Become a member of our daily and weekly newsletters for the latest updates and exclusive content about leading AI coverage. Leather
Direct attacks on critical infrastructure receive a lot of attention, but the greater danger is often in a little less visible: the bad cyber security practices of the companies that run these systems. According to the Cybernews Business Digital IndexA stunning 84% earned a “D” figure or worse for their cyber security practices, where 43% fell into the “F” category. Only 6% of companies received an “A” for their efforts. What is more disturbing is that industries in the heart of the critical infrastructure – such as energy, finances and health care – are among the weakest ties.
Cyber security -Mislukkings from companies cannot be separated from national security risks. The strength of the critical infrastructure of the US is based on solid digital defenses, and when companies do not protect their networks, they leave the entire country vulnerable to potentially devastating attacks.
A mismatch between risks and readiness
The last of the World Economic Forum report Unveils a worrying disconnection. Two-thirds of the organizations count on AI to shape cyber security this year, but only 37% have processes to check whether their AI tools are safe before they are used. It’s like putting all your trust in a high-tech gadget without reading the manual and possibly asking for problems. While companies are struggling with the preparation, AI is used by cyber criminals to orchestrate attacking campaigns against them. For example, business managers are confronted with an increase in highly targeted phishing attacks created by AI bots.
Cyber attacks of any nature are more difficult to repel. Take for example the financial and insurance sectors. These industries manage sensitive data and are the key to our economy, but 63% of companies in these sectors earned a “D” and 24% completely failed. It is no surprise that last year, LazilyOne of the largest mortgage providers in the country was hit by a large ransomware attack that forced them to take some systems offline.
Ransomware remains a major problem due to weak cyber security measures. Crowdstrike Discovered that the intrusions of the cloud environment have risen by 75% from 2022 to 2023, with cloud-conscious incidents by 110% and cloud-agent incidents by 60%. Despite technological progress, e -mail remains one of the most important methods for cyber criminals to focus companies. Hornet security Reports that nearly 37% of all E -mails were marked in 2024 as ‘undesirable’, a slight increase compared to the previous year. This suggests that companies still have difficulty tackling fundamental vulnerabilities through proactive measures.
The Nexus company memorandum security
Weak cyber security is not only a business problem – it is a national security risk. The 2021 Colonial pipeline The attack disrupted the energy supplies and exposed vulnerabilities in critical industries. Rising geopolitical tensions, especially with ChinaStrengthen these risks. Recent infringements that are attributed to actors sponsored by the government have used outdated telecommunications equipment and other Legacy systems, which shows how complacency can endanger national security when updating technology.
For example, the hack of us and international telecommunication companies last year exposed Telephone lines used by top officials and compromised data from systems for security requests that threaten national security. Weak cyber security at these companies risks long -term costs, which means that the government sponsored actors have access to sensitive information, influence political decisions and disrupt information efforts.
It is crucial to acknowledge that vulnerabilities do not exist separately. What happens in one sector – whether it is telecommunications, energy or finances – can have a Domino effect that influences national security in general. Now, more than ever, it is essential to work with and DevOps teams to close gaps and prioritize timely updates, to stay a step ahead of the evolving cyber threats.
Reducing the risks
To tackle these growing cyber threats, companies have to set up their security game. Taking action in these important areas can make a big difference:
- If not, implement AI-based cyber security tools that continuously check for suspicious activities, including AI-driven phishing attempts. These tools can automate the detection of emerging threats, analyze patterns and react in real time, so that potential damage caused by cyber attacks such as ransomware is minimized.
- Prepare an extensive system to evaluate the protection of AI tools before the implementation. This should include rigorous AI security audits that test for vulnerabilities such as sensitivity to opponents, data poisoning or model inversion. Companies must also implement safe developmental life cycle methods for AI tools, perform penetration tests regularly and ensure compliance with established frameworks such as ISO/IEC 27001 or the NIST AI Risk Management Framework.
- As cloud-based attacks increase, especially with the increase in ransomware and data breaches, companies have to take advanced cloud protection measures. This includes robust coding, continuous vulnerability scanning and the integration of AI to predict and prevent future breaches in cloud environments.
- Let me remind you that legacy systems are the favorite target of a hacker. By keeping systems updated and applying patches immediately, the door can be closed on vulnerabilities before attackers exploit them.
Cooperation is the key
No company can face the current cyber threats in itself. Collaboration between private companies and government agencies is more than useful – it is necessary. By sharing threat information in real -time, organizations can respond faster and remain upcoming risks. Public-private partnerships can also make the playing field equal by providing smaller companies to resources such as financing and advanced security tools that they may not afford differently.
The above -mentioned World Economic Forums report Makes it clear: create resource restrictions gaps in cyber feather force. By working together, the business community and the government that close gaps and build a stronger, safer digital environment – one that is better equipped to prevent increasingly advanced cyber attacks.
The Proactive Security Business Case
Some companies can claim that the implementation of stricter cyber security measures is too expensive. However, the price of doing nothing can be much higher. According to IBMThe average costs of a data breach rose to $ 4.88 million in 2024, an increase of $ 4.45 million in 2023, which marked an increase of 10% – the highest since the pandemic in 2020.
Companies that have already taken steps in the direction of safer systems, benefit from faster response times of incident and more confidence from customers and partners who want to keep their data safe. For example, Mastercard developed A real -time fraud detection system that uses machine learning (ML) to analyze transactions worldwide. It has reduced fraud, the trust of the customer and the improved security for customers and sellers increased through direct suspicious activity warnings.
Such companies also save costs. IBM reports that two-thirds of the organizations are now integrating security AI and automation into their security activities centers. When much applied to prevention workflows – such as Attack Surface Management (ASM) and posture management – these organizations saw an average reduction of $ 2.2 million in infringement costs compared to those who do not use AI in their prevention strategies.
A call to action for business leaders
The critical infrastructure of America is only as strong as the weakest link – and at the moment that link is business cyber security. Weak defenses in the private sector are a serious risk to national security, economy and public safety. To prevent catastrophic results, decisive action is needed from both companies and the government.
Fortunately, progress is underway. Former President Biden’s executive order On cyber security, companies that work together with the federal government meets stricter cyber security standards. This initiative encourages business leaders, investors and policy makers to enforce stronger guarantees, to invest in resilient infrastructure and to promote industrial cooperation. By taking these steps, the weakest link can become a powerful line of defense against cyber threats.
The deployment is too high to ignore. If companies – government partners or not – do not act the systems, the systems that everyone trusts can experience more serious and devastating disturbances.
Vincentas Baubonis leads the team Cybernews.
Source link
