Asset visibility and security platform, Armis has released results from a survey that gauged the UK workforce’s attitudes towards cyberattacks on critical infrastructure. Carried out by Censuswide*, the survey found that nearly 9 in 10 (87%) believe that cyberattacks on critical services, such as oil suppliers, healthcare services, police departments or water treatment facilities, could have a major impact on everyday life.
When it comes to increasing protection against cyberattacks on critical infrastructure, nearly 30% said that it was the government’s responsibility. Looking at different industries, 94% of those working in travel and transport thought cyberattacks would have a major impact on everyday life, compared with 92% in manufacturing and 90% in healthcare.
In fact, after hearing about the cyberattack on Florida’s water treatment facility, nearly half (48%) said they would consider or have stocked up on bottled water. Similarly, 42% thought that there will be long term implications to the US fuel supply following the ransomware attack on the Colonial Pipeline last month.
A study earlier this year cited that at least 86% of CNI organisations in the UK experienced cyberattacks on their operational technology (OT) and industrial control systems (ICS) in the previous 12 months. More recently, the National Cyber Security Centre (NCSC) CEO Lindy Cameron issued a call to action for organisations to take the ransomware threat seriously as attacks on operational technology (OT) are growing.
Furthermore, when asked whether it should be the government, private companies that provide critical services, or an independent regulatory body that provides increased protection for critical infrastructure, 28% thought it should be the government’s responsibility, while 47% said a combination of all three. Just over 15% said the companies that provide the services and just 5% thought it should be solely an independent regulatory body.
“It is clear from this study that cyberattacks are impacting the UK working population, so much so that some would even consider stocking up on bottled water as a result,” said Andy Norton, European cyber risk officer at Armis. “With cyber gangs unrelenting in their advances, they are showing no mercy when it comes to potential targets – even when it comes to critical services that the public relies on. Therefore, these organisations should make cyber resilience a number one priority for the time-being; however, they certainly don’t have to feel helpless when doing so.”
Andy Norton also offered the following advice to organisations to beef up their cyber-resiliency:
Plan: Have a plan in place, not just from an IT perspective, but also a communication one. Identify who internally (even if you call in a third party for help) will take charge of the situation if the worst should happen and who will make the important decisions. Once the plan is in place, test it!
Know your assets: You can’t manage what you can’t see, so having visibility over every device connected to the network and its status (i.e is it up to date with the latest software?) will be crucial in an attack situation.
Threat Intelligence: Ensure you have threat intelligence feeds that show device behaviours and any deviations from what’s normal for that device, so you can take action to protect your environment.
*Censuswide conducted the survey with 2,002 employed individuals in the UK