Critical Infrastructure sectors More at Risk of Cyberattacks in 2023

The year 2022 saw an expected increase in cyberattacks across all industries though the scale and sophistication of these attacks varied across the world. However, it was reported that most countries could see a rise in cyberattacks within their key critical infrastructure sectors because of the vital role it plays in the lives of the citizens within that country.

The National Critical Information Infrastructure Protection Centre in India, an organisation of the Government of India designated as the National Nodal Agency in respect of Critical Information Infrastructure Protection, has identified the following as ‘Critical Sectors’ – Power & Energy, Banking, Financial Services & Industrance, Telecom, Transport, Government and Strategic & Public Enterprises.

All of these, which provide services that are essential to the day-to-day functioning of society, are hives of the most sensitive and confidential data that threat actors can easily be monetised on the Dark Web, driving further cybercrime and disruption.

Unfortunately, the potential for widespread disruption has not gone unnoticed by cybercriminals. In India, close to seven critical infrastructure attacks have wreaked havoc for those within that industry – from the Oil India Limited ransomware attack in April, and in May on grounded SpiceJet flights, leaving passengers stranded for 4 hours, to Goa’s flood monitoring system in June and banking data breaches reported in August to the more recent cyberattacks on the AIIMS healthcare sector and resulting onslaught on Safdarjung Hospital in New Delhi, have left authorities understanding the need to prepare for an escalation in cyberattacks in future.

This focus on critical infrastructure is intentional. Cybercriminals are fully aware of the impact that any disruption has on vital services, not just financially but also on public confidence. For example, in utilities, you cannot expect people to be without electricity or water, which means companies are more likely to pay in the event of ransomware.

Hackers are also very observant and will strike during periods of unrest, for example using the ongoing energy crisis as an entry point for phishing or man-in-the-middle attacks.

Another common risk factor among critical infrastructure organizations is that they all have a high level of interconnected legacy tech. This could include old devices that may not be used every day but are still active, or a machine that is critical to business processes but can only operate on older software that can’t be patched.

We can’t deny the fact that increased connectivity is the problem.

This problem has been exacerbated by the introduction of IoT devices which are incredibly complex to manage and are rarely built with security in mind. As companies collect more data and expand their network infrastructures, the more attractive they become to hackers and the harder it is to defend against threats.

The threat level continues to grow, and the consequences only become more severe we have seen for ourselves here in India. Now is the time to take action and prevention should be at the heart of every step they take to better secure themselves.