Insider threats surge across US CNI as attackers exploit human factors

Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyberthreats in the last three years, according to new research from cybersecurity services firm Bridewell. The Cyber Security in CNI: 2023 report surveyed 525 cybersecurity decision makers in the US in the transport and aviation, utilities, finance, government, and communications sectors. It revealed that increased insider threat could be linked to heightened economic pressures and remote working. Threats from within range from criminal intent to individual negligence, with those surveyed stating that an act of intentional destruction by an employee was committed at an average of at least every other week within the last year.

Bridewell’s findings come amidst a growing international focus on insider-driven cyberthreats against critical infrastructure. The recent US Pentagon data leak, which saw a junior employee leak highly sensitive information, highlights the increased importance of strong insider threat controls and broader operational security.

The research also follows UK-focused Bridewell data published in April which found that the cost-of-living crisis could trigger a rise in cyberattacks and security risks impacting UK CNI. Almost two-thirds (65%) of 500 respondents across UK CNI saw some reduction or a significant reduction in their organization’s cybersecurity budget this year, in sharp contrast to 2022, when cybersecurity budgets rose across all sectors, the report stated.

Aside from internal threats, cyber warfare, nation-state actors, and ransomware attacks also remain significant risks threatening the security of US CNI organizations, Bridewell’s latest report found.

Data theft, accidental data loss top risks to CNI IT/OT environments

Data theft and accidental loss or disclosure of data were among the top three perceived risks to US CNI organizations’ IT environments, highlighting the extent to which human error can lead to cyber breaches, according to the report. Opportunities for employees to make honest mistakes have risen in remote and hybrid settings, while organized criminal groups are primed to exploit people’s economic vulnerabilities by reaching out to individual employees within an organization, often offering them a lucrative payoff in return for access to sensitive data or protected systems, the report said. In fact, 35% of CNI decision-makers believe that the economic downturn is causing more internal employees to turn to cybercrime.

Insider threats are particularly prevalent in the CNI finance sector, with financial organizations suffering an average of 41 security incidents caused by employee sabotage over the past 12 months, along with 40 instances of data theft or misuse, the report said. Breaches targeting the human element are also posing significant risks to OT environments. Almost a quarter (23%) of CNI organizations now regard social engineering and phishing as two of their biggest OT risks. Within the US energy (oil and gas) sector, this figure rises to 26%, reflecting an increase in spear phishing campaigns against global energy firms, according to the report.

CNI decision-makers across the IT/OT boundary identified improving cybersecurity awareness and education as one of their biggest security challenges (18%).

Cyberwarfare, nation-state attacks still pose major risks to CNI

Aside from insider risks, concerns around cyberwarfare and nation-state attacks remain high more than a year after Russia’s invasion of Ukraine, with 81% of CNI organizations worried the services that keep the US running are under threat, according to the report. Between 2022 and 2023, organizations suffered an average of 27 nation-state attacks, with almost a fifth (19%) reporting a mean of more than 50 attacks. “It appears that nation-state actors are becoming increasingly ambitious in the cyber domain, potentially as a result of nations like Iran and China joining Russia in evolving their threat tactics,” the report read.

With high levels of risk associated with human factors, such as fear, natural error, or inadequate training, the research highlighted the need for organizations to be particularly vigilant to insider threats and vulnerable employees as the economy continues to recover and nation-states remain politically motivated.

Ransomware attacks remain a significant threat to CNI

Ransomware also remains a significant threat to CNI, the report warned. Organizations have suffered on average a total of 26 ransomware-related security incidents in the last 12 months, with almost a fifth (17%) experiencing a mean of over 50 incidents – an average of one every week. Finance was the CNI sector worst affected by ransomware-related incidents in the last year, suffering a mean of 42 attacks, followed by utilities (26), transport and aviation (24), government (22), and communications (15). Meanwhile, ransomware-as-a-service (RaaS) offerings pose a growing threat to all CNI organizations, the report said.

In March this year, the White House’s National Cybersecurity Strategy reclassified ransomware attacks as a tier one national security threat following a series of cyberattacks hitting CNI, food suppliers, hospitals, and schools.