CNI leaders’ attitude to ransomware lackadaisical at best

Over 60% of cyber security leaders and decision-makers working in sectors regarded as critical national infrastructure (CNI) have not made space to put a decision-making plan in place on whether or not to pay up if they fall victim to a ransomware attack, according to a report.

Security consultancy Bridewell surveyed more than 500 cyber leaders in areas such as comms, financial services, government, transport and utilities, and found that although 79% agreed that ransomware would significantly disrupt their operations in the next 12 months, less than half have implemented measures that would help them prevent, detect, respond and recover from an incident.

For example, only 36% have implemented a security information and event management (SIEM) platform, which could potentially spot the signs of an incoming ransomware attack before the attacker executes their payload.

Likewise, only 43% said they had put in place technical controls to stop unauthorised access to systems, and to stop business-critical data being deleted, overwritten or encrypted.

“All critical infrastructure organisations must be prepared to suffer a ransomware attack and have tailored response plans in place to deal with actors targeting both IT and OT operations,” said Gavin Knapp, cyber defence technical lead at Bridewell. “This should encompass third parties and remote access into the OT environment.

“Failure to prepare can result in the loss of IP, interruption to operations, and significant financial and reputational damage. It also often leaves organisations with no choice but to pay the ransom, which aside from being illegal in some countries, only further fuels the crisis.”

Bridewell also found evidence of a disconnect around CNI cloud security strategies. It said that only 46% of respondents were using cloud storage services that had in-built ransomware protection, while just 42% had deployed a cloud access security broker (CASB). This was a concern, the report said, given a sharp rise in ransomware attacks that target weaknesses, or in some cases legitimate functionality, in cloud resources.

Bridewell said collective momentum was building among CNI operators to digitise their operations, but it was clear this did not include cyber resilience. However, it did find some promising signs that many CNI operators had had success in resolving some cyber challenges, and were really only constrained by a lack of understanding of the threat landscape, and their own capabilities.

As such, it concluded, although the threat landscape is a fast-evolving beast, CNI operators are in a strong position to respond well if they proactively seek help. Equipped as such, said Bridewell, whether they build in-house capabilities or enlist a security services partner, they will be in a much better position to respond to cyber threats without constraining the operational benefits of digitisation.