Nation-state attacks, ransomware and connected devices are among top security risks facing critical national infrastructure in 2022, say cyber experts Bridewell Consulting
Cyber security services company, Bridewell Consulting, has outlined its top cyber security predictions for the critical national infrastructure (CNI) sector for 2022. Compiled from the knowledge of its team of highly skilled consultants, coupled with data gathered from its 24/7 security operations centre in 2021, the company warns of the automation of security threats, increased risks for remote workers, and more nation-state attacks on the UK’s critical national infrastructure.
1) Volume of threats from nation states will rise
CNI will face increased activity from nation state groups, which are likely to prioritise green energy targets given the global focus on the development of sustainable infrastructure. With currently only 20% of organisations seeing nation state attacks as a top risk, organisations will need to do more to strengthen cyber resilience. The oil and gas sector will also be the subject of more directed attacks from hackers-for-hire as they attempt to target high value income industries.
2) Ransomware will become automated
Human operated ransomware will be the biggest cyber risk for CNI in 2022. Different from traditional commodity ransomware attacks, we’ll see more cyber criminals with a high level of offensive security knowledge gain access to organisations and survey the environment for an extended period before launching a potentially devastating attack on data and systems. The risk presented by human operated ransomware will only increase as wormable variants such as WannaCrypt and NotPetya are utilised more. Additionally, automation will play a key part in the evolution of modern ransomware and malware attacks, with machine learning and AI used to remove some of the mistakes that allow businesses to respond to current threats.
3) Rise in 5G and connected systems and devices will increase risks
5G will continue to be rolled out globally in 2022 and increase the number of connected devices within organisations, particularly within industrial IoT. Already 84% of Operational Technology (OT) environments are accessible from corporate networks and of those that are not, 11% plan to make them accessible in the next 12 months. We expect to see more successful attacks as the growing number of facilities, systems and devices connected rise and the introduction of more government guidance and standards to bolster IoT security as uptake increases.
4) Organisations will turn to hybrid SOC models to plug skills gaps
With 84% of CNI decision-makers believing there will be a critical cyber security skills shortage in the sector, and many already lacking security professionals with the depth and breadth of knowledge of both OT and modern IT environments, we will …….