Another wave of cyber attacks has hit our banks, MetService and even the postal service – but critical services such as energy and water supply could be next, warns Vectra APJ Director of Security Engineering, Chris Fisher
Cyber-attacks in New Zealand have increasingly grown in sophistication and prevalence, in part due to increased digitalisation but also wider geopolitical changes and disruptions caused by the ongoing Covid-19 pandemic.
According to Deloitte, critical infrastructure operators in Asia Pacific are increasingly being targeted by cyber espionage and sophisticated attacks with the potential for severe disruption to essential services such as energy and water supply.
Rapid digital transformation and convergence of disruptive technologies has led to a much wider attack surface, testing the resilience of the region’s infrastructure.
The recent Tokyo Olympics 2020 for instance was beset by a data breach that compromised personal credentials such as usernames and passwords to access affiliated websites aimed at volunteers and ticket holders.
New findings in a recent Vectra PaaS & IaaS Security Survey Report have underlined how the cloud has changed everything we know about security; 100% of the companies surveyed have experienced a security incident but continue to expand their cloud service footprint, deploying new AWS services weekly.
The expansion of cloud services has naturally led to increased complexity and risk and the report uncovered some startling blind spots. These include 30% of organisations surveyed have no formal sign-off before pushing to production and 40% of respondents say they do not have a DevSecOps workflow – that is the automated integration of security.
Ransomware attacks on critical infrastructure spike in last 3-6 months
But it’s not just enterprise security that needs further scrutiny. When the Waikato District Health Board (WDHB) experienced a cyber attack earlier this year, hospitals and services were severely disrupted.
Described as the country’s largest cyber-attack to date, the attack crippled the WDHB’s 680 computer services, and led to critically ill patients needing to be transferred to other hospitals for care, surgeries delayed and patient data to be shared on the dark web.
New Zealand’s Computer Emergency Response Team (CERT) found that cyber incidents caused a financial loss of $16.9 million in 2020, with 7809 incident reports in total. This number continues to increase year after year.
Recognising the risks and finding a solution
The speed and agility that comes with the rapid deployment of cloud within organisations has enabled faster delivery of applications and numerous other benefits. However, these advantages need to be balanced against security risks that arise from cloud deployments, which can often be complex.
Vectra’s PaaS & IaaS Security Survey Report reveals that risk exponentially increases as more people are granted access to a cloud environment. Although companies surveyed are investing heavily in security operations, the challenges of securing the cloud are expected to continue for the foreseeable future due to sheer size, scale, and continuous change.
While the vectors of all these incidents have remained the same, the speed at which the attackers can now pivot through an organisation’s network and the coverage they are able to achieve as a result has greatly increased.
This highlights that current prevention tools are no longer enough to mitigate risk. What we are seeing now is that increasing cyber security threats when combined with a rapidly evolving cloud environment is creating a perfect storm that is highlighting significant skills gaps.
Constantly evolving critical national infrastructure threats means a round-the-clock effort and highly specialised skills to bolster enterprise cybersecurity.
Typically, most organisations have lean IT teams and lack the cybersecurity expertise required to pre-empt and mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource.
Securing the cloud with confidence is nearly impossible due to its ever-changing nature. To address this, companies need to limit the number of attack vectors malicious actors are able to take.
This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible.
Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness.
Securing critical national infrastructure with effective incident response
Critical national infrastructure (CNI) organisations must be ready and able to defend against a wide range of threats that attempt to steal from, disrupt, damage, or deny their operations.
When it comes to assets and infrastructure that are essential for the functioning of a society or economy, it’s no longer enough to just invest in the tools but it matters to build knowledge and establish stringent governance frameworks.
Attackers are increasingly targeting Operational Technology and Industrial Control Systems in ransomware attacks.
That’s where vendors with true cybersecurity expertise drive value, helping organisations not only to draw upon expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps.
Slowing down the attackers is only part of the challenge. CNI organisations should have the right capabilities that would also speed up defences across all network stacks (be that IaaS, SaaS, PaaS, or Datacentre).
The only way to achieve this is via prioritisation of incidents leveraging AI and automation. This will bolster the limited capacity of the security operations centre giving it the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach.
To better improve CNI cyber defences, there are the top three best practice tips:
- Reduce the risk of cloud services being exploited using an AI-driven threat detection and response solution.
- Monitor access of the deployment and the configuration of it.
- Review and remove admin-level roles that are no longer used and/or needed.
We can expect to see threats to CNI over the next few years across a number of scenarios – for instance, healthcare systems remain vulnerable particularly as the global fight against COVID-19 continues and continued demand for remote working will increase attack surfaces.
Each CNI site or situation is unique and visibility and agility are the building blocks of effective incident response. CNI security teams must adopt an assumed-compromised mindset and focus on early automated detections with context to make fast and informed decisions.
Chris Fisher is the Head of Security Engineering for Vectra.ai in the Asia Pacific and Japan Markets. As a leader for the APJ business Chris’s key responsibility is to ensure that Vectra customers have the security foundation to embrace new technology and lines of business, allowing them to digitally transform whilst reducing business risk and improving their security posture.