You know what they say about technology? Its main goal is to solve today's problems. However, there is also a saying that technology always creates two new problems for every one it solves.
In a world that becomes more and more interdependent and connected, where people are getting used to technology and rely on it for even the smallest tasks (such as getting a reminder notification as soon as the washing machine is done with your laundry), the risks for disruption and cyber attacks are growing by the minute.
And while it would probably do little damage if criminals would hack into your washing machine and shrink your favourite t-shirt, think of the potential outcome of cyber threats on a larger scale, for example hacking into hospitals, banks, power plants, and so on.
These organisations are precisely part of what is defined as Critical Infrastructure. According to the European Commission, critical infrastructure is an asset or system that is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of the country and the well-being of its citizens. As put by Koen Maris, Advisory Partner at PwC Luxembourg, “Critical infrastructure suffers the same cyber issues as other organisations, but with one significant difference: if it fails, society gets hit.” The goal of such attacks is simple: it is to undermine trust and harm existing systems.
That leaves us with one, very significant question: How do we protect it?
As cyber threats become more sophisticated and increasingly target operators of critical infrastructure, governments, industries and organisations must urgently assess and uplift their cyber resilience and adaptability. A significant part is therefore to educate and sensitise users of potential threats. This is even more true as the upward curve of cyberthreats and technological advancement will always exist and correlate with each other. For organisations, this means to understand and critically assess their risk profile, establish reporting systems and test and challenge their security system regularly and thoroughly. Policy makers need to install monitoring and detection systems to secure their critical infrastructure - and they also need to make up for the time lost in the last years where cybersecurity was not on the top of their agenda.
Due to the fast changing developments of cyber attacks, compliance alone doesn’t equal effective security measures per se. In order to be safe, humans must rely on their most valuable asset. And surprisingly, this is not outstanding intelligence or great personal strength, but it is their capability to adapt to changing environments. And for adaptability, one needs competencies. It is the mission of the PwC Cybersecurity team to help all businesses stay as secure as possible in a complex and dynamic digital society, helping organisations protect against threats, propel transformation and pursue growth.
If you want to learn more on Critical Infrastructure Protection and Technology, listen to PwC Luxembourg's TechTalk podcast on the matter.