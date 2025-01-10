On September 25, CISA issued a stark reminder that critical infrastructure remains a primary target for cyberattacks. Vulnerable systems in industrial sectors, including water utilities, continue to be exploited due to poor cyber hygiene practices. Using unsophisticated methods like brute-force attacks and leveraging default passwords, threat actors have repeatedly managed to compromise operational technology (OT) and industrial control systems (ICS).

Attacks on the industrial sector have been particularly costly. The 2024 IBM Cost of a Data Breach report found the average total cost of a data breach in the industrial sector was USD 5.56 million, an 18% increase for the industry compared to 2023. This represents the highest data breach cost increase of all industries surveyed in the report, rising by an average of USD 830,000 per breach over last year.

Ongoing vulnerabilities pose a serious threat to public safety and national security, especially as water systems and other critical infrastructure providers remain underprepared in the current threat landscape. Let’s take a closer look at the current state of critical infrastructure security, highlighting recent incidents, efforts to address vulnerabilities and the need for further collaboration between the government and private sectors.