In the last few years, we’ve seen digital transformation take over the mindset of businesses and there has been a huge push to ensure that organizations in all sectors are adopting technology that is at the forefront of innovation. Every sector from marketing to manufacturing now has some aspect of digitalization and we’re seeing everything from AI to quantum computing being embraced to leverage greater efficiency, service and profitability.
However, in the race to adopt, many organizations are failing to recognize the impact of emerging technologies on cybersecurity. Nowhere is this more applicable than in the CNI space – where our nation’s most critical data resides – where it’s vital that the security measures match that of the technology that has been introduced. While email security will always be important to the protection of data, it might not align with the use of messaging apps to share files. The secure firewall protecting data servers probably doesn’t extend to the data being used to train an automated risk management platform.
So out of the myriad new technologies being introduced into the CNI space, which are providing the biggest risk?
1. Internet of Things
IoT is now a fact of life. From our phones to our fridges, from fitness monitoring to coffee machines, IoT is everywhere, and this goes for the CNI space too. More and more we’re seeing an integration of IoT into everyday operations and processes – everything from the monitoring of industrial equipment to medical equipment to defense communication systems. IoT can certainly help organizations become more effective – but they also create new risks and threats to critical infrastructure and services.
Because of IoT, more sensitive data is being shared digitally and at a fast pace. The data being stored by any company using IoT is more extensive than ever, so if there was an attack on the system, billions of data points could be compromised. For example, we have seen pirates hacking into IoT-enabled freights in order to access the larger network to steal bills of lading and identify the most valuable cargo aboard specific container ships.
Many companies only think about the individual device and forget the fact that one device connects to an entire eco-system. An IoT freight cargo is also connected to the whole shipping and the entire network of similar devices, databases and reports its data feeds into. One small compromise can result in the larger system falling victim to the cyber-attack. Security is only as strong as the weakest link.
2. Artificial Intelligence
AI is changing the way businesses operate. From the factory floor to back-end IT, automation is increasing speed and productivity, constantly learning and developing based on the vast quantities of data it processes. In theory then, AI is the perfect solution for cybersecurity where security monitoring data is growing at an almost exponential rate and conventional methods of processing it are starting to fail – something malicious actors recognize and are developing new methods of attack to take advantage of.
However, AI can also be (ab)used by a malicious player, causing catastrophic consequences. For example, last year, Darktrace identified an attack against one of its customers that used AI to observe and learn patterns of user behavior inside a network so it could go on to mimic this and blend into the background so as not to be spotted by security tools. Going undetected, this allows cybercriminals to infiltrate networks for longer periods of time and gain access to an organization’s most critical data. With AI being used in healthcare to augment diagnosis, what would be the impact if this was compromised?
The recent arrival of 5G, with significantly faster speeds, increased capacity and lower latency, will change existing operating environments forever. However, these benefits come at the expense of growth in the attack surface. The 5G-enabled devices and networks that underpin CNI operation could be compromised by new and traditional attacks, causing major chaos.
For example, the increased speed of a 5G network could be more readily used in a DDoS-style attack. Furthermore, with the increase in use, because of the increased bandwidth, the network itself will become a greater target. Where systems rely on real-time and continuous communication of data from large numbers of sources, for example in transportation networks, this has the potential to create chaos. And if we think about the future of this sector, with greater numbers of autonomous vehicles on the road – which will rely heavily on 5G connections for data transfer and decision making – there are potentially life-threatening consequences to an attack.
So, what do we do?
The first step is to understand what the new technologies are and then to look at the potential risks and consequences. After this is it possible to plan to mitigate the risk. When it comes to CNI, it might be thought that the Government would put in place, and rapidly change, regulations guarding its safety. However, this is not the case – for many reasons, including competitive advantage and the need to synchronize regulations with the EU and or the rest of the world. Threats change at a much greater pace than governments can react. So, the onus is put on organizations to ensure that the adoption of new technologies is done in a secure manner. Whether this is the MoD or an electricity company, or the supplier of a widget to a CNI organization.
Unfortunately, there is no silver bullet when it comes to cyber-security, but there are three areas which need to be addressed:
Education is everything in the fast-changing nature of technology. Organizations must ensure they understand the risks of any new technology they install as this will be key to properly securing it. This is not just the IT team, everyone working with critical data and new technologies need to understand the risks and how to mitigate them as well. Regularly read up on the risks of new technologies and have the security team hold sessions that explain how an attack could occur and what to do if one is suspected. The goal is to develop a culture that encourages innovation but is also aware of the risks new technology can bring in order to keep information safe.
Establish clear processes for implementing new technologies. For example, make it mandatory for the security team to be involved in every discussion about investing in technology so they are aware of what they need to do in order to prepare to secure the devices and the data at the point of installation. Ensure there are processes in place for if there is a problem – who to contact, what’s the chain of events to minimize the impact.
Technology is there as the last line of defense, to help enforce policies and ultimately to keep people and information safe. Use established security technology to protect data at every point. For example, traditional email and web security solutions – such as Clearswift’s SECURE Gateways – can be integrated into new scenarios to ensure there is some level of security for new technologies. For systems connecting to the Internet through the network, traffic and the destination can be monitored. Clearswift’s Deep Content Inspection and Adaptive Data Loss Prevention (A-DLP) solution has capabilities that go far beyond traditional DLP and network security. For example, features such as anti-steganography can guarantee that images are not used to convey malware or to leak sensitive information, while OCR can ensure that information is not leaked using images from multi-function printers and screen grabs.
Adoption of new technologies is the way forward; we can’t stay static to stay safe, but it is vital that organizations handling critical data, such as that within CNI organizations, are certain that their security measures are good enough to battle against the risks opened up by emerging technologies.