Hello everyone and welcome back to the Cognixia podcast. Every week, we dig up a new topic from emerging digital technologies and share insights, ideas, information, stories, and more. We strive to inspire our listeners to learn new things and update their repertoire of skills to stay relevant and continue growing in their careers.
In today’s episode, we talk about the rising incidents of email-based security breaches, especially in CNI companies. CNI, here, stands for Critical National Infrastructure. CNI companies would include companies that offer critical infrastructure for citizens, such as utilities, transport, telecommunication, data centers, etc. So, this could be government and private bodies that provide electricity, water, cab services, bus transport, railways, phone network service providers, etc. Compromising these services can cause huge losses and widespread disruption.
A recent report by Malwarebytes found that the service industry, including the CNI companies, is the worst affected by ransomware. Almost a quarter of global ransomware attacks target the service industry.
Cyber-attackers are increasingly using malicious emails to infiltrate critical national infrastructure companies. According to a recent report by OPSWAT, a leading security solutions provider, up to 80% of CNI companies experienced an email-related security breach in 2023. For this Report, OPSWAT spoke to over 250 IT and Security leaders from global CNI organizations. The Report discovered that email-based attacks were becoming the main weapon being used by the attackers.
According to the OPSWAT report, each year for every 1000 employees, there were 5.7 successful phishing attacks, 5.6 account compromises, and 4.4 incidents of data leakage. This may not seem like a huge number, after all, 5 to 6 incidents for every 100 employees is quite a small number. But, in the cybersecurity world, they are big numbers. Even one attack can spell the downfall of an entire organization, this is still 5, so it is indeed very significant and worrisome. Despite the growing number of attacks targeting the service industry, 50.4% and 52.8% of respondents to the OPSWAT survey continue to strongly believe that emails and their attachments, respectively, are benign and safe, by default.
In recent years, email-based attacks have become increasingly common. Emails work as great cyberattack weapons for a multitude of cyberattacks including phishing, malware, etc., and not just for CNI companies but for everyone, even individuals. At some point, all of us have received such emails. Remember that email you received that said you’d won the lottery? Or the one that said the sender had a recording of you doing something and if you’d pay they’ll delete it? Or the one that said they are super rich and would like to give you some money? Or the one that said you needed to update your KYC but was not from your bank? Or the one that said your order would be returned if you didn’t pay but you hadn’t even placed that order? The list goes on, but you know what we mean.
One important conclusion that can be drawn from the OPSWAR report is that since operational technology and IT systems are becoming increasingly linked, so email security must be prioritized. A lot of Operational Technology networks are still airgapped. The progress in digital transformation that the world has made so far has necessitated OT networks to be connected to the internet. That progress would not have been possible without the internet, after all. Email is one of the easiest ways to penetrate OT networks and compromise organizations. There is a need to take a dramatic approach to strengthening email security that would focus on preventing and preventing threats coming from emails.
A few weeks ago, the UK announced that data centers would also be considered Critical National Infrastructure, moving forward. After the Microsoft-Crowdstrike outage, governments and enterprises worldwide are realizing how critical data centers and networks can be, and are gradually taking approaches to combat potential threats and safeguard these assets.
But what does the UK’s classification of data centers as CNI really mean? This means that data centers in the UK would receive more support from the government to recover from critical incidents. Senior government officials would also be involved and coordinating with national security agencies in the UK like the National Cyber Security Center and the emergency services. Due to this, criminals would also likely get harsher punishment for disrupting CNI. But it would also mean greater scrutiny and tighter compliances for data centers. They would need to have a lot of things in place like physical security measures, audits, contingency plans, risk reporting, security software, etc.
A new report from Threat Pulse by the NCC Group shared that about 34% of ransomware attacks in July 2024 alone were targeted towards CNI organizations! And, this was 2% more than the numbers in June! Now, does it feel like a huge threat?
Remember that very infamous attack on the Colonial Pipeline Company quite some time ago by the DarkSide group? Following that attack, it is believed, that ransomware collectives made a decision not to attack hospitals. It is believed they had vowed not to cross a line that could invite potential legal action against them. But since 2023, this pact seems to have broken down and attacks are back on all sorts of CNIs in full swing.
What makes CNI more vulnerable? Globally, it is generally quite common for CNI organizations to be operating legacy systems. It is quite likely their systems never updated with time as much as they should have. So far as normal operations went on, nobody paid much attention to securing the systems at CNIs. CNIs, in fact, don’t even get noticed unless something goes wrong. Have you heard your electricity provider send you a text notification that electricity services will be unavailable in your region because their systems are updating, something like how your bank texts you about it? No, right? But you often hear that the bill can’t be paid or the latest balance doesn’t reflect in your account at the power company because their server is down or their systems are too slow, right? That’s legacy systems. You paid bills online, but it doesn’t show at the company’s end, sound familiar? There you have it. It is not that CNI companies don’t want to update the systems or that the government or owners are not interested in securing them. The problem is, that it is practically impossible to update the systems without a major shutdown of their services. You can’t update the systems while maintaining normal operations. And since these services are so critical, such major disruptions can’t be afforded.
As a result, oftentimes, the infrastructure at the CNI companies can be even 20 to 30 years old! Plus, the employees are often not as tech savvy and blind faith in emails and their attachments makes them extremely vulnerable.
Innovation is definitely needed here. If system updation doesn’t disrupt CNI operations, cyberattacks most likely will. How things will actually turn out in the future, only time will tell.
Well, with that, we come to the end of this week’s episode of the Cognixia podcast. We will be back again next week with another interesting and exciting new episode.
Until then, happy learning!
