* Improperly managed account rights: Admin-level account privileges are often granted to commercial organizations' employees and partners to allow them to do their jobs without having to involve the IT help desk. Viewfinity CEO Leonid Shtilman warns that "most organizations are victims of 'privilege creep,' the situation where privileges are locked down initially by IT and are then increased little by little over time." Coupled with weak and/or recycled account passwords, hackers could gain access to sensitive or critical systems, applications and data within the critical infrastructure via an account that shouldn't have been accessible in the first place, or via an account that possesses too many user rights. This enables the hackers to do as they wish with these now-compromised resources with little probability of being detected.

* (BYOD) trends: As more and more mobile technologies emerge, an increasing number of people within the commercial enterprise are bringing their own devices into the workplace. The security of these personal devices is often unregulated, therefore jeopardizing the security of an organization's entire network, plus that of any other networks that are connected to it.

To properly combat cross-infrastructure attacks, the following things need to occur:

* Interconnected network security and assessment: Communications and network channels between the enterprise and the critical infrastructures need to be routinely assessed to ensure the proper security mechanisms are in place and functioning properly. "The community is realizing that monitoring may not go far enough and that continuous risk assessment -- actually proving what is exploitable before your hackers do -- is a longstanding practice found in many government cybersecurity programs that can and should be extended to the critical infrastructure and the commercial enterprises that support them," says Seema Sheth-Voss, director of solutions marketing at CORE Security.