top of page
Search

Global Attention on Critical Infrastructure Grows as Cyber Attacks Escalate

  • Writer: Yisda Technical Team
    Yisda Technical Team
  • 1 day ago
  • 3 min read

This week’s developments highlight how interconnected today’s digital infrastructure has become and how quickly vulnerabilities can cascade across industries. A major breach involving a financial services vendor renewed attention on supply-chain risk, while the European Union’s decision to classify major technology providers as critical infrastructure signaled rising global concern around digital resilience. In North America, the largest grid-security exercise ever conducted demonstrated both the breadth of cross-sector collaboration and the increasing sophistication of threats targeting essential services. Collectively, these events underscore the expanding scope of global cybersecurity challenges and the need for stronger defenses and coordinated action.


Eye-level view of a large electrical grid control room with multiple screens showing network data
Control room monitoring electrical grid security

Supply Chain Cyber Attack Hits Key Financial Services Vendor


A major vendor, SitusAMC, was breached by hackers, exposing sensitive information including accounting records and legal agreements. SitusAMC supports major U.S. banks—including JPMorgan Chase and Citi—with real estate loan and mortgage management.

The incident, discovered on November 12, did not involve ransomware. The FBI is assisting and reports no operational impacts to banking services. Security experts warn that the breach highlights persistent supply chain vulnerabilities in the financial sector—one of the world’s most heavily defended industries. The event underscores how third-party weaknesses can expose even the strongest institutions. Access the full article here.

Access the full article here.

Key Takeaways from the SitusAMC Breach


  • Third-party vendors can be entry points for cyberattacks.

  • Strong internal defenses are not enough without secure supply chains.

  • Continuous monitoring and risk assessment of partners are essential.

  • Collaboration with law enforcement helps mitigate damage and improve response.


European Union Labels Major Tech Providers as Critical Infrastructure Under DORA


The European Union has designated 19 major technology providers as critical infrastructure under the Digital Operational Resilience Act (DORA), including AWS, Google Cloud, and Microsoft. This classification subjects cloud and technology service providers to direct regulatory oversight similar to power grids and telecommunications networks.

Requirements will include resilience testing, backup integrity validation, incident reporting, and stronger failover standards. Experts note that this decision reflects rising concern over the concentration of essential services within a small number of cloud and identity providers—a risk highlighted by recent large-scale outages at both Cloudflare and AWS.

Access the full article here.


North America’s Largest Power Grid Security Exercise Draws Over 370 Organizations


More than 370 organizations participated in GridEx VIII, North America’s largest cyber and physical security exercise for the electric grid—a nearly 50% increase from 2023. Hosted biennially by NERC’s E-ISAC, the exercise tests emergency preparedness through scenarios modeled on real-world threats.

This year saw a 70% increase in participation from small and medium utilities, stronger engagement from Canadian partners, and broader involvement from natural gas, water, and telecommunications sectors. According to NERC leaders, the expanded participation reflects heightened efforts to improve grid resilience amid rising threats, including the ransomware attack on Nova Scotia Power and the long-term Volt Typhoon intrusion into a Massachusetts public power utility.

A full lessons-learned report is expected in Q1 2026. Access the full article here.


Wide angle view of a power substation with transmission towers under a cloudy sky
Power substation representing critical electrical infrastructure

Yisda Takeaways


This week’s developments reflect the heightened global focus on critical infrastructure security and the growing risks created by third-party dependencies. The financial-sector breach shows how supply chain weaknesses can compromise even the most heavily defended institutions. The EU’s decision to classify major technology providers as critical infrastructure highlights concerns around the resilience and concentration of essential digital services. And GridEx VIII demonstrates both the scale of emerging threats to the power grid and the need for preparation and cross-industry coordination.

As organizations navigate this evolving threat landscape, it is essential to strengthen vendor visibility, improve incident response readiness, adopt zero-trust-based secure remote access where needed, and maintain a sustained focus on reducing risk and improving operational resilience.


bottom of page