{"id":8784,"date":"2020-07-02T08:03:40","date_gmt":"2020-07-02T08:03:40","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/?p=8784"},"modified":"2023-11-30T13:39:12","modified_gmt":"2023-11-30T13:39:12","slug":"cybersecurity-and-infrastructure-current-trends-and-future-developments","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/future-of-work\/cybersecurity-and-infrastructure-current-trends-and-future-developments\/","title":{"rendered":"Cybersecurity and Infrastructure: Current Trends and Future Developments"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n

Takeaway:<\/strong>\u00a0It\u2019s not possible for infrastructure owners and operators to fall behind in the technology race, but together with the broad opportunities brought forward by increased connectivity new cyberthreats are also emerging.<\/em><\/p>\n<\/blockquote>\n\n\n\n

The\u00a0infrastructure<\/a>\u00a0sector is taking its first timid steps in the world of digitalization. New\u00a0AI<\/a>\u00a0trends <\/a>are being used to optimize energy grids, power plants, oil and gas refineries, and manufacturing plants.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Roads and highways are implementing new technologies to prepare for the imminent arrival of\u00a0self-driving cars<\/a>. (Read\u00a0Are self-driving cars safer than cars driven by humans?<\/a>)<\/p>\n\n\n\n

It\u2019s not possible for infrastructure owners and operators to fall behind in the technology race, but together with the broad opportunities brought forward by increased connectivity new\u00a0cyberthreats\u00a0<\/a>are also emerging.<\/p>\n\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Public and financial records can be sold on the\u00a0dark web<\/a>, and the breach of such records can be quite profitable for\u00a0hackers<\/a>. A landscape of unscrupulous agents who\u00a0breach systems<\/a>\u00a0and stealthily maintain access over extended periods of time to perform various hacks (data theft, supply chain attacks,\u00a0cryptomining<\/a>, spying, and extortion) are now targeting organizations in the infrastructure sector as well.<\/p>\n\n\n\n

With $3.25 billion per year made by hackers<\/a>\u00a0just by violating social media, it\u2019s time for those verticals to address these issues, adapt and ultimately evolve.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

The Current Cyberthreat Landscape<\/h2>\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

When a large state-owned energy company is hit by a successful\u00a0cyberattack<\/a>, the economy of an entire nation and the wellbeing of thousands of people are at stake. The simplest\u00a0ransomware attack<\/a>\u00a0may cause a disastrous attack if critical data is exposed to malicious actors.<\/p>\n\n\n\n

Back in 2015, a single\u00a0spear phishing email attack<\/a>\u00a0in Ukraine took out took out the energy grid\u00a0for more than 225,000 people<\/a>. Attacks can strike some of the most vulnerable assets of human society, such as the farming and agricultural business (by blocking farming equipment) or the financial sector (think of the Equifax credit bureau breach).<\/p>\n\n\n\n

In some other instances, instead, a single breach may cause massive material damage (examples include nuclear power plants, dams or waste recycling plants).<\/p>\n\n\n\n

Even when they are not the primary target, the proliferation of interconnected\u00a0Internet of Things<\/a>\u00a0(IoT) networks means that a single security gap can make factories and plants become a collateral target. Older vulnerabilities never grow stale, as hackers never stop checking whether those doors are still open.<\/p>\n\n\n\n

More than half of the vulnerabilities that have been publicly exposed in the last 10 years are still susceptible to attacks even today. Establishing a successful cybersecurity strategy during the digital transformation process is a mandatory step, and may require\u00a0tens of thousands of operators across hundreds of sites<\/a>.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

Simplifying Cyber Defense Strategies<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Infrastructure operators often need to work within significant budget constraints \u2014 especially in the public sector. Money is often insufficient, and stakeholders usually prefer to invest it in more \u201cphysical\u201d assets such as better materials and machinery than in (apparently) less practical avenues such as\u00a0cyber defense<\/a>.<\/p>\n\n\n\n

To address this challenge, breach and attack simulation (BAS) platforms such as\u00a0Cymulate<\/a>\u00a0are being currently employed by many organizations.<\/p>\n\n\n\n

Companies can use BAS platforms to test various aspects of their cybersecurity defenses for any gaps and vulnerabilities when they are put under stress. Examples range from web gateways to web applications (firewall effectiveness), endpoints (anti-malware effectiveness), and emails (anti-phishing<\/a>).<\/p>\n\n\n\n

Users just need to install a client on one of the endpoints in their networks and the platform can be used to run various tests. Users can even schedule these tests to run automatically in set intervals. BAS comes as a welcome alternative to other testing methods, such as penetration tests and\u00a0red teams<\/a>\u00a0since these are typically carried out by\u00a0white hat hackers<\/a>\u00a0and seasoned security professionals.<\/p>\n\n\n\n

Instead of hiring a specialized cybersecurity team, companies can simply retrofit existing IT teams to test possible attack vectors quite comprehensively. BAS reports are also used to identify weak points in the security perimeter or IT infrastructure allowing companies to allocate their investments more strategically.<\/p>\n\n\n\n

This evidence-based approach is vital to make stakeholders happy by focusing security budgets on the most evident vulnerabilities.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

\n

Mitigating And Remediating<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

In a sector when even the slightest disruption may have catastrophic consequences, resiliency is mandatory to at least mitigate incoming damage, as well as the ability to quickly restore any impaired services or capabilities.<\/p>\n\n\n\n

Fail-safe strategies and backup plans represent a pivotal point in any remediation strategy, highlighting the importance of detection and forensics tools that can identify indicators of compromise. For example, heightened gateway restrictions such as additional firewalls may be enforced to contain the attacker\u2019s ability to move across the network once a section is compromised.<\/p>\n\n\n\n

If everything goes south, is nonetheless important to be able to provide quick disclosure to collateral actors which may be involved as well (such as emergency operators, fire and police departments, etc.). Being able to share relevant data into ticketing systems may be critical to accelerate this process. Risk baselines must be determined to know which areas are the most vulnerable and\u00a0prepare a remediation plan accordingly<\/a>.<\/p>\n\n\n\n

Highly controlled access and authorization management, as well as tidy asset inventory can help minimize the risk linked to the devices connected to the OT network. A robust control system is a passive approach that has already been adopted by the U.S. electricity sector.<\/p>\n\n\n\n

It helps reducing the overall risk as well as the root cause analysis phase since it easily pinpoints the source of the issue. It can also be used to enhance mitigation, for example by allowing administrators to close facility doors remotely.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

\n\n

Final Thoughts<\/h2>\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Although many organizations in this vertical still lack the maturity to properly handle the full range of cyberthreats that come with the territory, many are taking the necessary steps to improve.<\/p>\n\n\n\n

A strong governmental action will also be necessary to establish an adequate regulatory environment mandating compliance to the strictest security strategies.<\/p>\n\n\n\n

Otherwise, the material risks of a careless approach are too massive to be dealt with.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Although many organizations in this vertical still lack the maturity to properly handle the full range of cyberthreats that come with the territory, many are taking the necessary steps to improve.
\nA strong governmental action will also be necessary to establish an adequate regulatory environment mandating compliance to the strictest security strategies.<\/p>\n","protected":false},"author":740,"featured_media":8785,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[182],"tags":[264,127,404,251,405,406],"ppma_author":[3585],"class_list":["post-8784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-future-of-work","tag-compliance","tag-cybersecurity","tag-future-developments","tag-infrastructure","tag-regulatory-environment","tag-security-strategies"],"authors":[{"term_id":3585,"user_id":740,"is_guest":0,"slug":"claudio-buttice","display_name":"Claudio Buttic\u00e9","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_7baf9ebc-2c25-4c4a-888d-7c1fc9aaf732-150x150.jpg","user_url":"https:\/\/www.medsnews.com\/","last_name":"Buttic\u00e9","first_name":"Claudio","job_title":"","description":"Dr. Claudio Buttic\u00e8, Pharm.D., a Freelance Journalist and Writer, is a former clinical and hospital pharmacist,. He is now an\u00a0accomplished book author<\/a>\u00a0who has written on topics such as medicine, technology, world poverty, and science. His latest book is \"Universal Health Care<\/a>\". Many of his articles have been published in magazines such as\u00a0Cracked<\/a>,\u00a0The Elephant<\/a>,\u00a0Digital Journal<\/a>,\u00a0The Ring of Fire<\/a>, and\u00a0Business Insider<\/a>. He has also published pharmacology and psychology papers on several clinical journals and works as a medical consultant and advisor for many companies across the globe."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/8784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/740"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=8784"}],"version-history":[{"count":6,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/8784\/revisions"}],"predecessor-version":[{"id":34542,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/8784\/revisions\/34542"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/8785"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=8784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=8784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=8784"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=8784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}