more than half of all companies in the region were affected by ransomware1. According to Cybersecurity Ventures, there will be a ransomware attack on businesses across the world every 14 seconds in 20212. There is no escaping this threat, and it is becoming more and more potent.
Why are ransomware attacks so successful?
By denying access to core systems, ransomware can cause an organisation to run its operations in a highly degraded state. In addition to the growing sophistication of ransomware groups, changing expectations have increased the risk to critical infrastructure. To meet stakeholders’ demands for simplicity, efficiency and value while meeting budget constraints, organisations increasingly embrace digitisation, including converging IT with Operational Technology (OT) and leveraging cloud and Industrial Internet of Things (IIoT) technologies. In addition, the pandemic forced many organisations to quickly enable remote access for their OT personnel. These changes result in OT environments being more exposed to increasingly sophisticated cyber threats.
Ten questions to move forward
Critical infrastructure organisations need to create transparency around key cyber risks such as ransomware, so that leadership, Boards and the C-suite can better monitor and address them—and maintain safety and reliability while modernising their operations. We’ve compiled ten key questions to help you kickstart or re-evaluate your efforts to protect critical operational processes and systems against the threat of ransomware:
Read our full report to find out more.
1. R. Dallon Adams, “Ransomware attacks by industry, continent, and more,” TechRepublic, October 12, 2020.
2. Steve Morgan, “Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021,” Cybersecurity Ventures, October 21, 2019.
Published: March 2021
Protecting industrial control systems in Asia Pacific.
Seeing beyond the surface: The future of privacy in Australia