How Attacks on Critical Infrastructure Impact Small Businesses

by | Jan 31, 2022 | Cybersecurity

Cybercriminal downloading information

When most small businesses think about cybersecurity, they’re thinking about preventing the bad guys from breaching their defenses, infecting devices with malware, and leaving with sensitive data that’s guaranteed to sell well on the dark web.

What small businesses seldom think about is how cyberattacks impact critical infrastructure companies. These are business sectors whose, according to cisa.gov, “assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Sounds pretty serious because it is. And whether small businesses know it or not, there are real impacts that can dramatically affect them.

Such attacks are, unfortunately, becoming more frequent, impacting more and more small businesses every year (unfortunately even more so in the wake of the pandemic). Here we’ll take a look at this often-overlooked threat so you can better deal with it’s potential consequences.

Critical Infrastructure Attracts Cybercriminals

Not that long ago, critical infrastructure companies operated in isolation from the rest of the world. Today with the help of technology, they are interconnected and rely heavily on a complicated network digital solutions.

The more connected and digitized critical infrastructure companies become, the more exposed they are to cyberattacks. In fact, the U.S. Cybersecurity and Infrastructure Security Agency had to release Alert AA21-287 not that long ago to turn attention to the reality that even water and wastewater facilities are now the targets of ongoing malicious cyber activity.

But the fact that critical infrastructure companies can now be reached over the internet from anywhere in the world isn’t the only reason why cybercriminals go after them. Another equally important reason is that they are easy targets.

More than half of all the security professionals who responded to Claroty’s industrial cybersecurity survey believe that critical infrastructure information and operational technology networks are not equally secure. This explains why a 2021 research study by Skybox Security found that 83 percent of organizations had suffered an operational technology cybersecurity breach in the previous 36 months.

The Serious Impacts to Small Businesses

Back in 2015, when the BlackEnergy malware disrupted three utility companies in Ukraine and left hundreds of thousands of homes and businesses without electricity, critical infrastructure attacks were a relatively uncommon threat.

Last year gave us the ransomware attack on Colonial Pipeline, which resulted in a shutdown that lasted for six days and created widespread gasoline shortages. The attack made it clear that critical infrastructure attacks are now a threat that can indirectly impact anyone in many different ways.

Here are the issues that are most likely to negatively affect a small business:

  • Blackouts: As the Ukraine attack showed, cybercriminal activity can affect power distribution and create widespread blackouts. As a small business, you should invest in uninterrupted power supply (UPS) units that can give you the time needed to safely save all work before shutting down your computers until power is restored. You should also consider purchasing a commercial generator capable of fully meeting your power needs on its own.
  • Power surges: Power supply disruptions can be accompanied by power surges, massive spikes in your electrical system’s current that can damage or even destroy computers and other electronic equipment. The good news is that even basic surge protectors are effective enough to prevent your office from filling up with magic smoke.
  • Data availability: Depending on how you store your data, a critical infrastructure attack could make it impossible for you to access important information. That’s why it’s a good idea to practice the 3-2-1 backup strategy so that you always have three copies of your data on two different types of media with one copy stored off-site for disaster recovery. The cloud is a great place to store the off-site copy since any data stored there can be accessed from any location.
  • Internet access: Internet service providers and other companies in the communications sector have been targeted by cybercriminals on many occasions in the past, often leaving them unable to provide service to their customers. To prepare for this, you should consider purchasing a backup internet plan. Your backup internet connection should be of a different type than your primary one, so 5G or satellite internet access is a good backup option for a DSL or fiber connection.
  • Remote work: In June 2021, the Nantucket Steamship Authority became a victim of a ransomware attack that disrupted ferry services in Cape Cod. It’s easy to imagine how a similar attack could, for example, interrupt a large transit system in a busy metropolitan area and make it impossible for countless employees to get to work. By adopting a hybrid work model and making it possible for employees to work from anywhere, you can keep the wheels turning even when your employees can’t physically gather in the office.

Understand Your Security Has Support

As you can see, the impact to larger companies can considerably affect even the smallest business. Preparing ahead of time is vital to ensure that the security of businesses you can’t control doesn’t wind up costing you. Help Desk Cavalry was built on a foundation of providing small businesses with the security tools and processes that can help them remain safe. Get in touch with us to learn more.