- Windscribe VPN review: A flexible and free VPN
- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
Trust in Cyber Takes a Knock as CNI Budgets Flatline
Trust in cybersecurity tools has become one of the biggest challenges facing critical national infrastructure (CNI) providers as sophisticated nation-state attacks proliferate, according to a new report from Bridewell.
The IT services firm’s latest Cyber Security in Critical National Infrastructure report is based on interviews with over 1000 CISOs and equivalent at CNI providers in the US and UK.
It revealed that nearly a third (31%) ranked “trust in cybersecurity tools” as a top challenge this year, a massive 121% increase on the 2023 edition of the report.
“Confidence in tools took a blow last year when the UK joined the US and other nations in warning providers of essential services about China-backed activity against CNI,” the report noted.
In fact, 74% of respondents said they are concerned about Chinese state actors, on a par with those worried about Russian state operatives (73%).
Read more on CNI threats: US Urges Critical Infrastructure Firms to Get “Shields Ready”
These concerns are likely to have been exacerbated recently, with US warnings in February that Chinese actors have pre-positioned themselves in multiple CNI networks to launch destructive attacks in the event of a military conflict.
As trust in tooling declines, so have budgets. The report found that the percentage of IT (33%) and OT (30%) budgets earmarked for cybersecurity fell dramatically from the previous year’s figures of 44% and 43% respectively.
The sharp decline can be seen across the board, from new hires, training and risk assessments to technology investments.
However, despite these financial difficulties, nearly a third (30%) of CNI respondents that fell victim to a ransomware attack last year told Bridewell that they paid their extortionists.
As well as the costs involved, Bridewell warned of the potential legal jeopardy it may put CNI firms into.
“Ransom payments could, for example, go to individuals subject to legal sanctions by the UK, US or EU. The UK’s Office of Financial Sanctions Implementation is warning payments could breach the law in other jurisdictions,” the report noted.
Interestingly, over a quarter (27%) of respondents claimed that ransomware breaches also had a psychological impact on employees.
Bridewell CEO, Anthony Young, was sympathetic to those organizations that do end up paying.
“If the organization has no ability to recover, then paying the ransom may represent the only viable option to resume operations other than rebuilding their systems from scratch,” he argued.
“However, this difficult choice is avoidable by having a security strategy to reduce the risk of threat actors gaining access and traversing through your systems without discovery and effective removal.”
