Useful information
Prime News delivers timely, accurate news and insights on global events, politics, business, and technology
Join our daily and weekly newsletters to obtain the latest updates and exclusive content on the coverage of the industry leader. Get more information
Direct attacks against critical infrastructure receive close attention, but the greatest danger lies in somewhat less visible: bad cybersecurity practices of companies that maintain these systems in operation. According to him CybernewS Business Business IndexAn amazing 84% obtained a “D” rating or worse for its cybersecurity practices, with 43% falling into the “F” category. Only 6% of the companies obtained one “A” for their efforts. The most worrying thing is that industries in the heart of critical infrastructure, such as energy, finance and medical care, are among the weakest ties.
Corporate cybersecurity failures cannot be separated from national security risks. The strength of the critical infrastructure of the United States is based on solid digital defenses, and when companies cannot ensure their networks, they leave the entire country vulnerable to potentially devastating attacks.
A mismatch between risks and preparation
The last of the World Economic Forum report It reveals a worrying disconnection. Two thirds of organizations have AI to shape cybersecurity this year, but only 37% have processes to verify if their AI tools are safe before using them. It is like putting all your confidence in a high -tech device without reading the manual, risky and potentially asking for problems. While companies are dealing with the preparation, AI is being leveraged by cybercriminals to orchestrate offensive campaigns against them. For example, corporate Executives They face a wave of highly specific phishing attacks created by AI Bots.
Cyber attacks of any kind are increasingly difficult to repel. Take the finance and insurance sectors, for example. These industries manage confidential data and are key to our economy, however, 63% of companies in these sectors obtained a “D” and 24% failed completely. It is not surprising that last year, LondaPotOne of the largest mortgage lenders in the country, was beaten by an important ransomware attack that forced them to take some out -of -line systems.
Ransomware remains an important problem due to weak cybersecurity measures. Crowdstrike He found that the intrusions of the cloud environment increased by 75% from 2022 to 2023, with incidents aware of the cloud that increased by 110% and incidents of the agnostic cloud by 60%. Despite the advances in technology, email remains one of the main methods for cybercriminals to direct companies. Raven Reports that almost 37% of all emails in 2024 were marked as “unwanted”, a slight increase compared to the previous year. This suggests that companies are still struggling to address fundamental vulnerabilities through proactive measures.
The National-International Security Nexus
Weak cybersecurity is not simply a corporate problem: it is a risk of national security. 2021 Colonial pipe The attack interrupted energy supplies and vulnerabilities exposed in critical industries. Increase in geopolitical tensions, especially with PorcelainAmplify these risks. Recent infractions attributed to actors sponsored by the State have exploited obsolete telecommunications teams and other inherited systems, revealing how complacency in technology update can endanger national security.
For example, the hack of American and international telecommunications companies last year exposed The telephone lines used by the senior officials and the compromised data of the systems for surveillance applications, threatening national security. The weak cybersecurity in these companies runs the risk of long -term costs, which allows actors sponsored by the State to access confidential information, influence political decisions and interrupt intelligence efforts.
It is essential to recognize that vulnerabilities do not exist in isolation. What happens in a sector, whether telecommunications, energy or finance, can have a domino effect that affects national security in general. Now, more than ever, it is essential to collaborate with IT and Devops teams to close any gap and prioritize timely updates to keep one step ahead of evolving cyber threats.
Mitigate risks
To address these growing cyber threats, companies must intensify their security game. Taking measures in these key areas can make a big difference:
- If not yet, it implements cyber security tools based on AI that continually control suspicious activities, including phishing attempts with AI. These tools can automate the detection of emerging threats, analyze patterns and respond in real time, minimizing the potential damage of cyber attacks such as ransomware.
- Set an integral system to evaluate the safety of AI tools before implementation. This should include rigorous AI security audits that prove vulnerabilities, such as susceptibility to adverse attacks, data poisoning or model investment. Companies must also implement safe practices of development cycle for AI tools, perform regular penetration tests and guarantee compliance with established frameworks such as ISO/IEC 27001 or the AI NIST risk management framework.
- As the cloud -based attacks increase, especially with the increase in ransomware and data violations, companies must adopt advanced cloud security measures. This includes robust encryption, continuous vulnerability scan and the integration of AI to predict and prevent future infractions in cloud environments.
- Let me remind you that Legacy Systems is the favorite objective of a hacker. Keeping updated systems and applying patches can immediately help close the door to vulnerabilities before the attackers exploit them.
Collaboration is key
No company can face today’s cyber threats alone. Collaboration between private companies and government agencies is more than useful, it is imperative. Sharing threat intelligence in real time allows organizations to respond faster and stay ahead of emerging risks. Public-private associations can also level the playing field by offering smaller companies access to resources such as financing and advanced security tools that could not otherwise pay.
The World Economic Forum mentioned above report It makes clear: the limitations of resources create gaps in cyber resilience. When working together, business and government can close those gaps and build a stronger and safer digital environment, a better equipped to avoid increasingly sophisticated cyber attacks.
The business case for proactive security
Some companies can argue that implementing more strict cybersecurity measures is too expensive. However, the price of doing nothing could be much higher. According IBMThe average cost of data violation increased to $ 4.88 million in 2024, compared to $ 4.45 million in 2023, marking an increase of 10%, the highest since the pandemic in 2020.
Companies that have already taken measures for safer systems benefit from faster incident response times and greater confidence from customers and partners who want to maintain their safe data. For example, MasterCard developed A real -time fraud detection system that uses automatic learning (ML) to analyze transactions worldwide. It has reduced fraud, increased customer confidence and has improved security for customers and merchants through instant suspicious activities alerts.
These companies also save costs. IBM reports that two thirds of organizations are now integrating security AI and automation in their security operations centers. When they apply widely to prevention workflows, such as the management of the attack surface (ASM) and posture management, these organizations saw an average reduction of $ 2.2 million in non -compliance costs compared to those who do not use their prevention strategies.
A call to action for business leaders
The critical infrastructure of the United States is as strong as its weakest link, and at this time, that link is business cybersecurity. The weak defenses of the private sector represent a serious risk for national security, economy and public safety. To avoid catastrophic results, decisive action of both companies and the government is needed.
Fortunately, progress is underway. Former President Biden’s Executive order On cybersecurity, it requires that companies that work with the federal government meet the strictest cybersecurity standards. This initiative encourages business leaders, investors and policy formulators to enforce stronger safeguards, invest in resistant infrastructure and promote collaboration throughout the industry. When taking these steps, the weakest bond can become a powerful defense line against cyber threats.
Bets are too high to ignore. If companies, government partners or not, do not act, the systems they trust could face more serious and devastating interruptions.
Vincent Baubonis leads the Team of Cybernews.
