By Si Katara

If you pay attention to the news, it won’t come as a surprise that the number of cyberattacks around the globe has grown at an alarming rate in recent years. In fact, there was a 102% increase in the number of ransomware attacks in 2021 when compared to the beginning of 2020. Cybercrime Magazine noted in a November 2020 article that “if it were measured as a country, then cybercrime – which is predicted to inflict damages totaling $6 trillion USD globally in 2021 – would be the world’s third-largest economy after the U.S. and China.” This cost is projected to reach $10.5 trillion USD by 2025.

In many cases, these data breaches presented potentially dire consequences, threatening basic resources which our society needs to function.

Why has infrastructure become such a common target for cybercriminals?

Infrastructure has become a prime target of hackers for a number of reasons, many of which revolve around not adapting quickly enough to the changing digital landscape and not properly training employees on how to avoid exposing their organization to online risks. ​

Cybercriminals often target large infrastructure construction organizations because they understand many of these organizations are hesitant to upgrade their software systems or deprioritize it. President Biden’s recent Executive Order on Improving the Nation’s Cybersecurity acknowledged the shortfalls of legacy systems, calling for agencies to accelerate cloud migration and “update existing plans to prioritize resources for the adoption and use of cloud technology.”

Many government agencies operate on systems which were designed 20 or more years ago and don’t integrate with other data systems. This presents significant risks because they often introduce a single point of failure – most legacy systems have not been updated with security measures to appropriately address modern day ransomware, making them easier for hackers to break into. Migration to a new, cloud-based system is often seen as too much work to undertake which leads organizations to simply maintain the status quo. As a result, the federal government plans to spend over $90B on information technology to help aid in the modernization of these systems.

Similar to physical infrastructure like bridges or highways, the longer these systems exist without being modernized, the more expensive they become to maintain.

Breaking the trend – how government agencies and companies can face cybersecurity challenges head-on

The key to mitigating cybercrime risks is shifting from a monolithic architecture in which all of an organization’s eggs are placed in one basket, to a modular system where several independent technologies are seamlessly integrated to perform various business functions. Instead of having singular points of failure, where one cyber attack can shut down an organization’s entire online ecosystem, a modular, loosely coupled architecture reduces vulnerabilities by providing multiple points of failure. In a modular system, each component of the overall system has its own security measures in place which are most suitable for that individual business function, making it next to impossible for a cyberattack to take down the entire system at once.

In addition to mitigating the risk of cyberattacks, modular systems provide higher quality and greater usability of data. It’s impossible for one software provider to move every aspect of the industry forward and offer the best solution for the many issues and challenges that exist, but a modular approach allows customers to adopt and integrate platforms that offer the best solutions for a specific function. This approach accelerates innovation and progress while ensuring that information and data don’t get siloed on a single software platform.

As an increasing number of organizations come to realize that their legacy systems were not designed to handle the challenges presented by modern-day cyberattacks, coupled with the global shift to working from home, modular architecture continues to become the new norm. In a 2019 study, 7 out of 10 state officials surveyed expected that their agencies will shift the bulk of their IT investments to cloud-based models by 2022 rather than using agency-owned data centers. A 2020 study also found that cloud services are becoming an essential component for modern, digital services delivery within the U.S. infrastructure industry.

As we look to the future and assess how our infrastructure will be sustained, changed, and built anew, it is important that we modernize legacy software systems to protect our most vital societal assets from malicious attacks. By doing this, organizations involved in the construction industry will realize myriad other benefits, including a more efficient allocation of time and resources, as well as better data to facilitate more informed decision-making from all stakeholders.

Si Katara is the cofounder and president of HeadLight, a visual-based inspection technology company for the infrastructure construction industry.