An assessment by Lothar Hänsler, Operating Officer at RADAR Cyber Security.
Operators of critical infrastructures are increasingly targeted by cyber criminals. Meanwhile, attackers are not solely concerned with making money. Increasingly, they are putting pressure on their victims and threatening to publish stolen data or offer it on the darknet without the knowledge of those affected. In more and more cases, they also intend to severely disrupt network systems – including those of nation states. A threatening trend that will gain further momentum in 2023.
Anyone who takes the trouble to take a closer look at the current investment report of the European Union Agency for Cyber Security ENISA learns alarming facts about the negligence of European operators of critical and digital services – despite all cyber dangers: The average budgets for IT security have decreased by another one percent in 2022 compared to the year before, at 6.7 percent. The total damage to companies and organisations attributable to cybercrime is estimated at a devastating sum of 203 billion euros in 2022 in Germany alone, according to Statista. The financial sector and healthcare remain the areas with the highest incident costs.
And it gets worse: Only a quarter (27 percent) of the surveyed PES in the healthcare sector have a special programme to defend against ransomware. In addition, four out of ten (40 percent) of the surveyed authorities do not have an awareness programme ready to sensitise their employees. And the ever-changing threat landscape around ransomware and email continues to be one of the biggest threats to businesses and government.
Technology, awareness and processes
It is not only as a result of Russia’s war of aggression on Ukraine that many CRITIS operators should take the current threat situation seriously in 2023. Cyber attacks have become a means of political confrontation. Government IT systems will most likely experience increased DDoS attacks in the future. Organisations, companies and authorities should therefore focus their attention on email security and rely on a three-part package of measures consisting of technology, personnel and processes.
IT infrastructures must consistently become more resistant. Zero-trust networks, securing remote access and the use of endpoint detection and response (EDR) will be indispensable in the future. Since the Industrial Internet of Things (IIoT) is increasingly the focus of hackers, it is also advisable to securely combine IT and OT security. It is also extremely important to focus on educating and sensitising employees. However, this effectively only helps if it is a continuous awareness campaign.
The holistic and consolidated view of the security aspect – together with risk management – is becoming increasingly necessary. Just over a third of European CRITIS companies and digital service providers still do not operate a Security Operation Centre (SOC). In the energy sector, less than one in three European CRITIS operators have their OT processes monitored by a SOC.
Cyber security must become a strategic issue
It is true that a Chief Information Security Officer (CISO) can avert a lot of damage with the right use of products, processes and staff. However, a successful ransomware attack, coupled with the encryption of critical information, has an overall business impact. The decision whether to pay a ransom in an emergency is a business decision. It is not the sole responsibility of the CISO. Preparation for possible cyber-attacks, supported by training such as table-top exercises, is a key element of business continuity. In addition, business leaders are becoming more vulnerable to extortion due to time and decision-making pressures. This is another area that needs to be countered. Strong cyber resilience is therefore no longer the sole task of the IT department – but must be a strategic issue with which management secures its ability to act.
To protect oneself, one measure alone is not enough. But with a multi-layered security approach of continuous employee training, robust business continuity processes, European detection technology and professional security staff support, risks can be minimised. Prepared, resilient organisations can correctly classify suspicious events and respond accordingly before the big damage occurs – even in the new year of 2023.
About the author
Lothar Hänsler has been Operations Officer since 2019 and heads the Cyber Defense Center of security technology specialist and managed security service provider RADAR Cyber Security.