# Opener

The Missing Risk – Critical Infrastructure Cyber Attack

Published by Axio

The World Economic Forum recently surveyed 347 risk analysts on how they rank the likelihood of major risks we face in the aftermath of the pandemic. Visual Capitalist’s article, “What’s At Risk: An 18-Month View of a Post-COVID World”, provides a stunning visual representation of the survey results. According to the respondents, the major risks that will impact the world include a prolonged global recession, bankruptcies, and the failure of some industries to recover form COVID-19. Cybersecurity doesn’t even make top 5 on the list and we find this very concerning given the nature and severity of critical infrastructure cyber-incidents.

In our recent interview with the Edison Electric Institute’s Vice President for Security and Preparedness, Scott Aaronson, we got his perspective on COVID-19’s effect on security.  “When there is perceived vulnerability, we have seen it time and time again, that is when those adversaries (hackers) come out.” During this time of uncertainty, organizations should be aware that the amount of attack attempts may increase and prepare against it.

A Cyber Attack on Critical Infrastructure Can Cripple a Society

When it comes to critical infrastructure, a disruption or destruction to the process can lead to catastrophic impacts on public safety and security. In the bestselling book, Lights Out by Ted Koppel, he writes about how “A well-designed attack on just one of the nation’s three electric power grids could cripple much of our nation’s infrastructure.” This book reveals how likely these cyber-attacks are and how unprepared the United States is. “Without ready access to electricity, we are thrust back into another age – an age in which many of us would lack both the experience and the resources to survive.” These systems are more vulnerable during COVID-19 and other uncertain times and it’s essential that organizations increase monitoring and prevention efforts especially with the possibility of a second outbreak.

An attack on our critical infrastructure can lead to both physical and economic impacts. For example, a cyber-attack on a power company that cuts off electricity to a community can disable businesses from operating and taking in revenue. Furthermore, hospitals can be potentially impacted by this attack, putting many lives at stake. There’s an endless list of industries that can be affected by critical infrastructure cyber events.

A Widespread Aftermath

According to a study done by General Electric in 2017, “67% of companies with critical infrastructure suffered at least one attack in the past 12 months.” It’s evident that these attacks are frequent and it’s essential for companies to acknowledge and prepare against them. A major cyber-attack on critical infrastructure should be included as a major risk because it can contribute and worsen other risks such as prolonging the recession, increasing unemployment, escalating supply chain disruption and more.

COVID-19 has changed our world significantly and it’s important as people and as organizations that we keep these possible threats in mind and prepare ourselves to face these challenges.