Tuesday, May 30 2023

A report on critical infrastructure in the UK reveals a disparity between perceived threats to critical infrastructure security and the reality of cyber risks.

Bridewell Consulting engaged market research firm Censuswide to survey 250 security leaders across critical infrastructure sectors, referred to in the UK as critical national infrastructure. The survey examined the aviation, chemicals, energy, transport and water sectors.

The study sheds light on the widespread use of older systems lacking security support, which allow attackers to access and manipulate operational technology systems. The majority of organizations surveyed said they rely on aging systems; 79% of the organizations reported systems that were over five years old, and 34% over ten years old.

The survey results point to environments that are often reliant on Internet-connected technologies in critical industrial operations, with 84% of the environments reported as accessible from corporate networks and 58% accessible from the Internet. The report emphasizes that defined layers of network segregation are critical in minimizing an attacker’s movement within a network.

The participating organizations demonstrated a willingness to take advantage of cloud advantages such as reductions in operational expenses, greater scalability, and potentially improved physical resilience; 98% of the organizations surveyed have either migrated elements of their operational technology environments to the cloud or are planning to do so. Misconfigured cloud systems are among the largest attack vectors, as a study of third-party cloud services recently demonstrated.

In addition to the risks posed by an aging yet increasingly connected infrastructure and the potential for human error, decision-makers have also identified these threats to be among the most dangerous to their critical infrastructure organization: cyber attacks (39%), malware (34%), and physical security risks (28%).

Only 20% of respondents selected attacks from nation-states as a major risk, and only 18% chose threats from third-party suppliers, which could indicate some complacency around supply chain risks despite recognition by the National Cyber Security Centre as an area of vulnerability.

The researchers urge decision-makers to qualify and quantify all supply chain risks and threats before undertaking adaptive risk management procedures, as the consequences of successful cyberattacks can include financial penalties, downtime, dismissal of employees, reputational damage, and loss of revenue.

Previous

Supreme Court Limits Scope of Federal Anti-Hacking Law

Next

Cybersecurity M&A and Funding Update: June 11

Check Also

Widget

Don’t Miss

Cloudburst Technologies Raises $3 million in Seed Funding

Julia Bischoff

Cloudburst Technologies, a monitoring and threat intelligence provider, announced that they raised $3 million in their seed investment round. Investments were led by Strategic Cyber Ventures with participation from Coinbase Ventures and Bloccelerate. Cloudburst Technologies specifically provides tools aimed at tracking and combating fraud in the cryptocurrency market. Investigators can do so without relying on […]

Two people collaborating over a computer by Desola Lanre-Ologun

Cyber Deals: Cloudburst, HUB Security, and Soucepass

Julia Bischoff

Cybersecurity venture funding activity and mergers and acquisitions: This week’s most sizable deals included AI powered security service providers and computing platforms. Funding Threat solutions provider for cryptocurrency Cloudburst Technologies raised $3 million in the seed funding round led by Strategic Cyber Ventures in order to help build on their current technology. HUB Security, a […]

Cyber Executive Moves: Vimeo, IntelePeer, National Cybersecurity Center, and More

Julia Bischoff

Former Tesla CISO joins Vimeo, NCC welcomes new board members, and Greenway Health hires new CISO. Video sharing platform Vimeo welcomes Mark Carter as their first chief information security officer. Carter has a variety of experience in the industry including serving as chief information security officer at Tesla.    Greenway Health, a health services software […]

NetBox Labs Raises $20 Million in Series A To Drive Open Source Transformation of Networking Industry

SecureDisruptions

NetBox Labs, an open source network management and automation startup, announced it has raised $20 million in Series A funding. Flybridge Capital is leading the investment with participation from GGV Capital, Grafana Labs CEO Raj Dutt, Mango Capital, Salesforce Ventures, Two Sigma Ventures, IBM, the Founder Collective, and Entrée Capital. As part of the round, […]

Fivecast Completes $20M Series A Raise With New US and Existing Australian Venture Investors

SecureDisruptions

US-based cybersecurity venture capital firm Ten Eleven leads funding, joining existing backers in CSIRO’s Main Sequence and South Australian Venture Capital Fund Australian open-source intelligence software company, Fivecast, has closed its Series A funding round with almost $20 million (AU$30m) raised to fuel its expansion and service contracts in key markets, including Five Eyes nations, […]

Push Security Raises $15M and Launches New Visibility and Employee-Powered Tools to Help Enterprises Scale SaaS Security

SecureDisruptions

LONDON–(BUSINESS WIRE)–Push Security, a SaaS security company, has raised $15M in Series A funding. GV (Google Ventures) led the funding with participation from Decibel and notable angels, including Dug Song, co-founder and former CEO at Duo Security, and Tray.io co-founder and CEO Rich Waldron. GV General Partner Karim Faris and Jon Oberheide, co-founder and former […]