The current economic crisis is having a significant impact on the cybersecurity landscape, leading to a rise in cybercrime across the UK critical national infrastructure (CNI). According to a research report titled “Cyber Security in CNI: 2023” conducted by Bridewell, a leading cyber security services firm, more than a third (34%) of organizations anticipate an increase in cybercrime as a direct consequence of the economic downturn. This article will delve into the key findings of the report, highlighting the specific concerns and statistics associated with the cost-of-living crisis and its relation to cybercrime.
Sector-Specific in cybercrime Concerns:
According to the research report conducted by Bridewell, 500 cyber security decision makers from various sectors were surveyed. These sectors include transport and aviation, utilities, finance, government, and communications. Among the surveyed sectors, the utilities sector, which includes energy and gas, expressed the highest level of concern regarding cybercrime.
Specifically, 41% of respondents from the utilities sector predicted a surge in cybercrime due to the financial hardships caused by the ongoing Russia-Ukraine war. This conflict has led to constrained oil and gas flows to the UK, resulting in increased fuel and food prices. These rising costs have intensified the financial strain on both individuals and organizations.
The combination of financial hardships and increased costs of living creates an environment in which cybercriminals may see an opportunity to exploit vulnerabilities within the utilities sector. This sector, being critical to the national infrastructure, becomes a prime target for cyberattacks.
Employee Sabotage as a Growing Risk:
The rising cost of living is significantly impacting employees, putting them under increased financial strain. This, in turn, has led to a concerning trend in the critical national infrastructure (CNI) sector. According to the research report, a substantial number of CNI decision makers (21%) now consider employee sabotage as one of the biggest risks to their organization’s IT environment.
Within the past 12 months, the mean number of security incidents related to employee sabotage has witnessed a significant increase of 62% within the CNI sector. This rise indicates a growing concern over insiders compromising organizational security due to their personal financial hardships.
Phishing and Social Engineering Attacks:
During the aftermath of the 2008 economic crisis, Sony Pictures Entertainment faced a devastating cyberattack that involved phishing and social engineering tactics. The attackers, allegedly linked to North Korea, exploited employee vulnerabilities and financial fears to gain unauthorized access to the company’s network. This incident resulted in a significant data breach, exposing sensitive employee information, internal communications, and unreleased films.
Another attacked crisis happened in 2013, during a period of economic recovery from the previous recession, Target Corporation experienced a high-profile data breach that affected millions of customers. The breach resulted from a sophisticated phishing attack that targeted a third-party vendor with access to Target’s network.
The attackers sent phishing emails to an HVAC vendor’s employees, posing as a legitimate company. Through these deceptive emails, they obtained login credentials that allowed them to gain unauthorized access to Target’s systems. The breach compromised credit and debit card information, as well as personal data, affecting millions of customers.
These cases highlight how threat actors can exploit economic downturns to manipulate employees’ vulnerabilities and fears. The increase in financial pressures during such times can make employees more susceptible to falling for phishing attempts, compromising organizational data and systems.
The attackers employed phishing emails, tricking employees into clicking malicious links or opening infected attachments. The economic downturn created an atmosphere of uncertainty, making employees more susceptible to manipulation through fear and financial concerns.
With the economic downturn, a third (33%) of decision makers anticipate a surge in phishing and social engineering attacks. This suggests that threat actors may exploit employees’ vulnerabilities and financial fears to gain illicit access to CNI data and systems. As employees face increasing financial pressures, they may be more susceptible to manipulation, making it crucial for organizations to prioritize robust cybersecurity measures.
Increase in Insider Threats:
The research report highlights a longer-term trend of rising cybersecurity risks originating from insiders, both malicious and negligent, over the past three years. Two-thirds (66%) of CNI decision makers reported an increase in insider threats since 2020. However, despite this concerning trend, 65% of CNI organizations are experiencing a reduction in security budgets due to the economic downturn. This reduction may further exacerbate the vulnerability to insider risks within the sector.
The reduction in security budgets leaves CNI organizations more vulnerable to insider risks, which have been on the rise in recent years. The research report highlights that two-thirds (66%) of CNI decision makers have observed an increase in insider threats since 2020, indicating an ongoing and concerning trend. Insider threats can arise from both malicious intent and negligence, making it essential for organizations to maintain robust security measures to mitigate these risks.
With shrinking budgets, CNI organizations may face challenges in implementing necessary security controls and monitoring mechanisms to detect and prevent insider threats effectively. Insufficient resources could hinder efforts to monitor employee activities, implement access controls, conduct regular security assessments, and provide comprehensive cybersecurity training.
The consequences of a reduction in security budgets could be far-reaching. CNI organizations are responsible for critical infrastructure that, if compromised, can have severe consequences for public safety, economic stability, and national security. Insufficient cybersecurity measures increase the likelihood of successful insider attacks, potentially leading to data breaches, service disruptions, or even physical damage.
Summary:
The cost-of-living crisis is undeniably contributing to a surge in cybercrime within the UK’s critical national infrastructure. The research findings from Bridewell’s “Cyber Security in CNI: 2023” report shed light on the concerns expressed by decision makers in various sectors. As organizations face economic pressures and reduced security budgets, it becomes imperative to invest in strengthening their cyber defenses from the inside out. This entails robust monitoring and testing of systems and access controls, investment in data loss prevention measures, and continuous education and training programs for employees to enhance awareness of cybersecurity best practices. By addressing these challenges, organizations can better safeguard their critical infrastructure in an era marked by a cost-of-living crisis and increased cyber threats.
Edited by 3gtech.info from internet sources
