Weak cyber defense reveal critical infrastructure - how companies can proactively thwart cunning attackers in order to protect us all

Take part in our daily and weekly newsletters to get the latest updates and exclusive content for reporting on industry -leading AI. Learn more

Direct attacks on the critical infrastructure attract a lot of attention, but the greater danger is often in somewhat less visible: the poor cyber security practices of the companies that keep these systems going. After Cybernews Business Digital IndexAstonishing 84% earned a D grade “D” or worse for their cyber security practices, with 43% fell into the “F” category. Only 6% of the companies received an “A” for their efforts. What is more worrying is that industries in the heart of a critical infrastructure – such as energy, finance and healthcare – are among the weakest connections.

Corporate cybersecurity Errors cannot be separated from national security risks. The strength of the critical infrastructure of the United States is based on solid digital defenses. If companies do not secure their networks, leave the entire country susceptible to potentially devastating attacks.

A false adjustment between risks and willingness

The latest in the World Economic Forum report Reveals a worrying separation. Two thirds of the organizations count on AI to form cyber security this year, but only 37% have processes to check whether their AI tools are safe before using them. It is like putting all your confidence in a high-tech device without reading the manual and potentially about trouble. While companies deal with preparation, the AI is used by cybercriminals to orchestrate offensive campaigns. For example company management face an increase in highly targeted phishing attacks created by AI -Bots.

Cyber attacks of all kinds will be more difficult to ward off. For example, take the finance and insurance sector. These industries manage sensitive data and are the key to our economy, but 63% of companies in these sectors have failed a “D” and 24%. It is no surprise that last year, last year, LandepotOne of the country’s largest mortgage lenders was affected by a large ransomware attack, which forced them to make some systems offline.

Ransomware is still a main problem due to weak cyber security measures. Crowdstrike found that the cloud environment intersions rose by 75% from 2022 to 2023, with cloud-conscious incidents rising by 110% and cloud-tagnostic incidents. Despite the technological advances, the e -mail remains one of the main methods for cybercriminals for target companies. Hornet security According to reports, almost 37% of all e -mails were marked as “undesirable” in 2024, a slight increase compared to the previous year. This indicates that companies still have difficulty fixing the basic weaknesses through proactive measures.

The business national security nexus

Weak cyber security is not just a company problem – it is a national security risk. The 2021 Colonial pipeline Attack disturbed the energy supply and the obvious weaknesses in critical industries. Increasing geopolitical tensions, especially with ChinaReinforce these risks. The latest violations that are due to state-funded actors have exploited outdated telecommunications devices and other legacy systems and show how complacent can put national security in danger when updating technology.

For example, last year’s hack of US and international telecommunications companies last year exposed National security threatens telephone lines used by top officials and endangered data from systems for surveillance inquiries. The weak cyber security among these companies risks long -term costs and enables state -funded actors to access sensitive information, to influence political decisions and to disrupt the secret services.

It is important to recognize that weak points do not exist in isolation. What happens in a sector – be it telecommunications, energy or finance – can have a domino effect that affects national security. More than ever, it is important to work with IT and DevOps teams to close all gaps and prioritize timely updates in order to be one step ahead in order to be the further developing cyber threats.

Molder the risks

In order to tackle these growing cyber threats, companies have to strengthen their security game. Taking measures in these key areas can make a big difference:

If not, they implement AI-based cyber security tools that continuously monitor suspicious activities, including AI-affiliated phishing attempts. These tools can automate the detection of new threats, analyze and react in real time, which minimizes potential damage caused by cyber attacks such as ransomware.
Insert a comprehensive system to evaluate the safety of AI tools before use. This should include strict AI security services that test weaknesses such as susceptibility to controversial attacks, data poisoning or modeling version. Companies should also carry out safe development life cycle for AI tools, carry out regular penetration tests and ensure compliance with established framework conditions such as ISO/IEC 27001 or the nist framework for the risk management of AI.
With increasing cloud-based attacks, in particular with the increase in ransomware and data injuries, companies should take advanced cloud security measures. This includes robust encryption, the scanning of continuous vulnerability and the integration of AI in order to predict and prevent future violations in cloud environments.
Let me remind me that Legacy systems are a hacker’s favorite destination. If you have systems up to date and the use of patches, you can immediately close the doors for weak points before attackers take advantage of them.

Cooperation is the key

No company can be exposed to today’s cyber threats. Cooperation between private companies and government agencies is more than helpful – it is essential. By exchanging threat information in real time, companies can react faster and be ahead of the emerging risks. Public-private partnerships can also compensate for competitive conditions by offering smaller companies access to resources such as financing and advanced security instruments that they may otherwise not afford.

The world economy forum of the global economy mentioned above report Makes it clear: resource restrictions create gaps in cyber resistance. Through the cooperation, companies and the government can close these gaps and build a stronger, safer digital environment – one that is better equipped to prevent increasingly demanding cyber attacks.

The business case for proactive security

Some companies could argue that the implementation of strict cyber security measures is too expensive. The price of doing nothing could be much higher. Accordingly IBMThe average costs for a data injury rose to $ 4.88 million in 2024, which rose to an increase of $ 4.45 million in 2023, which marks an increase of 10% – the highest since the pandemic in 2020.

Companies that have already taken steps towards safer systems benefit from faster response times and more trust from customers and partners who want to keep their data safe. For example, Mastercard developed A real-time fraud detection system that uses machine learning (ML) to analyze transactions globally. It has reduced fraud, reinforced the customer’s trust and improved security for customers and retailers through immediate suspicious activity warnings.

Such companies also save costs. IBM reports that two thirds of the organizations are now integrating the security AI and the automation into their safety operating centers. If these organizations were widely used on prevention workflows such as attacking area management (ASM) and posture management, these organizations recorded an average reduction of violations of 2.2 million US dollars compared to those who did not use AI in their prevention strategies.

A call for action for managing directors

The critical infrastructure of America is only as strong as the weakest link – and this link is currently business cyber security. Weak defenses of the private sector represent a serious risk of national security, economy and public security. To prevent catastrophic results, both companies and the government are required.

Fortunately, progress is in progress. Former President Biden Executive order In cyber security, companies with the federal government have to meet stricter cyber security standards. This initiative encourages company managers, investors and political decision -makers to enforce stronger protective measures, invest in reliable infrastructure and to promote the industry -wide cooperation. Through these steps, the weakest link can become a strong line of defense against cyber threats.

The operations are too high to ignore. If companies – government partners or not – do not act, the systems that everyone rely on could be exposed to serious and devastating disorders.

Vincent Baubonis leads the Team at Cybernews.

Daily insights into the economic use cases with VB daily

If you want to impress your boss, VB Daily covered her. We give you the Inside scoop of what companies do with generative AI, from regulatory shifts to practical deprivation, so that they can share knowledge for a maximum ROI.

Read our Data protection guideline

Thanks for subscribing. Check out more VB newsletter here.

An error occurred.