Why are critical infrastructure attacks every citizen’s — not to mention business leaders’ — problem?
Every executive and every business in every country relies on critical infrastructure throughout daily life. Critical infrastructure sectors include energy production and transmission, water and wastewater, healthcare, and food and agriculture. Not only are each of these sectors critical to the appropriate functioning of modern societies, but they are also interdependent, and anon one can have a direct impact on others.
Unfortunately, the risks in Ukraine have already turned to reality as websites of banks and the Ministry of Defense have been attacked in recent weeks, and the country will likely remain a target in the near term. It is also not the first time that Ukraine has been the main target of cyberattacks due to geopolitical conflicts. In 2014, its Central Election Commission was targeted. In December 2015, an attack on the power grid plunged parts of the country into darkness.
Looking forward, CISOs and security and risk management leaders should define what their high-value assets are, so that triage and decision making about what to bring back up first doesn’t occur on the fly, and secure mission-critical backups offline or in cloud environments. They need to review with urgency their network segmentation both in enterprise IT systems and for high-value cyber-physical systems in operational or mission-critical environments.
Another best practice is to update personnel reporting and internal emergency communications trees both in IT and operations, and maintain a copy offline. Several NotPetya victims had to revert to social media to get in contact with their own personnel; adequate preparation can help avoid this kind of disruption.Join your peers for the unveiling of the latest insights at Gartner conferences.