Critical Infrastructure Is Under Worldwide Attack

Uploaded on 2019-04-10 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities

Cyber-attacks on critical infrastructure using focused malware  like Triton and GoldenEye have significantly increased recently. In the last two years, hackers have continued attacking different crucial infrastructure networks around the globe with significant negative impact. 
 
Every minute of the day, there are cyber-attacks that are causing severe problems, by disrupting and taking down different parts of the technology system. 
 
A new report by the Ponemon Institute, based on an anonymous poll of more than 700 security professionals who are employed as guardians of critical electronic infrastructure in the UK, Germany, US, Japan, Mexico and Australia reveals that 90% say they had to deal with a number of different cyber-attacks.  For security reasons the professionals often refused to explain some of the details of the attacks and they said that they didn’t have the means to analyse some of the detailed information about attacks. 
 
"These are multiple, successful attacks on the physical world using cyber-technologies," Eitan Goldstein, from security firm Tenable, which commissioned the report, told the BBC.
 
"That is a really big change and that's why the risk isn't just theoretical any more. We believe the reason behind it is increased connectivity to industrial control systems. 
 
“Today we want to be able to do analytics and predictive maintenance in our power plants, but the proliferation of smart devices and sensors and IoT is really increasing our cyber-exposure to attack. In many cases, organisations don't even know what is connected to the Internet and what can be accessed by hackers."
 
In 2015, Stuxnet, which was probably created by the US and Israel, attacked Iranian nuclear power plant facilities, knocking them offline and causing both the plants, and the country itself, serious damage. Some of the media said Stuxnet was the globes first digital weapon. 
 
Here are Seven key findings about Cyber-Attacks: 
1. Cyber-attacks are non-stop and frequently against Online Technology (OT) environments. Most organisations in the OT sector have experienced multiple cyberattacks causing data breaches and/or significant disruption and downtime to business operations, plants and operational equipment. Many have suffered from nation-state attacks. 
2. The C-level is heavily involved in the evaluation of cyber risk. C-level technology, security and risk officers are most involved in the evaluation of cyber risk as part of their organisation’s business risk management. 
3. Nearly fifty percent of organisations attempt to quantify risk from cyber events. 48% of organisations in the OT sector (vs 38% in the non-OT sector) attempt to quantify the damage a cyber event could have on their business, and they’re most likely to quantify the impact based on downtime of OT systems. 
4. OT sector organisations expect significant threats in 2019. Concerns about third parties misusing or sharing information and OT attacks resulting in downtime to plant and/or operational equipment increase when looking at 2019. Worries about nation-state attacks continue at a significant level. 
5. 2019 governance priorities vary. Increasing communication with the C-suite and board of directors about cybersecurity threats facing the organization and ensuring third parties have appropriate security practices to protect sensitive data are top priorities for 2019. 
6. 2019 security priorities address sophisticated threats. The top 2019 security priority is to improve the ability to keep up with the sophistication and stealth of attackers. This isn’t surprising given the significant number of OT sector organisations that have suffered a nation-state attack in the past 24 months. 
7. Organisations are challenged to improve cybersecurity. Few organisations have sufficient visibility into their attack surface. Gaining required visibility will continue to be a challenge due to a combination of staff shortages and heavy reliance on manual processes. 
 
Conclusions 
Organisations in the OT sector are aligning their 2019 security priorities to address their most significant worries in 2019. The survey results suggest multiple recommendations for improving security in 2019 and beyond: 
Improve communication with the C-suite and board of directors about the cyber threats facing the organisation. This will help identify and address gaps among the organisation’s risk appetite and actual risk exposure. 
Improve visibility into the attack surface. Blind spots can result in unmanaged and unsecured IT and OT systems. Complete visibility is required for organisations to assess their risk. 
Increase the use of automated processes to compensate for the security staff shortage. 
Continue to recognise the security impact of interdependencies between IT and OT systems. Vulnerabilities and 
other weaknesses in IT systems can put interconnected OT systems at risk, and vice versa. 
 
Please contact Cyber Security Intelligence for a Cyber Audit and Cyber Training Recommendations.
 
Tenable Ponemon Report:         ITProPortal:       ITProPortal: 
 
You Might Also Read:
 
Cyber Attacks On Critical Infrastructure – A New Frontier In Global Conflict:
 
« Facebook Is Hosting Multiple Cybercrime Marketplaces
Websites To Be Fined Over 'online harms' Under New UK Law »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

tietoEVRY

tietoEVRY

TietoEVRY creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.