Nation-State Attacks, Ransomware and Connected Devices Are Among Top Security Risks

Cyber security services company, Bridewell, has outlined its top cyber security predictions for the critical national infrastructure sector for 2022. Compiled from the knowledge of its team of highly skilled consultants, coupled with data gathered from its 24/7 security operations centre in 2021, the company warns of the automation of security threats, increased risks for remote workers, and more nation-state attacks on the UK’s critical national infrastructure.

Volume of threats from nation states will rise

CNI will face increased activity from nation state groups, which are likely to prioritise green energy targets given the global focus on the development of sustainable infrastructure. With currently only 20% of organisations seeing nation state attacks as a top risk, organisations will need to do more to strengthen cyber resilience. The oil and gas sector will also be the subject of more directed attacks from hackers-for-hire as they attempt to target high value income industries. Read the Cyber Security in CNI Organisations: 2022 White Paper.

Ransomware will become automated

Human operated ransomware will be the biggest cyber risk for CNI in 2022. Different from traditional commodity ransomware attacks, we’ll see more cyber criminals with a high level of offensive security knowledge gain access to organisations and survey the environment for an extended period before launching a potentially devastating attack on data and systems. The risk presented by human operated ransomware will only increase as wormable variants such as WannaCrypt and NotPetva are utilised more. Additionally, automation will play a key part in the evolution of modern ransomware and malware attacks, with machine learning and AI used to remove some of the mistakes that allow businesses to respond to current threats.

Rise in 5G and connected systems and devices will increase risks

5G will continue to be rolled out globally in 2022 and increase the number of connected devices within organisations, particularly within industrial IoT. Already 84% of Operational Technology (OT) environments are accessible from corporate networks and of those that are not, 11% plan to make them accessible in the next 12 months. We expect to see more successful attacks as the growing number of facilities, systems and devices connected rise and the introduction of more government guidance and standards to bolster IoT security as uptake increases.

Organisations will turn to hybrid SOC models to plug skills gaps

With 84% of CNI decision-makers believing there will be a critical cyber security skills shortage in the sector, and many already lacking security professionals with the depth and breadth of knowledge of both OT and modern IT environments, we will see more organisations adopt hybrid Security Operations Centre (SOC) models. Organisations will turn to security partners to help develop more advanced capabilities required for running a cloud-native modern SOC, combining the cyber skills of in-house teams with the expertise of a Managed Security Service Provider (MSSP) to plug gaps in defences, while developing in-house expertise in tools and techniques including EDR, XDR and intelligence-based threat-hunting.

Focus will shift from prevention to detection and response

As the speed and complexity of attacks continue to grow, organisations will turn to managed security services, such as Managed Detection and Response (MDR) to strengthen cyber resilience. Companies will seek to implement early warning systems to alert on early signs of a potential breach and Security Orchestration Automated Response (SOAR) solutions, such as Microsoft Sentinel, will be critical alongside MDR in helping improve efficiency. Traditional tools such as anti-malware software and spam blockers will still be important, but these will increasingly be combined with proactive tactics, such as MDR, threat hunting, and ethical hacking to ensure any vulnerabilities are identified and mitigated immediately.

“Critical national infrastructure remains a top target for cyber criminals with attackers expected to use new technologies to launch more sophisticated attacks and remain under the radar. As we head into 2022, threat detection and response will be critical in providing organisations with visibility into their operating and IT traffic and vulnerabilities, as well as analysing user and identity behaviour to provide the widest level of protection.”
Martin Riley, Director of Managed Security Services

Bridewell is a cyber security services company providing global, 24×7 managed detection and response services and cyber security consultancy.

With extensive experience in delivering large-scale transformational projects in highly regulated environments, Bridewell enables organisations to drive strategic change securely, providing a full breadth of end-to-end cyber security services. Its expert team comprises of a diverse range of highly skilled consultants, supported by industry leading technology, deep technical expertise, accredited methodologies and a client-centric business driven approach.

Bridewell delivers a vast number of services across critical national infrastructure, aviation, financial services, government and oil and gas.  The company hold a number of industry accreditations including NCSC, CREST, ASSURE, IASME Consortium, Cyber Essentials Plus, ISO27001, ISO9001 and are PCI DSS QSA Company.

If you have any questions around any cyber security elements relevant to your business, please give our team a call. Our services ensure we cover all areas to identify, protect, detect, respond, and recover from cyber threats 24/7×365.