A new report from security awareness training and simulated phishing platform vendor KnowBe4 revealed that critical infrastructure is under siege with cyber attacks increasing 30 percent in one year. Energy, transportation, and telecommunications sectors have become primary targets. This is not surprising as these sectors, especially in developed countries, have become increasingly interconnected to digital technologies, which in turn have opened new vulnerabilities to cyberattacks. The KnowBe4 report also identified that the consequences of these types of attacks are potentially devastating to nations, and thus geopolitical adversaries have made it a powerful addition to their arsenal of digital weapons.
In its report, ‘Cyber Attacks On Infrastructure: The New Geopolitical Weapon,’ KnowBe4 examines the growing threat of cyberattacks on critical infrastructure and provides insight into safeguarding against these potentially devastating attacks. “Large-scale outages can disrupt critical services including healthcare and emergency services, and government agencies on a global scale. Numerous hospitals may have issues accessing data, and appointments and surgeries can be delayed. Cybercriminals swiftly try to exploit the situation, registering phishing domains and impersonating support staff,” it added.
The report highlights the continuing and escalating number of cyberattacks on critical infrastructure poses a global threat, potentially causing widespread social and economic disruption. Organizations must adopt a multi-layered defense strategy involving technology, processes, and people to reduce the risk of a successful cyber breach.
The KnowBe4 report identified that one of the most frightening events would be an attack on the energy sector, which includes power generation, water treatment, electricity production, and other interconnected platforms. “Any attack on this sector could throw communities into chaos; for example, in time of war, a sudden power shutdown could severely hamper the operations of hospitals, first responders, and military bases. This is not as far-fetched a scenario as we would like to think,” it added.
Last November, a report from the Paris-based International Energy Agency (IEA) found that globally, the average number of cyberattacks against utilities each week more than doubled between 2020 and 2022 worldwide. In 2023, they doubled again. On April 4, 2024, the North American Electric Reliability Corporation (NERC) reported that the number of points in the US power grids that are vulnerable to cyberattacks is increasing at a rate of approximately 60 per day. In 2022, the number of susceptible points grew from 21,000 to 22,000. Now it is between 23,000 to 24,000.
The KnowBe4 report also disclosed that globally, the average number of weekly cyberattacks against utilities has quadrupled since 2020, with a doubling occurring in 2023 alone. Between January 2023 and January 2024, critical infrastructure worldwide sustained over 420 million attacks – equivalent to 13 attacks per second – marking a 30 percent increase from 2022.
“The findings in our report are a wake-up call for critical infrastructure sectors,” Stu Sjouwerman, CEO at KnowBe4, said in a Monday report. “While the surge in cyberattacks on them is deeply concerning, it’s important to remember that we’re not powerless in this fight. By fostering a strong security culture that combines technology, processes, and people, we can significantly mitigate these risks. Every organization, regardless of size or sector, has a role to play in safeguarding our collective infrastructure. It’s time we view cybersecurity not as just an IT issue, but as a fundamental aspect of our operational resilience and national security.”
The report highlights recent high-profile attacks on global critical infrastructure, and their far-reaching impacts, and provides actionable recommendations for organizations and institutions to enhance their cyber resilience.
It also recognized that Europe’s power grid is under a ‘cyberattack deluge,’ inundated by thousands of attacks since Russia’s invasion of Ukraine. Leonard Birnbaum, chief executive of E.ON, one of Europe’s largest utilities, said last November that “the crooks are becoming better by the day,” adding “I am worried now and I will be even more worried in the future.”
In May of last year, Denmark’s energy infrastructure was compromised in a coordinated attack, with the attackers gaining access to some of the companies’ industrial control systems. “The attackers,” the organization said, “knew in advance who they were going to target and got it right every time.”
”The sheer numbers of attacks are accelerating every year,” according to the KnowBe4 report. “Between January 2023 and January 2024, the world’s critical infrastructure has been attacked more than 420 million times with attacks ranging in magnitudes, according to Forescout Research – Vedere Labs. This is 13 attacks per second, a 30% increase from 2022. The attacks have impacted 163 countries. The United States has been the primary target, followed by the United Kingdom, Germany, India, and Japan. China accounts for the highest concentration of threat actors targeting critical infrastructure, followed by Russia, and Iran,” it added.
The KnowBe4 report called upon organizations to ensure a more resilient cybersecurity program by fostering a strong security culture through ongoing training and assessments; implementing asset inventory management; and enforcing multi-factor authentication (MFA) for access to all critical systems. It also recommends developing and regularly updating incident response playbooks; conducting periodic tabletop exercises and simulations; establishing secure backup systems, testing, and recovery procedures; collaborating with industry partners and government agencies to share threat intelligence; and continually assessing and updating security measures to address emerging threats.
By integrating these practices, critical infrastructure organizations can significantly improve their resilience against evolving cyber threats. As the threat landscape changes, cybersecurity strategies should adapt to continue to protect the critical systems society depends on daily.
The KnowBe4 report also suggests that organizations must be prepared for potential incidents and disasters. Incident response playbooks, developed by IT and cybersecurity teams, outline procedures for known attacks to minimize risk and downtime. While it’s impossible to anticipate every catastrophe, disaster recovery programs should have the infrastructure to restore normal operations swiftly. These plans are compiled in a ‘playbook,’ containing recovery procedures, communication chains, and crucial information like Bitlocker codes or admin passwords.
It is advisable to have secure hard copies stored in multiple locations to avoid a single point of failure. Regular drills and tabletop exercises involving IT, OT (operational technology), and business teams help ensure staff readiness during incidents. By incorporating basic cybersecurity practices such as asset inventory management and MFA implementation to help foster a strong security culture, organizations, especially those in critical infrastructure, can significantly boost their resilience against evolving cyber threats.