Professional Documents
Culture Documents
In a sense that’s not surprising. After all, most well-publicised attacks have been in
consumer and corporate IT. But with attacks on critical industrial environments now
becoming more frequent, people are starting to wake up to the operational, financial,
reputational and even human and environmental damage they can inflict.
Awareness is one thing. But the fundamentals of cyber security are still not being
practised regularly. What are those fundamentals? In our cyber security work with
organisations operating critical infrastructures around the world in sectors including
power, oil and gas, water management, manufacturing and maritime, we’ve identified
the top five technical issues that need addressing.
All too often, we see poor patch management and the use of unsupported software.
That makes it easy for attackers with off-the-shelf tools to exploit weaknesses – as
we saw with the spread of the WannaCry ransomware that crippled many
organisations. In 2018 and 2019, other ransomware campaigns also directly
impacted industrial sectors. These systems should be upgraded, replaced or
properly isolated to communicate with only what is explicitly necessary.
And as OT becomes ever more closely integrated with enterprise and business
systems, the boundaries between OT and IT environments are often weak, as are
many firewalls. Attackers seeking to gain control of OT through the network are well
versed in the technique of exploiting poorly configured gateways and other
equipment to leverage weaknesses in the IT network, and that way enter the OT
environment.
Poor systems hardening
Systems hardening is key to reducing vulnerability to attack, through eliminating
possible attack vectors and condensing the attack surface of the systems. Yet many
device installations have either no or minimal hardening measures in place.
Vulnerabilities are created in systems when, for example, access credentials are left
in their default state or organisations use insecure protocols or permissive services.
If vendors don’t make patches and updates available, organisations may need to
upgrade, migrate or isolate a system from the network.
Organisations should also apply the principle of ‘least privileges’ – only granting
permissions for user accounts to those who require them.
Recent developments in the IT world have shown that one of the most effective ways
to spot new and evolving threats is through host-based monitoring, such as with
Endpoint Detection and Response tools. These tools can facilitate effective incident
response processes. For OT systems that don’t allow host-based monitoring, there
are passive and active monitoring tools that can monitor the network. They are
improving hugely in quality.
Fortunately, most of these issues are all relatively easy to fix. It’s not a one-off job,
however. Sustainable cyber security is a never-ending process, with many moving
parts. To do it right, it’s vital to appoint people directly responsible for maintaining
security in the OT domain, and implement a ‘defence-in-depth’ strategy with multiple
levels of protection such as layered networks, strong access control, system
hardening and regular testing of all entry points.
DDoS Attacks
Distributed denial of service (DDoS) attacks have become one of the most prominent
forms of cybercrime over the last few years. While there’s no doubting they’ve
increased in frequency (2018 will set a new record for the number incidents), DDoS
attacks also make for splashy headlines when they manage to take down major
sites, even if they only manage to do so for a few minutes. The goal of a DDoS
attack is to overload a server with access requests until it ultimately crashes. These
attacks are usually facilitated by “botnets,” a fleet of computers infected by malicious
software and directed by a hacker to send access requests to a single target. Newer,
more intense forms of DDoS attacks involve a process known as “memcaching,”
which uses unprotected, open-source object-caching systems to amplify access
requests and inundate sites with more than a terabyte of traffic.
Malware
Phishing Scams
A digital version of an age-old scam, phishing attacks consist of email messages that
use various forms of psychological manipulation and deception to convince users to
click on a link that sets them on a path to sharing their personal information. Modern
phishing messages are incredibly sophisticated, often posing as emails from
legitimate, trusted companies. And while most internet users know to be especially
wary of such requests, a 2016 Verizon report found that people were six times more
likely to click on a phishing email than a regular marketing email.
Internal Misuse
Even the best cybersecurity measures can prove ineffective when employees make
the decision to misuse their access privileges. While people leaking secure data to
public sources may be the most newsworthy example of such abuses, it’s far more
common for employees to simply take vital data and information without having any
specific plan for what to do with it. Recent research found that 85 percent of
employees took documents or information they’d personally created and 30 percent
took data they hadn’t created. This information included strategy documents,
customer data, and even proprietary source code. While employees sometimes took
data in response to being fired, 90 percent of them reported taking it because there
was no policy or technology in place to stop them.
Solutions
Predictive Analytics
In the case of DDoS and ransomware attacks, it’s essential for companies to have a
data back-up plan in place. Having access to mission critical data can mean the
difference between getting systems and services back online quickly with minimal
downtime and suffering a catastrophic server outage. With a thorough back-up
strategy in place that frequently stores vital data and assets in a separate, and
preferably off-site system, companies can avoid the “all or nothing” risk of a
cyberattack causing prolonged downtime. Data centers can provide extensive back-
up solutions reinforced by multiple layers of cybersecurity and physical security.
SLA Assurances
Cyber Insurance
With hacking becoming an accepted risk across multiple industries, many companies
have responded by purchasing insurance plans to protect them against potential
financial loses. The cyber insurance market is expected to grow to $20 billion by
2025. Once merely an option attached to more general business plans, standalone
cyber insurance coverage has become so popular that many new insurers are
entering the market to capitalize on it. For industries like healthcare, which has
difficulty implementing robust security measures due to compliance laws, insurance
is fast becoming a necessity to protect companies financially from cyberattacks on
their own systems or those of their suppliers and partners.
“Bug Bounties”
Many data breaches result from phishing scams that introduce malware into network
systems. Educating employees regarding the latest tactics used by scammers can
help reduce the likelihood that they will click links that expose them to malicious
software. Implementing basic data security policies that explain how to properly
handle company data is also key to reducing the threat of internal misuse.
Organizations should also be more strict about who has access to sensitive data in
the first place. These strategies can greatly reduce the impact of human error on
cybersecurity measures.
While cyberattacks remain a serious threat to organizations today, there are several
solutions that can bolster efforts to safeguard data and maximize service uptime. By
keeping up-to-date with the latest risks, companies can implement more effective
cybersecurity strategies to protect both themselves and their customers from harmful
data breaches and other threats.