Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

The importance of critical infrastructure protection

Fujitsu Services : 20 July, 2015  (Technical Article)
Rob Lay, Enterprise and Cyber Security Solutions Architect in UK and Ireland at Fujitsu explains why better security is needed for critical infrastructure
The importance of critical infrastructure protection

We are now living in a world where digital services are embedded into our everyday lives. Whether it is shopping and banking online, or connecting with our co-workers and customers across the globe, the evolution of technology has dramatically changed our lives. But as digital services continue to become more significant, businesses need to ensure the right security is in place to protect our digital assets. This is especially important for those with critical infrastructure.

The threat of cyber-attacks on industrial and critical infrastructure targets is growing rapidly, with the recent attack against the US government highlighting that even the most secure organisations are now facing a very real cyber threat. The intention to target confidential passwords highlights the value this has to adversaries. The fact that log-in credentials for up to 47 US government agencies were compromised means it is no longer just about prevention for large organisations, but instead accepting a security breach could occur and the importance of a strong security posture.

Organisations need to develop a smarter approach to security that is more in line with the landscape in which they operate today.  The concept of defence in depth is well understood, however the development of techniques and capabilities within the hacker community means that businesses need to adapt their approaches to their security structures.  A better approach would be to look to defence in breadth.  This moves away from the model of using multiple layers of the same type of control - which reduces the effectiveness of the model - to a position where different security controls are layered within the environment to provide better levels of protection.  

According to Tripwire, nearly all critical infrastructure industry executives recognise that their organisations are targets for cyber-criminals, with 61 per cent believing that their systems could detect a cyber-attack on a critical system within 24 hours.

But it’s not just about organisations. If a business experiences a security breach, the ramifications on customers can be catastrophic. According to research from Fujitsu, only 9 per cent of UK consumers believe organisations are doing enough to protect their data with a third admitting that their trust has declined in the last 12 months. As well as this, according to further research from Fujitsu , looking at the UK’s digital landscape, more than 1 in 5 of us will  always use a digital service when offered by an organisation. Yet, despite the surge in usage, concerns still remain. Of the 12 per cent of UK consumers who said they never use digital services when offered to them, the second highest reason given for this was ‘security concerns’.

It is vital for organisations with critical infrastructure to take a more proactive approach and focus on the integration of threat intelligence and other information sources to deal with today’s advanced cyber threats. To ensure companies are cyber resilient, there are several key actions that businesses can take to protect key assets.

* Firstly, focus on the relevant threats. Many organisations get side-tracked by chatter about the latest threat when it doesn’t actually impact them; by taking things back to a continuous risk-based approach, organisations will be able to target security capabilities in a way which helps them defend against those threats which actually pose a risk to their business

* Go back to basics – it’s essential. Organisations need to ensure that security assets such as strong passwords, two-factor authentication, patching, risk assessments and IT Health Checks are in place and communicated to employees to ensure that attacks do not occur because of simple mistakes

* Rapid response is key. Organisations also need to ensure that they have an ability to respond to threats in a well-defined and practiced manner. A proven Security Incident Response process is invaluable when faced with a real-life security incident and will save the business both time and impact
* Proactivity will pay-off. Finally, businesses need to gain better visibility into their operating environments and put the processes and capabilities in place in order to help them become more proactive in their approach to security. Being reactive and waiting for incidents and events to happen will keep businesses on the back foot

As the digital and technology landscape continues to develop, there are more ways than ever to innovatively interact and engage with different organisations and services. However, while digital helps make our lives easier, there are also security risks and it is more important than ever for businesses with critical infrastructure to have resilient security to keep sensitive data secure. Organisations can no longer afford to be complacent when it comes to today’s threat landscape.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo