Elena Canorea
Communications Lead
Critical infrastructure systems are interconnected to form a network, which is vital for the smooth functioning of societies. Because of this crucial role, key industries such as energy, healthcare, and government have become prime targets for cyber-attacks.
These attacks compromise sensitive data, disrupt daily operations, and jeopardize the security of public and private organizations.
These increasingly sophisticated and common attacks highlight the need to intensify cyber security measures. Increasingly sophisticated technology has become a weapon for cybercriminals, but it is also the solution to combat and defeat them if you know how. Here are the keys to a proactive approach to implementing comprehensive strategies encompassing detection, prevention, and response to threats.
The growing impact of cyberattacks is driving many industries to prioritize robust cybersecurity measures to improve their resilience and protect society’s essential services.
One of the most affected are hospitals, as they are very attractive to cybercriminals due to the large amount of health information and personal data they store on patients. These attacks not only compromise users’ privacy but also put their lives at risk by disrupting medical procedures or delaying treatments. In fact, according to a study by Insider Intelligence, there were 1,463 attacks per week on hospitals in 2022, 74% more than the previous year, highlighting the urgent need for robust cybersecurity measures.
The energy sector is another of the most affected sectors, whose consequences go beyond the problems they can cause, as they can have serious economic and social impacts. All other industries depend on electricity supply, which makes them vulnerable to disruptions that can shut down essential services and compromise public safety. Protecting electricity grids from cyber threats is essential to ensure the stability and resilience of critical infrastructure.
Schools and educational institutions are also major victims of cyber-attacks, affecting something as important as providing quality education to students. These institutions also store large amounts of sensitive information, such as student records or tax data, which can lead to identity theft and financial fraud. The loss or manipulation of student records can have long-term consequences on their educational journey, so protecting student and school data is crucial to fostering a safe learning environment.
Keeping in mind the keys to keeping our data secure will be critical to protecting ourselves and our workplace.
The US Department of Homeland Security recently published a 7-step guide to effectively defending industrial control systems, giving advice on how to prevent attacks on critical infrastructure. We list and review them.
This is one of the measures that could prevent most incidents if implemented well.
The creation of a list of allowed applications would consist of checks on which applications can be started, and the only ones on this list are the ones that can be used. This makes it more difficult for an attacker to execute malicious code that he has managed to insert into the protected system.
Network traffic, where application updates, lists, and authorized list records are sent, must also be monitored.
Vulnerabilities detected in a system should be fixed or patched quickly to minimize the time in which an attacker can exploit them.
One tip is to carefully monitor the system’s components and versions and always patch all vulnerabilities that are detected. This also applies to devices temporarily connected to the system.
For successful patching, information about the system’s state must be extracted, and patches must be imported quickly. If the system is connected in real-time, a new attack possibility is created. Unidirectional information flows and detailed traffic filtering can limit this.
One way for an attacker to influence a mission-critical system is to exploit weaknesses in the implementation of accessible surfaces.
There are weaknesses at every level, known or unknown, in all computer systems. Therefore, a strategy of minimizing what is accessible can be implemented to reduce the risk of a successful attack.
It is also important to connect network systems only when necessary, considering first whether it can be unidirectional, as this makes an attack much more difficult. The next step is to limit the transfer of information, even in open directions.
Segmenting the system into several zones limits the damage in case of a possible override of external protection. It is also easier to act after an incident.
This is a very important strategy, but also difficult to implement. The different zones must communicate but in a controlled way. Only protocols and information must be able to pass. Otherwise, there is no reason to segregate zones.
Using a one-way transfer, whenever possible, limits the exchange of information between zones, making it difficult for an attacker to import malicious code or communicate with a tampered system.
Sometimes, not connecting them is not an option, as the same network segments must be available in geographically different locations. Therefore, this traffic needs to be protected during transport between sites. The best way to achieve this is to use VPN tunnels.
One way for an attacker to achieve his goal is to first take over the parts of the system that have weak authorization control and, from there, work his way up the authorization hierarchy.
Gaining access to a section of the system with the highest privileges allows an attacker to work unrecognized and in a controlled manner. It is, therefore, necessary to control how authorizations are stored, distributed, and updated and to ensure that users follow a strong password policy to minimize the chances of such attacks.
It is also important to design authorization controls that only manage the area where it is stored in the system. Otherwise, it could be easy for an attacker to move its position deeper into the system.
Communication between authorization systems in each zone may be necessary to increase the likelihood of finding misconfigurations and attack attempts.
Attackers often want to attack remotely and look for network connections on the system. This means that all potential connections to the system should be checked and eliminated unless necessary, in which case they should be limited.
It is also safer for sensitive remote connections to require operator activation, have time limitations, and only be given access to operations deemed necessary. To this end, authorization controls must be strong, with, for example, two-factor authentication.
If a connection is not secure, an attacker can take it over and control the system with the privileges granted to the authorized remote user. In addition, he can obtain information by intercepting the connection and using it to prepare further attack attempts. At this point, an additional method that increases security is to apply a filter function based on a policy that defines what actions can be performed through remote ones and what information can pass through the filter.
The introduction of IT security measures can significantly reduce the risk of successful cyber-attacks.
However, the risk is never zero, as you never know what resources the attacker has at his disposal and how they will evolve. Therefore, attacks that are not blocked by security mechanisms such as access control, filtering, encryption, and segmentation must be identified, detected, and responded to.
One recommendation is that network traffic, both within and to the system, should be continuously monitored for deviations.
Joining the digital transformation forces a re-examination of traditional security models, which do not provide agility in a rapidly evolving environment. Data footprints have expanded to the cloud or hybrid networks, and the security model has evolved to address a more holistic set of attack vectors.
As a result, today’s organizations need a new security model that adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, applications, and data wherever they are located.
Having a technology partner specialized in cybersecurity can solve all of your company’s infrastructure and security problems. Plain Concepts can be that partner, helping you implement a Zero Trust approach, the essential security strategy for today’s reality.
We have the experience and resources to meet your needs at all layers of security: identity, endpoint, application, network, infrastructure, and data. We have already helped hundreds of organizations evolve their deployments to respond to remote and hybrid working transactions in parallel with the increasing intensity and sophistication of cyber attacks.
But moving to a Zero Trust security model doesn’t have to be an all-or-nothing proposition. We recommend using a phased approach, where we will help you close the most exploitable vulnerabilities first. To do this, we offer workshops and assessments to help you reach the maximum level of protection:
If you want to protect your most sensitive business assets and your entire team, don’t wait any longer and contact us! Our experts will help you understand the challenges you face and design the strategy that best suits you.
Elena Canorea
Communications Lead
Cookie | Duration | Description |
---|---|---|
__cfduid | 1 year | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
__cfduid | 29 days 23 hours 59 minutes | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
__cfduid | 1 year | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
__cfduid | 29 days 23 hours 59 minutes | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
_ga | 1 year | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_ga | 1 year | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_ga | 1 year | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_ga | 1 year | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_gat_UA-326213-2 | 1 year | No description |
_gat_UA-326213-2 | 1 year | No description |
_gat_UA-326213-2 | 1 year | No description |
_gat_UA-326213-2 | 1 year | No description |
_gid | 1 year | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form. |
_gid | 1 year | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form. |
_gid | 1 year | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form. |
_gid | 1 year | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form. |
attributionCookie | session | No description |
cookielawinfo-checkbox-analytics | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category . |
cookielawinfo-checkbox-necessary | 1 year | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-necessary | 1 year | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-non-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary". |
cookielawinfo-checkbox-non-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary". |
cookielawinfo-checkbox-non-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary". |
cookielawinfo-checkbox-non-necessary | 1 year | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary". |
cookielawinfo-checkbox-performance | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance". |
cppro-ft | 1 year | No description |
cppro-ft | 7 years 1 months 12 days 23 hours 59 minutes | No description |
cppro-ft | 7 years 1 months 12 days 23 hours 59 minutes | No description |
cppro-ft | 1 year | No description |
cppro-ft-style | 1 year | No description |
cppro-ft-style | 1 year | No description |
cppro-ft-style | session | No description |
cppro-ft-style | session | No description |
cppro-ft-style-temp | 23 hours 59 minutes | No description |
cppro-ft-style-temp | 23 hours 59 minutes | No description |
cppro-ft-style-temp | 23 hours 59 minutes | No description |
cppro-ft-style-temp | 1 year | No description |
i18n | 10 years | No description available. |
IE-jwt | 62 years 6 months 9 days 9 hours | No description |
IE-LANG_CODE | 62 years 6 months 9 days 9 hours | No description |
IE-set_country | 62 years 6 months 9 days 9 hours | No description |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
viewed_cookie_policy | 1 year | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
viewed_cookie_policy | 1 year | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
wmc | 9 years 11 months 30 days 11 hours 59 minutes | No description |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
sp_landing | 1 day | The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content. |
sp_t | 1 year | The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content. |
Cookie | Duration | Description |
---|---|---|
_hjAbsoluteSessionInProgress | 1 year | No description |
_hjAbsoluteSessionInProgress | 1 year | No description |
_hjAbsoluteSessionInProgress | 1 year | No description |
_hjAbsoluteSessionInProgress | 1 year | No description |
_hjFirstSeen | 29 minutes | No description |
_hjFirstSeen | 29 minutes | No description |
_hjFirstSeen | 29 minutes | No description |
_hjFirstSeen | 1 year | No description |
_hjid | 11 months 29 days 23 hours 59 minutes | This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
_hjid | 11 months 29 days 23 hours 59 minutes | This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
_hjid | 1 year | This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
_hjid | 1 year | This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
_hjIncludedInPageviewSample | 1 year | No description |
_hjIncludedInPageviewSample | 1 year | No description |
_hjIncludedInPageviewSample | 1 year | No description |
_hjIncludedInPageviewSample | 1 year | No description |
_hjSession_1776154 | session | No description |
_hjSessionUser_1776154 | session | No description |
_hjTLDTest | 1 year | No description |
_hjTLDTest | 1 year | No description |
_hjTLDTest | session | No description |
_hjTLDTest | session | No description |
_lfa_test_cookie_stored | past | No description |
Cookie | Duration | Description |
---|---|---|
loglevel | never | No description available. |
prism_90878714 | 1 month | No description |
redirectFacebook | 2 minutes | No description |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |