Is National Critical Infrastructure a Hot Target for Hackers?
In January 2020, the nation was shocked to hear that Huawei was involved in providing our 5G network. The Chinese telecoms manufacturer has been dogged by claims of privacy breaches, as China moves towards a ‘surveillance society’.
In response, the US downgraded the UK’s access to its intelligence.
Was this an overreaction, or a wise move in an age where data is more valuable than anything else?
Seen it All Before
The simple fact is, state-sponsored attacks are nothing new.
There is sufficient evidence, for example, that the Chinese military was behind the Equifax data breach in 2017. What we need to do is recognise the dangers facing our businesses and assess how vulnerable we are to certain threats.
In particular, critical infrastructure faces threats from all over, including:
- state-sponsored attacks
- political activists
- lone hackers operating from their bedrooms
So what exactly is the motivation behind these attacks?
For less sophisticated attacks, the key motivator could simply be an easy target. This is notable for the manufacturing industry, which is only just beginning to reap the benefits of Industry 4.0, using the Internet of Things and analytics to speed up processes and reduce waste.
Of course, with manufacturing, the vulnerabilities are threefold:
- Physical assets in the warehouse
- The cyber data within design and machine software and stock management systems
- Personal data.
All of this information could be commercially sensitive, which could lead to ransomware, a halt in production, or other forms of business disruption.
Access to Intelligence
Government data is one of the most valuable assets a hacker can try to steal.
This could be anything from government secrets to personal data on citizens, town planning projects or military activity.
All of these can be used to threaten those with positions of high authority – or worse still, steal data from individuals for financial gain.
As mentioned above, often the prime motivator for attacks is money.
Hackers may attack government systems to find out citizens’ personally identifiable details, like national insurance numbers, which could lead to identity theft and/or stealing funds from personal bank accounts
Alternatively, hackers may rely on ransomware attacks which involve encrypting a file so that its rightful owner cannot access it.
The owner can only have the file back once they have agreed to pay a ransom, which is often requested as cryptocurrency to avoid being traced.
Bringing a Country to its Knees
Some hackers simply want to stop people in their tracks. These could be individuals, companies, or in the most extreme cases, whole countries.
The 2017 WannaCry attack, for example, targeted more than 150 countries, predominantly focused on the UK, US and Australia. It was later revealed to be a state-sponsored attack from North Korea, driven by political tensions.
Indeed, politics are a huge influence for attacks. Whether it’s hacking or influencing political results, these impacts are pervasive and eye-opening.
It’s speculated, for example, that Russian influence helped to sway both the election of Donald Trump and the Brexit vote, using something as simple as Twitter bots.
What Can You Do As Business Owners?
If your business is in national critical infrastructure, ensure you have the following policies in place:
- Regular reviews of staff access to data
- Watertight staff termination and data policies
- Watertight HR policies for social media
- Regular updates to security software
- Regular security audits and staff training.
At NexusProtect, we offer a holistic 360° review of all your business’ security practices. Contact us to protect your business from risks.