Join our daily and weekly newsletters for the latest updates and the exclusive content on AI coverage. Learn more
Direct attacks on critical infrastructure receive a lot of attention, but the greater danger often lies in something less visible: bad cybersecurity practices of companies that maintain these systems on the move. According to the CYBERNEWS Business Digital IndexAn amazing 84% won a note “d” or worse for their cybersecurity practices, 43% falling into the “F” category. Only 6% of companies obtained an “A” for their efforts. What is more disturbing is that industries at the heart of critical infrastructure – such as energy, finance and health care – are among the lowest links.
Business cybersecurity Failures cannot be separated from national security risks. The strength of the Critical Infrastructure of the United States is based on solid digital defenses, and when companies do not guarantee their networks, they leave the whole country vulnerable to potentially devastating attacks.
A discrepancy between risks and preparation
The last of the World Economic Forum report reveals a disturbing disconnection. Two -thirds of organizations are counting on AI to shape cybersecurity this year, but only 37% have processes in place to check if their AI tools are secure before using them. It’s like putting all your confidence in a high -tech gadget without reading the manual – risky and potentially asking for problems. While companies are struggling with preparation, AI is exploited by cybercriminals to orchestrate offensive campaigns against them. For example, the company leaders Faced with a wave of highly targeted phishing attacks created by AI robots.
Cyberattacks of any type become more and more difficult to repel. Take the finance and insurance sectors, for example. These industries manage sensitive data and are the key to our economy, but 63% of companies in these sectors have won a “D” and 24% have been fully failed. It is not surprising that, last year, LoandepotOne of the country’s largest mortgage lenders was struck by a large ransomware attack which forced them to remove certain offline systems.
Ransomware continues to be a major problem due to low cybersecurity measures. Cowsterrike found that clouds of cloud environment jumped from 75% from 2022 to 2023, the incidents concerned with the cloud increasing by 110% and 60% cloud incidents. Despite technological progress, email remains one of the main methods for cybercriminals to target companies. HORNETSECURITY The reports that almost 37% of all emails in 2024 were reported as “unwanted”, a slight increase compared to the previous year. This suggests that companies are still struggling to approach fundamental vulnerabilities through proactive measures.
The National Affairs Security link
Low cybersecurity is not just a business problem – it is a risk of national security. 2021 Colonial pipeline The attack disrupted energy supplies and the vulnerabilities exposed in critical industries. Increasing geopolitical tension, in particular with Chinaamplify these risks. The recent violations allocated to the actors sponsored by the State have operated obsolete telecommunications equipment and other inherited systems, revealing how complacency in the update of technology can endanger national security.
For example, American and international telecommunications companies from last year exposed The telephone lines used by senior officials and compromise data of systems for surveillance requests, threatening national security. The low cybersecurity of these companies risks long -term costs, allowing the actors sponsored by the State to access sensitive information, to influence political decisions and to disrupt intelligence efforts.
It is essential to recognize that vulnerabilities do not exist in isolation. What is happening in a sector – whether telecommunications, energy or finance – can have a domino effect which has an impact on national security as a whole. Now, more than ever, it is essential to collaborate with him and DevOps to fill the gaps and prioritize the updates in a timely time, to keep one step ahead of the evolution of cyber-men.
Mitigate risks
To combat these increasing cyber-menues, companies must intensify their security game. Acting in these key areas can make a big difference:
- Otherwise, implement cybersecurity tools based on AI which continuously monitor suspicious activities, including phishing attempts fueled by AI. These tools can automate the detection of emerging threats, analyze models and respond in real time, minimizing the potential damage to cyber attacks such as ransomware.
- Establish a complete system to assess the safety of AI tools before deployment. This should include rigorous AI security audits that test vulnerabilities such as sensitivity to opponent’s attacks, data poisoning or the reversal of the model. Companies should also implement secure development life cycle practices for AI tools, carry out regular penetration tests and guarantee compliance with established executives such as ISO / IEC 27001 or the IA NIST risk management framework.
- As cloud -based attacks increase, in particular with the overvoltage of ransomware and data violations, companies should adopt advanced cloud safety measures. This includes robust encryption, continuous vulnerability digitization and IA integration to predict and prevent future violations in cloud environments.
- Let me remember that inherited systems are the favorite target of a pirate. Keeping the systems up to date and the application of fixes can help close the vulnerability door before the attackers operate them.
Collaboration is the key
No company can face cyber-menues today in itself. Collaboration between private companies and government agencies is more than useful – it is imperative. Sharing the intelligence of threats in real time allows organizations to respond more quickly and to remain ahead of emerging risks. Public-private partnerships can also level the rules of the game by offering small businesses access to resources such as funded financing and safety tools that they do not otherwise.
The aforementioned World Economic Forum report The fact clearly: Resource constraints create gaps in cyber-resilience. By working together, business and government can fill these shortcomings and constitute a stronger and more secure digital environment – the one that is better equipped to prevent increasingly sophisticated cyber attacks.
Profitability analysis for proactive security
Some companies may say that the implementation of stricter cybersecurity measures is too expensive. However, the price of doing nothing could be much higher. According to IBMThe average cost of data violation reached $ 4.88 million in 2024, compared to $ 4.45 million in 2023, marking a 10% increase in the highest pandemic in 2020.
Companies that have already taken measures to more secure systems benefit from time to response to faster incidents and greater confidence in customers and partners who wish to ensure the security of their data. For example, Mastercard has developed A real -time fraud detection system that uses automatic learning (ML) to analyze transactions on a global scale. It has reduced fraud, strengthened customer confidence and improved customer safety and merchants thanks to suspicious instant activity alerts.
These companies also save costs. IBM reports that two thirds of organizations now integrate safety AI and automation in their security operations centers. When they are widely applied to prevention workflows – such as management surface management (ASM) and posture management – These organizations have experienced an average reduction of $ 2.2 million in violation costs compared to those who do not use AI in their prevention strategies.
A call for action for business leaders
The critical infrastructure of America is not as strong as its weakest link – and at the moment, this link is commercial cybersecurity. The low defenses in the private sector have a serious risk to national security, the economy and public security. To avoid catastrophic results, decisive actions are necessary for two companies and the government.
Fortunately, progress is underway. Former president Biden executive decree During cybersecurity, companies working with the federal government meet stricter cybersecurity standards. This initiative encourages business leaders, investors and decision -makers to apply stronger guarantees, to invest in resilient infrastructure and to promote collaboration across industry. By taking these measures, the weakest link can become a powerful line of defense against cyber-men.
The stakes are too high to ignore. If companies – government partners or not – fail to act, the systems on which everyone is based could face more serious and devastating disturbances.
Vincentas Baubonis directs the team up Cyberness.
