Protecting critical infrastructure from cyber-attacks

Critical infrastructure systems are interconnected to form a network, which is vital for the smooth functioning of societies. Because of this crucial role, key industries such as energy, healthcare, and government have become prime targets for cyber-attacks.

These attacks compromise sensitive data, disrupt daily operations, and jeopardize the security of public and private organizations.

These increasingly sophisticated and common attacks highlight the need to intensify cyber security measures. Increasingly sophisticated technology has become a weapon for cybercriminals, but it is also the solution to combat and defeat them if you know how. Here are the keys to a proactive approach to implementing comprehensive strategies encompassing detection, prevention, and response to threats.

Cyber-attacks on key industries

The growing impact of cyberattacks is driving many industries to prioritize robust cybersecurity measures to improve their resilience and protect society’s essential services.

One of the most affected are hospitals, as they are very attractive to cybercriminals due to the large amount of health information and personal data they store on patients. These attacks not only compromise users’ privacy but also put their lives at risk by disrupting medical procedures or delaying treatments. In fact, according to a study by Insider Intelligence, there were 1,463 attacks per week on hospitals in 2022, 74% more than the previous year, highlighting the urgent need for robust cybersecurity measures.

The energy sector is another of the most affected sectors, whose consequences go beyond the problems they can cause, as they can have serious economic and social impacts. All other industries depend on electricity supply, which makes them vulnerable to disruptions that can shut down essential services and compromise public safety. Protecting electricity grids from cyber threats is essential to ensure the stability and resilience of critical infrastructure.

Schools and educational institutions are also major victims of cyber-attacks, affecting something as important as providing quality education to students. These institutions also store large amounts of sensitive information, such as student records or tax data, which can lead to identity theft and financial fraud. The loss or manipulation of student records can have long-term consequences on their educational journey, so protecting student and school data is crucial to fostering a safe learning environment.  

Keeping in mind the keys to keeping our data secure will be critical to protecting ourselves and our workplace.  

Key steps to protect key infrastructure from cyber-attacks

The US Department of Homeland Security recently published a 7-step guide to effectively defending industrial control systems, giving advice on how to prevent attacks on critical infrastructure. We list and review them. 

Create a list of allowed applications

This is one of the measures that could prevent most incidents if implemented well.

The creation of a list of allowed applications would consist of checks on which applications can be started, and the only ones on this list are the ones that can be used. This makes it more difficult for an attacker to execute malicious code that he has managed to insert into the protected system.

Network traffic, where application updates, lists, and authorized list records are sent, must also be monitored.

Patch known vulnerabilities

Vulnerabilities detected in a system should be fixed or patched quickly to minimize the time in which an attacker can exploit them.

One tip is to carefully monitor the system’s components and versions and always patch all vulnerabilities that are detected. This also applies to devices temporarily connected to the system.

For successful patching, information about the system’s state must be extracted, and patches must be imported quickly. If the system is connected in real-time, a new attack possibility is created. Unidirectional information flows and detailed traffic filtering can limit this.

Reducing attack surfaces

One way for an attacker to influence a mission-critical system is to exploit weaknesses in the implementation of accessible surfaces.

There are weaknesses at every level, known or unknown, in all computer systems. Therefore, a strategy of minimizing what is accessible can be implemented to reduce the risk of a successful attack.

It is also important to connect network systems only when necessary, considering first whether it can be unidirectional, as this makes an attack much more difficult. The next step is to limit the transfer of information, even in open directions.

Building a defensive environment

Segmenting the system into several zones limits the damage in case of a possible override of external protection. It is also easier to act after an incident.

This is a very important strategy, but also difficult to implement. The different zones must communicate but in a controlled way. Only protocols and information must be able to pass. Otherwise, there is no reason to segregate zones.

Using a one-way transfer, whenever possible, limits the exchange of information between zones, making it difficult for an attacker to import malicious code or communicate with a tampered system.

Sometimes, not connecting them is not an option, as the same network segments must be available in geographically different locations. Therefore, this traffic needs to be protected during transport between sites. The best way to achieve this is to use VPN tunnels.

Managing rights

One way for an attacker to achieve his goal is to first take over the parts of the system that have weak authorization control and, from there, work his way up the authorization hierarchy.

Gaining access to a section of the system with the highest privileges allows an attacker to work unrecognized and in a controlled manner. It is, therefore, necessary to control how authorizations are stored, distributed, and updated and to ensure that users follow a strong password policy to minimize the chances of such attacks.

It is also important to design authorization controls that only manage the area where it is stored in the system. Otherwise, it could be easy for an attacker to move its position deeper into the system.

Communication between authorization systems in each zone may be necessary to increase the likelihood of finding misconfigurations and attack attempts.

Protect external network connections

Attackers often want to attack remotely and look for network connections on the system. This means that all potential connections to the system should be checked and eliminated unless necessary, in which case they should be limited.

It is also safer for sensitive remote connections to require operator activation, have time limitations, and only be given access to operations deemed necessary. To this end, authorization controls must be strong, with, for example, two-factor authentication.

If a connection is not secure, an attacker can take it over and control the system with the privileges granted to the authorized remote user. In addition, he can obtain information by intercepting the connection and using it to prepare further attack attempts. At this point, an additional method that increases security is to apply a filter function based on a policy that defines what actions can be performed through remote ones and what information can pass through the filter.

Monitor and act

The introduction of IT security measures can significantly reduce the risk of successful cyber-attacks.

However, the risk is never zero, as you never know what resources the attacker has at his disposal and how they will evolve. Therefore, attacks that are not blocked by security mechanisms such as access control, filtering, encryption, and segmentation must be identified, detected, and responded to.

One recommendation is that network traffic, both within and to the system, should be continuously monitored for deviations.

Build your security strategy

Joining the digital transformation forces a re-examination of traditional security models, which do not provide agility in a rapidly evolving environment. Data footprints have expanded to the cloud or hybrid networks, and the security model has evolved to address a more holistic set of attack vectors.

As a result, today’s organizations need a new security model that adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, applications, and data wherever they are located. 

Having a technology partner specialized in cybersecurity can solve all of your company’s infrastructure and security problems. Plain Concepts can be that partner, helping you implement a Zero Trust approach, the essential security strategy for today’s reality.

We have the experience and resources to meet your needs at all layers of security: identity, endpoint, application, network, infrastructure, and data. We have already helped hundreds of organizations evolve their deployments to respond to remote and hybrid working transactions in parallel with the increasing intensity and sophistication of cyber attacks.

But moving to a Zero Trust security model doesn’t have to be an all-or-nothing proposition. We recommend using a phased approach, where we will help you close the most exploitable vulnerabilities first. To do this, we offer workshops and assessments to help you reach the maximum level of protection: 

• Protect your identity: A strong posture against security risks starts with protecting all identities with access to your organization and its assets. Protect your business while allowing all identities to access the applications and data they need. 

1. 1. MCI Workshop on Secure Identities and Access.
   2. Identity, governance, and security Assessment.

• Protect your infrastructure: Protecting critical systems and assets against cyber threats is essential to reducing risk. This includes hardware and software assets such as end-user devices, data center resources, network systems, and cloud resources.

1. 1. MCI Workshop on secure multi-cloud environments.
   2. Secure Endpoint Management MCI Workshop.
   3. Intune/Defender for Cloud POC.

• Secure your data: Secure, protect, and govern your data across clouds, devices, and platforms against unauthorized access and ensure compliance with general and specific data protection regulations.  

1. 1. Workshop to protect and govern sensitive data.
   2. Workshop to mitigate compliance and privacy risks.
   3. Data protection, privacy, and compliance assessment.

• Defend against cyber-attacks: enables immediate threat visibility across email, identity, and data and uses analytics and security intelligence to detect and stop active threats quickly.  

1. 1. Defend against threats with SIEM and XDR.
   2. Defender and Sentinel POCs.
   3. Immersive Workshops: Shadows Hunter, Into the breach MS Sentinel, Azure Arc. 

If you want to protect your most sensitive business assets and your entire team, don’t wait any longer and contact us! Our experts will help you understand the challenges you face and design the strategy that best suits you.