By Nikhil Korgaonkar, Regional Director, Arcserve India & SAARC
Critical infrastructure is vital for the proper functioning of our society and economy. It is almost impossible to imagine life without a robust network of hospitals, airports, power utilities, and schools. While many people may take these services for granted, you can be sure that cyber attackers understand how dependent we are on them.
Critical infrastructure is vulnerable precisely because it is so important. These essential services can significantly disrupt public life when shut down for even a day or two. The bad guys know there is a lot at stake if they disrupt these systems. They know they have a solid chance to make a quick profit because the costs and labor associated with manually recovering from ransomware are so high that the victims often pay the ransom to maintain service continuity.
The Colonial Pipeline ransomware attack in the US that took down the largest fuel pipeline temporarily in the country caused fuel shortages up and down the East Coast. The company admitted paying the hackers nearly $5 million in ransom just a day after discovering malware on its systems.
Back in India, the Stuxnet virus targeted Indian servers, infecting between 10,000 to 80,000 computers. Though there were no reports of any significant disruption, this did make India the third largest victim of the Stuxnet, after Iran and Indonesia. In another major incident, a malware attack in September 2019 on Kudankulam nuclear reactor in Tamil Nadu breached its administrative network. The malware was reportedly custom-designed, signifying that it was a deliberate hack. Most recently, a hacker group RedEcho targeted India’s power sector, ports and parts of the railway infrastructure. This attack on the power sector can be blamed for a massive power outage in Mumbai in October 2020.
A problem that is getting worse
The reality is that critical infrastructure, operated by federal, state, and local agencies, is getting hit by increasingly frequent ransomware attacks. Data from India’s Computer Emergency Response Team (CERT) and National Critical Infrastructure Protection Centre (NCIIPC), the two government bodies which keep an eye on malicious cyber activities, have noted several attacks on India’s critical infrastructure. These attacks have only increased in scale and frequency over the year making critical infrastructure protection a major cybersecurity priority for India.
And it is safe to say we can expect more of the same. Why? Because while ransomware has evolved and attacks have accelerated, spending on critical infrastructure modernization has failed to keep pace. The public sector broadly relies on tried-and-true technologies that worked in the past but are getting long in the tooth. Indeed, many agencies continue to use outdated hardware, software, and networks vulnerable to today’s persistent threats.
Add to this the rapid shift to virtual operations in the wake of the COVID-19 pandemic. Organizations create, share, and access data from remote locations on less secure networks, and hackers have pounced. Bitdefender reports that ransomware attacks jumped an eye-watering 485% in 2020, and many of the targets are in the public sector.
There is even a new trend called Ransomware-as-a-Service (RaaS). This subscription-based model enables virtually anyone to use already-developed ransomware tools to launch attacks. The developers of the malware line their pockets by taking a percentage of each ransom payment received.
Overall, the cybercrime problem is now immense, with damages totaling $6 trillion a year, notes Cybercrime magazine. Put all the cybercriminals in one place and make them a nation, and they would have the world’s third-largest economy, after the U.S. and China.
3-2-1-1 data-protection provides defense
All government agencies must improve their efforts to identify, deter, protect against, detect, and respond to these actions and actors. So, what can the public sector do to defend itself and our critical infrastructure?
One of the first steps it should take is to adopt the 3-2-1-1 data-protection strategy. The 3-2-1-1 strategy states that you have three backup copies of your data on two different media, such as disk and tape, with 1 of those copies located offsite for disaster recovery. The final one in this equation is immutable object storage.
Immutable object storage safeguards information continuously by taking snapshots of it every 90 seconds. Even if disaster strikes, you can quickly recover your data. Immutable snapshots are read-only versions of metadata for data and files. These snapshots provide point-in-time data recovery. Snapshots enable you to roll back to a previous file state in downtime, natural disaster, or ransomware attack. Immutable snapshots cannot be altered, overwritten, or deleted, so they safeguard data integrity from loss due to human error, hardware failure, or ransomware attack.
With immutable snapshots, schools could better safeguard student, faculty, and business records and protect data from accidental deletion or cyber theft. Healthcare organizations, for their part, could ensure the smooth and uninterrupted delivery of services and operations-even during a disaster or ransomware attack.
Critical infrastructure can be kept up and running with the right cybersecurity strategy and ultimately withstand the worst that cybercriminals can throw at it.