When you think about all the operational relationships the U.S. critical infrastructure has, you can begin to see a much more difficult aspect of cybersecurity. The cyberattackers are not like they were a decade ago or even five years ago. Many of them have evolved and now use complex, multifaceted techniques to compromise the systems they target. One of those techniques has had a fair amount of success, and while a few years old, it is still widely used. That technique is to target an entity that is connected to the primary target and attack through that secondary connection.

The cyberattackers determine the weaker, if not weakest, link in the connectivity of the primary target. The secondary and weaker target has less ability to invest in proper protection and less resources to install, monitor and defend its systems. This approach has been used in the financial services industry, critical infrastructure, health care and to a much lesser extent the defense industry. All of this has made many security professionals reexamine their approach to protecting the organizations they serve. Some have begun conducting annual cybersecurity assessments and inviting them to attend the cybersecurity training that the larger/primary organizations provide.

Protecting and defending the weakest in your connected environment is a much bigger challenge than many realize at first. This is not a one-and-done deal. It is an ongoing effort, and many organizations are struggling to protect what they refer to as "within their four walls" much less assist in protecting outside of those walls to those that connect and work with or for the primary organization. It always seems to come back to the same old thing — money. And that always seems to be in short supply. You had better be looking beyond the boundaries of your organization!

Share:
More In Cyber