Cyber fears for critical infrastructure

Nearly 9 in 10 (87%) believe that cyberattacks on critical services, such as oil suppliers, healthcare services, police departments or water treatment facilities, could have a major impact on everyday life, according to a study from Armis.

When it comes to increasing protection against cyberattacks on critical infrastructure, nearly 30% said that it was the government’s responsibility.

When looking at different industries, 94% of those working in travel and transport thought cyberattacks would have a major impact on everyday life, compared with 92% in manufacturing and 90% in healthcare. 

In fact, after hearing about the cyber attack on Florida’s water treatment facility, nearly half (48%) said they would consider or have stocked up on bottled water.

Similarly, 42% thought that there will be long-term implications to the US fuel supply following the ransomware attack on Colonial Pipeline last month.  

When asked whether it should be the government, private companies that provide critical services, or an independent regulatory body that provides increased protection for critical infrastructure, 28% thought it should be the government’s responsibility, while 47% said a combination of all three.

Just over 15% said the companies that provide the services and just 5% thought it should be solely an independent regulatory body.

“It is clear from this study that cyberattacks are impacting the UK working population, so much so that some would even consider stocking up on bottled water as a result,” said Andy Norton, European cyber risk officer at Armis.

“With cyber gangs unrelenting in their advances, they are showing no mercy when it comes to potential targets – even when it comes to critical services that the public relies on. Therefore, these organisations should make cyber resilience a number one priority for the time-being; however, they certainly don’t have to feel helpless when doing so.”

Norton offered the following advice to organisations to beef up their cyber-resiliency:

Plan: Have a plan in place, not just from an IT perspective, but also a communication one. Identify who internally (even if you call in a third party for help) will take charge of the situation if the worst should happen and who will make the important decisions. Once the plan is in place, test it!

Know your assets: You can’t manage what you can’t see, so having visibility over every device connected to the network and its status (i.e is it up to date with the latest software?) will be crucial in an attack situation. 

Threat Intelligence: Ensure you have threat intelligence feeds that show device behaviours and any deviations from what’s normal for that device, so you can take action to protect your environment. 

The survey that gauged the UK workforce’s attitudes towards cyberattacks on critical infrastructure in a study carried out by Censuswide.