On Tuesday 5th of June, Infosecurity hosted an insightful webinar based on ‘Ensuring the Cyber Resilience of the UK’s Most Critical Systems’. During this session panelists discussed how to best mitigate against malicious cyber activity that aims to exploit network infrastructure devices. The panel of experts shared practical actionable insight to help analyse the scope of the threat to Critical National Infrastructure (CNI) to drive effective risk mitigation.

In the webinar, critical systems that fail and could cause loss of life, substantial property damage or environmental damage was the first topic of discussion. Many well-known sources are present in applications such as medical equipment, aircraft flight control, missiles and nuclear systems.

In a general sense, many modern information systems are becoming safety-critical because their failure can result in financial loss and even loss of life. It was emphasised within the webinar that future safety-critical devices will become more popular and simpler. From a software perspective, the development of security-critical systems in the required numbers and with adequate reliability will need significant progress in areas such as configuration, architecture, verification, and software process. One panelist stated ‘The very visible problems that have arisen in the area of information system security suggests that security is a major challenge too.’

During the webinar the users were able to interact with the panelists and take a vote on particular questions. As seen below one of the questions was ‘What is the greatest security risk / challenge facing critical systems and environments?’ Interestingly the users voted that unsecured operational technology (OT) and legacy systems were the greatest risk facing systems and environments at 40%.

This led onto a discussion around this topic area. Another panelist discussed how manufacturing networks still running outdated technology could risk their intellectual property and production processes. In addition to preserving legacy infrastructure with established vulnerabilities, such devices are finding new bugs more frequently than ever before. This is a key reason why manufacturers are exposed to both targeted and commodity malware, including cryptocurrency mining attacks that could damage key production processes by consuming processing power and causing latency in the network. To conclude on this point, the panelists all agreed that in order to help mitigate the attacks and risks organisations should remember the basics of cybersecurity. Such as restricting user access, securing their in-house communication and disabling listings of directories, as well as identifying and prioritising key assets to protect.

The second greatest risk according to the poll is human risk. Against the context of a diverse and rising cyber threat landscape, where 57% of companies already expect that their IT security would be breached, organisations are now very aware that the insider threat is one of the greatest chinks in their cyber armour. In truth, 52% of businesses acknowledge that employees are their biggest IT security weakness, with their incautious actions jeopardising the business IT security strategy.

The panelists suggested in order to improve this area, it is important that employees are on hand to either spot the breach or mitigate the risks when security incidents occur in an organisation. After all, while workers do present a danger to organisations they do have a significant role to play in helping to defend the companies for which they work for.

The third point highlighted was nation state attacks at 15% of the vote. Unlike most industries nowadays, ransomware is not the biggest threat to critical infrastructure facilities. The overwhelming majority of attacks launched on these installations are funded by nation-states that are much more challenging to track and have more sinister objectives than just making a quick buck. The panelists discussed how the targeted attacks tend to be industrial control systems (ICS) attacks and supervisory control and data acquisition (SCADA) networks that support critical infrastructure. It is unlikely that there will be an attack launched on an organisation for no reason, at present there usually is a motive; testing; distribution and targets.

Many members of the panel concurred that in any scenario, whether the next assault on an ICS facility originates from malware or otherwise, the major picture stays the same — the essential infrastructure on which our communities depend is insecure. Awareness and preparation are crucial to consistent defensive action — not “if” but “when” it comes to the attack.

Upon finishing the webinar, the panelists agreed that today, the threat to business cybersecurity is almost commonplace, but that doesn’t mean that you can’t do anything about it. Investing in data security and secure communication now is a future investment – an opportunity you cannot afford to miss.

For further information on this webinar or about Salt Communications’ secure communications platform please contact our team on info@saltcommunications.com.

About Salt Communications

Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit our website.