Cybercriminals have taken the war on organizations in the private and public sectors beyond hacking digital networks simply to steal, corrupt or encrypt data and hold it for ransom.
The new front, attacks on Cyber-Physical Systems (CPS), targets corporate infrastructure that functions in the real world. That can include anything from manufacturing robots and automated food processing to building-management controls and supply chain processes, as well as autonomous vehicles, smart homes and other operational technology and Internet of Things (IoT) systems.
“Attackers are increasingly choosing to deploy cyber-physical attacks that target critical infrastructure systems, which can cause outages and be fatal. Unfortunately, no business is immune,” Gartner warns, estimating that within three years cybercriminals will routinely use CPS attacks “to harm or kill humans.”
The impact of breaching the infrastructure of a water processing plant, for instance, will cascade through the economy, cutting off water to the population, healthcare and public safety facilities, schools, industry and government.
CPS attacks on infrastructure are not “instead of” traditional cybercrime, but “in addition to.”
Raising the stakes to potentially life-and-death drives demand for cyber analysts and security and compliance auditors with advanced insights into information security, crisis management and operational continuity policy development.
What Role Do Information Security Analysts Play in Protecting Corporate Infrastructure?
Securing computer systems, networks, servers, applications and data storage facilities is the first line of defense in protecting infrastructure CPS cybercriminals and black-hat hackers.
An advanced education specializing in the protection of internet and enterprise structures that includes exploring distinct threats posed by cybercriminals is ideal for acquiring the skills to develop effective protection policies.
For instance, the online Master of Science (M.S.) in Cybersecurity with a Specialization in IT and Cybersecurity Policy program from La Salle University includes a deep dive into information security that explores all aspects of computing and communications security.
Participants in the information security course explore the elements of effective infrastructure protection policies, which include defining:
- Its scope and purpose
- Enterprise-wide roles, training and responsibilities
- The classification of digital assets based on sensitivity and value
- Access controls such as encryption, firewalls, public-key infrastructures and smart cards
- Guidelines for monitoring compliance with the policy
“Wanted: Millions of cybersecurity pros. Salary: Whatever you want,” is how CNN leads a story on the demand for information security analysts, noting that there are nearly 360,000 unfilled positions in the United States and 3.1 million globally.
How Do Organizations Prepare for Infrastructure Security Breaches?
The demand-over-supply imbalance means “cyberattacks are inevitable,” Harvard Business Review declares, making risk management, crisis planning and development of strategies to resume operations in the wake of an attack an organizational mandatory.
In addition to equipping its graduates with expertise in protecting digital infrastructure, La Salle’s online M.S. in Cybersecurity – IT and Cybersecurity Policy program also prepares them for senior management roles in developing policies and procedures to assess the risks of a disastrous breach and recover from such threats.
Terrorism, crime, data theft and industrial espionage rank among the top motives for cyberattacks. Crisis managers and business-continuity leaders must also account for the potential damage of environmental and natural disasters.
La Salle students graduate with a deep understanding of the best practices governments and corporations use to mitigate cyber-risk and manage crises, enabling them to develop effective response strategies, which include:
- Deploying processes to identify and contain breaches
- Specifying actions, communication and control actions in the event of a security breach
- Organizing and training response teams that include IT, legal and executive representatives
- Testing response plans regularly to account for changes in infrastructure, threats or regulations
“For 83% of companies, it’s not if a data breach will happen, but when,” according to a survey published by IBM, which reported that the average cost of an attack in the United States totaled $9.44 million, and it took organizations an average of 277 days to identify and contain a breach.
“Organizations with an optimized incident response (IR) saw one of the largest cost savings,” IBM noted in its action guide. The IBM report added that the average cost of a breach was $2.66 million for organizations with an IR team and regularly tested IR plan.