30% of Critical Infrastructures to experience severe cyberattack by 2025: Gartner

Market research firm Gartner, has predicted that atleast 30% of all critical infrastructure organisations will experience a security breach by 2025, which will most likely result in the halting of operations.

Currently, critical infrastructure security has become a concern for governments across the globe such as the US, UK, EU, Canada and Australia who have individually identified specific sectors which they have considered as ‘critical infrastructures’. Some of the common critical infrastructures include transport, communications, energy, water, healthcare and public facilities. 

“Governments in many countries are now realising their national critical infrastructure has been an undeclared battlefield for decades,” said Ruggero Contu, research director at Gartner.   

“They are now making moves to mandate more security controls for the systems that underpin these assets,” added Contu.   

In India, one such recent critical infrastructure attack was a February 2021 attack on the Pimpri Chinchwad Smart City servers, which were managed by Tech Mahindra.  

The reports emerged in March, while the management alleged that it did not suffer any data theft, nor did it pay any ransom to the attackers. However, a report stated that Tech Mahindra had filed a complaint with the police estimating a loss of Rs 5 crore. The hackers had requested the smartcity management to pay them in bitcoins.   

Similarly in May, Colonial Pipeline, a Texas, US based oil pipeline system, was the victim of a ransomware attack that allegedly impacted computerised equipment that managed the pipeline.  

CloudSEK, an AI-based digital risk Management Company, claimed in an October report that Indian critical infrastructure systems such as gas, water and government services were vulnerable to cyber-attacks.

The report warned that overlooking the security of operational technology (OT) could make critical infrastructures highly susceptible to attacks, which could potentially pose a threat to the nation as a whole.   

An April survey by Gartner showed that 38% of companies looked to increase their spending on operational technology atleast by 5-10% in 2021, while 8% predicted an increase of above 10%.

“Owners and operators of critical infrastructure are also struggling to prepare for the coming increased oversight,” Contu added.

Gartner added that by 2025, attackers would have created a weapon called as the critical infrastructure cyber-physical system, which can be aimed to harm or kill humans through targeting critical infrastructures.