U.S. companies that deal in critical infrastructure are especially vulnerable to ransomware and other cyberattacks because they have moved too slowly and spent too little to defend themselves, the Financial Times (FT) reported.
Officials and private sector experts said the Colonial Pipeline shutdown in response to ransomware attackers who received $4.5 million from the company was just one example of the types of attacks likely in the immediate future, according to FT.
Old-school companies have been able to increase efficiency by bolting digital tools onto existing infrastructure, FT reported. The issue with that is that creating effective security for such hybrid systems is difficult.
“The problem is that attacks move a lot faster than industries that are quote-unquote ‘old school’ are used to moving,” Matias Katz, CEO of the cybersecurity company Byos, told FT. “So, the speeds are different, and before slower-moving industries can catch on, there’s already a new attack out there and new threats.”
“The problem with that is that it’s very expensive,” he said, per the report
Making matters even more complicated, Amy Myers Jaffe, professor at The Fletcher School at Tufts University, told FT that investors highly interested in cutting costs are playing a growing role in the energy sector.
“Over time, as we get more financially based players investing in energy infrastructure, replacing energy companies themselves, the higher the impulse will be to cut costs,” she said, according to the report. “And that will be dangerous if cutting costs are done without enough care to the huge requirements for security.”
PYMNTS reported that another factor noted by experts is that hackers are finding ways to attack the supply chains upon which companies depend rather than the companies directly.