Cybersecurity professionals fear severe disruption from CNI cyberattacks

Two-thirds (65%) of Critical National Infrastructure (CNI) have fallen victim to a cyberattack over the past 12 months, according to new research from global cybersecurity leader, Forcepoint. The new report examines the pressure CNI cybersecurity professionals face as they balance the rapid pursuit of digital transformation with the cyber threat landscape.

Ransomware is perceived by cybersecurity professionals to present the greatest risk to CNI organizations. This is unsurprising given 57% report their organization fell victim to a ransomware attack in the last year, of whom 72% admitted to paying the ransom.

Overcoming a more complex environment

When asked what aspects of the current cybersecurity threat landscape cause CNI cybersecurity professionals to worry the most, the challenge of managing more complex security solutions was superseded only by concerns that the Russia-Ukraine war could be increasing the risk of cyberattacks.

The rapid digital transformation of IT and OT (operational technology) environments is compounding the challenge that CNI cybersecurity professionals are facing. When asked about its impact on their organization, the most cited concern was the need to secure new technologies, because they were new to the organization, as well as being difficult to secure properly.

The threat of disruption

The impact of cyberattacks on CNI is evident after the ransomware attack on a third-party software provider caused outages across the NHS that affected services, including patient referrals, emergency prescriptions and ambulance dispatch, and this weighs heavily on CNI cybersecurity professionals.

According to the research, CNI cybersecurity professionals believe a cyberattack on CNI could lead to disruptive behaviour amongst the general public, which increases the difficulty of mitigating or controlling the impact of an attack. In the U.S., the greatest concern was of a power outage, whereas cybersecurity professionals in the U.K. predict that disruption to personal banking would have the greatest impact.

The threat of disruption is also amplified by what cybersecurity professionals believe motivates cyberattacks on CNI. The greatest threats were perceived to be from cyber gangs demonstrating their capabilities, acts of political retaliation, acts of hacktivism, and acts of cyber warfare.

Managing the pressure

Unfortunately, the research has also found many CNI cybersecurity professionals are feeling the pressure of this high-pressure, high-complexity environment. Feelings of stress, anxiety and burnout are affecting over one-third of all CNI cybersecurity professionals (35%, 39% and 36% respectively).

This is impacting their professional experience with two-fifths of cybersecurity professionals reporting that the pressure to secure CNI has led them to have a low morale at work (40%), rising to 51% of U.K. employees. Worryingly, it is also affecting their personal wellbeing. One-third report that the pressure has led them to start engaging in unhealthy behaviors, such as smoking or poor dietary patterns (35%), rising to 45% among CISOs. And 37% said that the pressure to secure CNI has negatively affected their personal relationships as well, once again increasing to 50% among U.K. respondents.

“Understanding the challenges our cybersecurity professionals in CNI are facing helps us find better solutions to alleviate the burden on them. They work in a climate of high risk, diverse threats when rapid adoption of new technologies changes security parameters all the time,” said Daniel Turner, Vice President at Forcepoint.

“Knowing what motivates and worries our industry is key - it helps us help them in their efforts to ensure no new threat or technology puts our essential services at risk of disruption so which in turn allows us to secure a safer and more sustainable future for everyone.”