Critical infrastructure encompasses systems and assets vital for societal, economic, and national security, and this means opportunity to secure many networks for New York pentest pros. This comprehensive report delves into prevalent attack types, namely phishing, business email compromise, malware/ransomware, and corporate data breaches.
Examining cyberattack trends reveals a stark reality, as reported by the Internet Crime Complaint Center (IC3). Over a six-year period, cyberattack complaints in New York surged by 53 percent, escalating from 16,426 in 2016 to 25,112 in 2022. Nationally, attacks increased by a staggering 168 percent during the same period. New York witnessed estimated losses exceeding $775 million in 2022, contributing to a national total of $10.3 billion in losses. Notably, New York ranked fourth in reported cybercrime victims in 2022.
Business Email Compromise (BEC) attacks experienced the most significant growth in complaints, soaring by 91 percent from 2016 to 2022. In comparison to other states, New York ranked third in both ransomware attacks (135) and corporate data breaches (238) in 2022. The critical infrastructure sectors most targeted through ransomware and data breaches were Healthcare and Public Health, Financial Services, and tied for Commercial Facilities and Government Facilities.
For aspiring New York pentest professionals, these attack statistics bring forth a silver lining. The escalating cyber threats underscore the increasing demand for penetration testing expertise in the state. As cybercriminals continue to exploit vulnerabilities, the need for skilled professionals adept at identifying and mitigating these threats becomes paramount.
Moreover, preliminary figures for the first half of 2023 indicate a nearly doubling of attacks on critical infrastructure in New York, from 48 in 2022 to 83. This surge emphasizes the urgency for robust cybersecurity measures and presents an opportune landscape for New York pentest professionals to play a crucial role in fortifying defenses.
To combat this escalating threat, timely and accurate reporting of cyber incidents is imperative. Various mechanisms, including the New York State Information Security Breach and Notification Law, facilitate oversight and reporting. Additionally, the appointment of the Chief Cyber Officer and the establishment of the Joint Security Operations Center underscore New York’s commitment to proactive collaboration and implementation of the state’s cybersecurity strategy.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 mandates the development of centralized reporting regulations by the Cybersecurity and Infrastructure Security Agency (CISA). Such regulations aim to create a repository of data breach reports, enhancing the identification of new attack vectors and enabling coordinated responses to emerging cyber threats. Inclusion of local governments in this database is crucial for comprehensive cybersecurity.
The Infrastructure Investment and Jobs Act (IIJA) and the State and Local Cybersecurity Grant Program (SLCGP) commit substantial federal funding to address cybersecurity risks. New York’s adoption of the first-ever cybersecurity strategy positions the state to access these federal grants, fostering a stronger cybersecurity posture.
In the Enacted Fiscal Year 2023-2024 State Budget, $42.6 million was allocated to bolster cybersecurity statewide, accompanied by a $500 million capital program for healthcare IT infrastructure upgrades. Sustained investment in network security, technological upgrades, and the development of in-house expertise remains crucial to fortifying critical infrastructure against evolving cyber threats. For New York pentest professionals, this influx of funding and emphasis on capacity building signifies a promising landscape for career growth and contribution to cybersecurity resilience.
source : Office of the State Comptroller – State of New York
Leave a Reply