CREDIT: SONG_ABOUT_SUMMER / STOCK.ADOBE.COM
Critical infrastructure companies maintain assets, systems, and networks that are vital to national security, public health, and the economy. They are increasingly the target of cyber attacks: between July 2022 and June 2023, critical infrastructure industries experienced more ransomware attacks than any other sector.
This has led to increased regulatory scrutiny and federal guidance. The latest of these guardrails in the United States are the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) which will eventually require companies to report cyber incidents and ransomware payments, the SEC’s new cybersecurity disclosure regulations for public companies, and the recent Shields Ready initiative to create resilience in critical infrastructure.
Many critical infrastructure industries have a reputation for slower innovation due to extensive regulations, and traditionally cybersecurity implementation has been seen as a cost of doing business. However, as a cybersecurity investor I have witnessed how the regulatory environment is elevating cybersecurity as a business enabler.
Today, cybersecurity not only protects against cyber threats but also generates digital transformation to drive value. This is evident in the critical infrastructure sector, where resilient companies have spent years leveraging cutting-edge cybersecurity technology to navigate regulations and address rising cyber threats.
Here’s how enterprises leverage cybersecurity for digital transformations across three critical infrastructure industries: financial services, telecommunications, and information technology (IT).
Financial Services
The financial services industry helps consumers and companies access financial goods and services and is integral to our digitally connected world. In recent years, rapid digitization, remote work, and expanding digital systems and data have increased cybersecurity risks including fraud, money laundering, data breaches, and service disruptions in the industry.
In response to tightening regulations following the 2008 financial crisis (including the Dodd-Frank Act) and broadening digital boundaries, financial services companies have leveraged cybersecurity to meet regulatory demands, manage cybersecurity risks, and transform business. The industry has experienced cybersecurity-driven improvements in fraud prevention, business efficiencies, risk management, and customer experience.
A good example is what BNY Mellon (BK) is doing to innovate in digital payment processing. BNY Mellon created the aggregated payment platform Vaia in collaboration with cybersecurity startup Verituity to help businesses access a wide range of payment services, verify payee identities, and prevent payment fraud. This transformation is creating better and more efficient customer experiences while reducing risk and ensuring payment accuracy and security.
Communications
Communications companies transmit, store, and use massive amounts of sensitive customer and business data. Data breaches and network attacks are growing risks and can lead to reputational loss, compromised consumer privacy, business disruptions, and a loss of customer trust.
The Federal Communications Commission (FCC) regulates this sector and recently proposed a cybersecurity labeling program for smart devices that would mandate consumer-facing information on smart device security. In response to growing regulatory, privacy, and cybersecurity concerns, the majority of communications companies have implemented new cybersecurity capabilities including encryption, data protection, 5G security, and Internet of Things (IoT) security.
Comcast’s (CMCSA) approach to cybersecurity-first product development is a defining example of digital transformation. In 2016, the company created an internal developer, security, and operations (DevSecOps) program that empowers developers with automated cybersecurity testing tools and coaching around secure application development. These innovations sped up the development process and helped Comcast create more secure products, all with a smaller team- creating new value for the company and their customers.
Nokia’s (NOK) AVA platform shows how enterprises can use AI for cybersecurity and network optimization. The platform leverages machine learning and decentralized data collaboration technologies to help companies automate, secure, and optimize their networks and data. This digital transformation enables new innovations for Nokia’s customers including improved customer experience, accelerated AI development, and new revenue streams through network data analytics.
Information Technology (IT)
The IT industry is a key part of critical infrastructure as businesses and consumers across the globe rely upon numerous IT partners and tools. Distributed denial-of-service (DDoS) attacks can overwhelm networks and are a serious risk, as a disruption to IT services is deeply impactful. Software supply chain vulnerabilities are a growing threat to IT companies: modern software is comprised of components from various sources, making a vulnerability in one component a threat to all software relying on it. 45% of companies will experience a software supply chain attack by 2025, with well-documented cyber incidents like the MOVEit, 3CX, and SolarWinds events making headlines in recent years.
Regulations in IT are emerging quickly, including the Biden administration’s guidance on software supply chain security for federal agencies and the Cybersecurity & Infrastructure Security Agency’s (CISA) recent guidance on secure software for developers and suppliers. The industry is pursuing cybersecurity capabilities to address risks, meet compliance demands, and generate business value.
One notable innovation is the Software Bill of Materials (SBOM), which provides visibility into software components and illuminates security vulnerabilities. They drive business value by creating universal infrastructure and data exchange formats so companies can more easily collaborate with partners. SBOMs also help companies prevent and address security risks more quickly, lowering development costs.
Mobile application security pioneers NowSecure, the creators of the world’s first mobile SBOM solution, works with companies like AT&T (T), Humana (HUM) and Uber (UBER) to protect consumers and end users from data and privacy violations, ensuring personally identifiable information is not compromised by mobile applications. Its continuous, automated and integrated penetration software is a critical component of software supply chain security for leading organizations across government, telecommunications, healthcare, financial services, retail and entertainment.
Another remarkable example of digital transformation is Synopsys’ (SNPS) product collaboration with startup ReversingLabs around software supply chain security. The two companies partnered to help customers create SBOMs, analyze software components, identify vulnerabilities, and better manage cyber risk. This synergy creates actionable outcomes for customers who can now more effectively meet compliance demands, prevent costly software compromises, and implement efficiencies through SBOMs.
A Wave of Digital Transformation in Highly Regulated Industries
Successful critical infrastructure companies leverage cybersecurity technologies to create efficiencies, secure enterprise systems, and protect consumer privacy. These improvements are spurred by a need to reduce risk and meet regulatory demands. Companies that take advantage of this opportunity are creating new capabilities while claiming their place as market leaders.
Disclosure: Forgepoint Capital invests in NowSecure, Verituity and ReversingLabs.
***This article was originally posted on Nasdaq.com. You can read it here.***
Issue: Logging generates important data that informs threat detection, prevention, and response. However, log management operating expenses are often subject to budget cuts, leading to diminished security capabilities. Logging is a fundamental…
Read MoreNew risks to proprietary company data are emerging as generative AI usage becomes a common practice for startups, enterprises, and consumers alike. Today, third-party partners and customers may be able to train AI models using proprietary but…
Read MoreCybersecurity mergers and acquisitions (M&A) activity has picked up in the last several months, with notable examples including Cisco’s (CSCO) $28B acquisition of Splunk (SPLK), Thales’ (trades on the Euronext Paris) $3.6B acquisition of…
Read More