Securing critical infrastructure amid rising cyberattacks

As digitalisation accelerates across Southeast Asia, businesses are faced with the dilemma of transformation potentially outpacing their ability to protect against constantly increasing cyberthreats.

For example – ransomware, which the United Nations Office on Drugs and Crime has identified as the most prominent threat facing the region, has recorded a whopping 600% increase in cybercrime since the start of the pandemic. Similarly, in early 2022, the National Cybersecurity Agency of France revealed that it had seen a 37% increase in the reported number of intrusions into information systems, most of which led to the demand for ransoms to recover stolen (and often encrypted) data.

With critical infrastructure connected to IT networks now more than ever, major attacks have been recorded in sectors such as finance, education, transportation, and healthcare. Delays and deprioritisation from an organisation’s decision-makers increase the opportunities for cyberattackers to prey on known technology gaps. This, in turn, poses significant risks to essential sectors that drive our modern economies and societies.

Ransomware’s evolution is increasing risk

A ransomware attack not only puts lives and livelihoods at risk, it also harms reputations and financial bottom lines of organisations. According to Cybersecurity Ventures, within the next decade, ransomware attacks could be as frequent as every two seconds and cost around US$265 billion annually by 2031. Critical infrastructure are prime targets for cybercriminals, particularly with the growing digitalisation of citizens’ data and continued adoption or integration of new technology by businesses.

The increasing sophistication and evolution of ransomware is adding to the challenge of securing and protecting data, on top of ever-rising frequency, and ensuring operational continuity for critical infrastructure. The most commonly recognised form of ransomware, version 1.0, is a fairly unsophisticated cyberattack that targets an organisation’s production data — the data that is essential for everyday business processes — and can typically be remedied by traditional backup and recovery solutions.

With Ransomware 2.0, attackers focus on destroying backups first, then encrypting production data. This type of attack is designed to make it incredibly challenging to restore lost data, and there is almost no recourse to get it back but to pay the ransom.

Most recently, Ransomware 3.0 has emerged, whereby cyberthreat actors focus on encrypting and stealing data to expose it, or sell it unlawfully as part of “double extortion” schemes. This form of ransomware and cyberattack not only compromises data, but it can cause long-lasting damage to the reputation of organisations.

Stronger security postures start with greater IT and security alignment

Amid an increasingly challenging cyberthreat landscape, organisations need to strengthen their security posture by preventing attackers from getting access to their systems and data environments, and by having the capabilities to recover business processes quickly. To realise the full potential of technology, teams responsible for securing, protecting, and managing data must work better together.

Traditionally, ITOps has focused on backing up and protecting data and SecOps has focused on prevention. However, both ITOps and SecOps teams must work closely together to strengthen security postures, establish cyber resilience, and maintain business continuity, because the responsibilities and capabilities that are vital to achieving these goals stretch across both teams. For many organisations, this is a key challenge to address as too often these groups operate independently.

Prevention goes a long way in mitigating cyberthreats, and threat actors today are not merely encrypting data — they are destroying backups and exfiltrating data for profit while damaging reputations. Organisations must consider how they manage, protect, and recover data to ensure they remain cyber resilient.

IT and security teams can work in unison to strengthen their organisation’s security posture in the following key areas:

  • Understanding your data environment and technology assets.
  • Patching of systems and software regularly.
  • Building a data security approach based on segmenting your technology stack across all networks.
  • Removing data silos and gaining complete visibility of your data footprint and storage.
  • Enforcing user-access control and multi-factor authentication.
  • Educating internal stakeholders, from the board through to end users, on data security hygiene.
  • Regularly simulating and testing disaster recovery processes for data, under real-life scenarios.

Evolution towards modern data management

In the digital world of today, modern data management approaches and technology are fundamental in providing organisations with the cyber resilience and operational continuity they need to manage and protect the exact asset that malicious actors seek to leverage and extort — the data. Going beyond the bare bones is essential for organisations, even more so for those deemed as critical infrastructure, given that their very definition means they are economically critical for cities, societies, or even an entire nation.

Speed, scale and reliable performance are vital in recovering business processes and the systems they rely on within a few hours or days, and not weeks or even months, which are quite often the standard for the majority of organisations.

Fortunately, modern data management and security platforms help integrate IT and security so that SecOps and ITOps can be on the same page. By leveraging these platforms, organisations can better manage their data in hybrid or multi-cloud environments, and overcome the triple threat of data management: complexity, data silos (or lack of data visibility), and DIY workarounds required for legacy data management technology.

Modern data management platforms provide organisations with a range of capabilities that help counter internal and external threats. These include the following:

  • Data visibility at scale to eliminate dark data.
  • Immutable backup snapshots.
  • Automated disaster recovery that meets aggressive recovery point objectives (RPO) or recovery time objectives (RTO).
  • Air-gapping capabilities.
  • Cloud-based data isolation vaults for backups and business critical data.
  • Multi-factor authentication.
  • Quorum control.
  • Anomaly detection – all of which help counter internal and external threats.

Augmenting a security strategy to focus on cyber resilience and operational continuity by securely managing data and recovering it at speed (not just data security controls and protocols in isolation) helps to reinforce critical infrastructure against cyberthreats and mitigates the impact when a data breach occurs.

In this era of ever-frequent and increasingly sophisticated cyberattacks, it is vital that organisations align their IT and security teams to protect their data at a people, process, and technology level. This is where the right modern data management and security platform would truly shine, as it brings IT and security teams together to accelerate their cyberthreat response, whether it is through discovery, investigation, or remediation.