Join our daily and weekly newsletter for the latest updates and exclusive content on industry-leading AI coverage. learn more
Direct attacks on critical infrastructure have attracted a lot of attention, but the greater danger lies in the invisible. These are poor cybersecurity practices for businesses that continue to run these systems. According to CyberNews Business Digital Indexan astounding 84% achieved a “D” grade or higher in cybersecurity practices, and 43% were classified into the “F” category. Only 6% of companies got an “A” for their efforts. Even more troublesome is that industries at the heart of critical infrastructure (e.g. energy, finance, healthcare, etc.) are one of the weakest links.
Corporate cybersecurity failures cannot be separated from national security risks. The strength of the US critical infrastructure relies on solid digital defense, making the entire country vulnerable to potentially catastrophic attacks if businesses are unable to secure their networks.
Disagreement between risk and preparation
The latest in the World Economic Forum Report It reveals a worrying cutting. Two-thirds of organizations rely on AI to form cybersecurity this year, but only 37% have a process in place to check if AI tools are safe before using them. It’s like putting all your trust in a high-tech gadget without reading the manual. It may be dangerous and you may be looking for trouble. While businesses are working on preparation, AI is being used by cybercriminals to coordinate attack campaigns against them. For example, companies Executive It faces a surge in highly targeted phishing attacks created by AI bots.
All types of cyberattacks are becoming more difficult to fight back. Take a look at the finance and insurance sector, for example. These industries manage sensitive data and are key to the economy, but 63% of companies in these sectors earned a “D” and 24% failed altogether. Last year, it’s not surprising Loandepotone of the nation’s largest mortgage lenders has been hit by a major ransomware attack that forced several systems to take offline.
Ransomware continues to be a major issue due to its weak cybersecurity measures. Cloud Strike Cloud environment intrusions skyrocketed 75% between 2022 and 2023, cloud-conscious incidents increased by 110%, and cloud-independent incidents increased by 60%. Despite advances in technology, email is one of the main ways cybercriminals target businesses. Horn Security Almost 37% of all emails in 2024 were flagged as “unnecessary,” reporting a slight increase from the previous year. This suggests that businesses still struggle to address basic vulnerabilities through aggressive measures.
Business and national security nexus
Weak cybersecurity is not just a business problem, it is a national security risk. 2021 Colonial Pipeline The destroyed energy supply of attacks and exposed vulnerabilities in critical industries. Particularly growing geopolitical tensions Chinaamplifies these risks. Recent violations caused by state-sponsored actors utilize outdated communications equipment and other legacy systems, revealing how self-satisfaction in technology updates can put national security at stake.
For example, last year’s US and international telecom hacks Exposure A telephone line that compromised data from the system due to surveillance requests and compromised data from the system to threaten national security. The weakness of cybersecurity in these companies risks long-term costs, allowing state-sponsored actors to access sensitive information, influence political decisions, and disrupt intellectual efforts.
It is important to recognize that no vulnerabilities exist on their own. What happens in a sector, such as telecommunications, energy, and finance, can have domino effects that affect national security as a whole. Now, more than ever, it is essential that teams work together to close the gaps and prioritize timely updates and stay one step ahead of evolving cyber threats.
Reducing risk
To tackle these growing cyber threats, businesses need to bolster their security games. Taking action in these key areas can make a huge difference.
- If not already, implement AI-based cybersecurity tools that continuously monitor suspicious activity, including AI-powered phishing attempts. These tools can automate the detection of new threats, analyze patterns, respond in real time, and minimize potential damage from cyberattacks such as ransomware.
- Establish a comprehensive system to assess the security of AI tools prior to deployment. This should include rigorous AI security audits that test vulnerabilities such as susceptibility to hostile attacks, data addiction, or model inversion. Enterprises should also implement secure development lifecycle practices for AI tools, conduct regular penetration tests, and ensure compliance with established frameworks such as the ISO/IEC 27001 and the NIST AI Risk Management Framework.
- As cloud-based attacks increase, particularly with the surge in ransomware and data breaches, businesses must adopt sophisticated cloud security measures. This includes robust encryption, continuous vulnerability scanning, and AI integration to predict and prevent future violations in cloud environments.
- Remember that legacy systems are hackers’ favorite targets. Update your system and quickly apply patches will help attackers close the vulnerability door before exploiting them.
Collaboration is important
No company faces cyber threats today. Cooperation between private companies and government agencies is helpful. That is essential. Sharing threat intelligence in real time enables organizations to respond faster and advance new risks. Public-private partnerships can also level the arena by providing access to small businesses with access to resources such as funding and advanced security tools that they otherwise cannot afford.
The aforementioned World Economic Forum Report Make it clear: resource constraints create cyberresilience gaps. By working together, businesses and governments can close those gaps and create a stronger and safer digital environment. This is equipped to prevent increasingly sophisticated cyberattacks.
Business Cases for Proactive Security
Some companies may argue that implementing stricter cybersecurity measures is too expensive. However, the price of doing nothing can be much higher. According to IBMthe average cost of data breaches rose from $4.45 million in 2023 in 2024, marking the highest increase since the 2020 pandemic.
Companies already taking steps towards a safer system benefit from greater trust in faster incident response times from customers and partners who want to keep their data safe. for example, MasterCard has been developed A real-time fraud detection system that uses machine learning (ML) to analyze transactions globally. Reduced fraud, increased customer trust, and improved customer and merchant security through instant, questionable activity alerts.
Such companies also save money. IBM reports that two-thirds of organizations integrate security AI and automation into their security operations centers. When applied widely to preventive workflows such as offensive surface management (ASM) and posture management, these organizations reduced the cost of violations by an average of $2.2 million compared to people who do not use AI in their prevention strategies.
Calling for Action for Business Leaders
America’s critical infrastructure is only as strong as its weakest links. The link is now Business Cybersecurity. Weak defenses in the private sector pose serious risks to national security, economic and public safety. Decisive action is needed from both businesses and governments to prevent catastrophic consequences.
Fortunately, progress is ongoing. Former President Biden Presidential Order Regarding cybersecurity, we require that you work with the federal government to meet stricter cybersecurity standards. The initiative encourages business leaders, investors and policymakers to implement stronger safeguards, invest in resilient infrastructure, and encourage industry-wide collaboration. By taking these steps, the weakest links can be a strong line of defense against cyber threats.
The interests are too high to ignore. If businesses don’t act, whether they are government partners or not, the systems they all depend on can face more serious and catastrophic disruptions.
Vincentas Baubonis leads team CyberNews.
