The attack last year on Colonial Pipeline, a vital component of the US petroleum network, severely damaged the company’s operations, causing it to halt distribution of 2.5 million barrels of fuel per day across its 5,500 miles of pipe system. This amounted to about half of the fuel utilized on the US East Coast, prompting politicians to pass emergency legislation permitting fuel to be transported by road.
According to official media announcements at the time, Colonial Pipeline took systems offline to limit the threat, brought in third-party security experts and devised a system restart plan. The difficulty with this strategy – which focuses on addressing vulnerabilities only after an attack – means that the harm has already been done. Faced with this kind of situation, organizations often feel they are obliged to pay ransom demands or undertake costly recovery procedures.
Fast forward to today and for every possible cybercrime victim, the underlying IT networks that allow them to function are becoming more complex, increasing the amount of potential vulnerabilities. Even the tiniest Internet of Things (IoT) gadgets have suddenly become potential gateways to critical networks, providing bad actors with more choices for mounting potentially devastating cyber attacks.
While Colonial is the most well-known of the publicly documented critical infrastructure attacks, they remain far from alone. Last year, approximately 650 ransomware incidents targeted vital infrastructure in the United States, according to the FBI’s 2021 Internet Crime Report. The volume and severity of attacks are likely to increase given current geopolitical tensions.
So, where do we go from here? Organizations encounter a variety of threats and weaknesses that demand immediate attention, such as the hazards posed by file-based cyber security threats, which contain potentially dangerous content in about one out of every 100,000 files.
Despite the fact that most businesses understand the necessity of protecting their valuable files and data from malware and ransomware, the vast majority rely on antivirus and sandboxing technologies to do so. While these solutions are a vital element of any comprehensive cybersecurity plan, they can also introduce major security flaws.
For example, around 70% of malware found in files is of an unknown variant when it is received, making it invisible to reactive cybersecurity technologies. Exacerbating this problem is updating antivirus and sandboxing technologies can take up to 18 days, leaving systems vulnerable to attack.
Instead, critical infrastructure organizations must take a proactive approach to file security, and one of the most effective ways to do so is to use Content Disarm and Reconstruction (CDR) technology, which instantly cleans and rebuilds files to match their ‘known good’ manufacturer’s spec, removing potential threats automatically.
Closing all potential attack angles has become vital for critical infrastructure providers in order to defend public services and the wider national interest. According to the recent Five Eyes security advisory, for instance, “Critical infrastructure network defenders should prepare for and mitigate potential cyber threats—including damaging malware, ransomware, DDoS attacks, and cyber espionage.” In the current climate, proactive cybersecurity solutions are more critical than ever in order to ensure networks remain safe.