Today’s cyber attacks seem to be evolving into elaborate tales like Hollywood movies. It could be from a James Bond or Mission Impossible movie where the protagonist fights time to save the world from a single criminal and their laptop. Have you seen James Bond’s GoldenEye? Where the movies doesn’t quite navigate the same storyline as we see today, the power that one individual (or group) can have on critical systems is very much a reality.
Cyber criminals have grown stronger and bolder over the last decade channeling their attention towards critical infrastructure that they can personally wreak havoc on. In 2015, a massive power outage affected the Ukraine that left more than 230,000 people in west-Ukraine without power for hours. The leading cause of the attack was due to a phishing email, which still remains to be one of the top attack channels for implementing a cyber attack.
There’s also been active cyber attacks on U.S. Power Plants. Both the U.S. FBI and Homeland Security have voiced continuous concern other the vulnerabilities in U.S. power plants. A notable attack was on the Wolf Creek Nuclear Operating Corporation, based in Kansas, which the plant was subject to a series of phishing attacks and malicious email attachments. The success of this simple method of deployment can be directly blamed on low security awareness training and not using monitoring tools.
And the attacks continue, and they continue to be hot news topics that receive attention, but no action. Eugene Kaspersky, CEO of Kaspersky Lab, comments on the importance of taking a serious approach to protecting critical infrastructure.
“As we increasingly depend on technology as the backbone of our civilization, we need to ensure our critical infrastructure is built upon a robust architecture that is not only secure, but immune. If we don’t adopt a security first approach, we will face a very uncertain future.”
A Preventative and Proactive Solution
The problem is painted, but what are we going to do about it. The first step to securing infrastructure properly is encouraging business leaders and companies to develop a preventative, proactive and not a reactive mindset to cyber security. In some cases, a business can take weeks to years to find a breach in their security infrastructure. By creating a tangible and growing cyber security plan, professional entities can be on the correct path to developing a preventative mindset.
Despite the urgent needs to take a stronger security approach, many companies fall short of moving forward. In many cases, they don’t understand the potential threat to their computer systems, and the threat to the public population if those systems came under attack. And because of this, companies are stuck in a reactive mindset, feeding that mindset with tools such as firewalls and malware packages to fight the problem. This is how we adapt to the future:
Focus on Educating Employees
Due to phishing and malicious malware attachments, humans – your employees – will always be the weakest link in your security infrastructure. You can have the best malware package on the market, but if an ignorant employees opens up a malicious attachment, or clicks on a phishing link, the whole system can go down. One of the first steps in developing an active defense, you need to train your employees. Everything from using USB drives to understanding phishing email basics need to be addressed in regular and active cyber security training.
Use Data and Information to your Defense
With the development of data and analytics, companies now have an unlimited amount of information available to make strategic decisions in daily operations. With the use of data and a software analysis system, an everyday profile can be created of company operations. Once the profile is created, management can monitor to determine if deviations from normal operations occurs. If they do, management can actively intervene and stop critical data from being lost. This is all done in real-time.
We’ve written extensively on the use of data analytics and education in your security defense.
Incorporate Proactive-Based Monitoring Systems into Your Strategy
Integrating a monitoring system into your daily operations is an ideal way to adopt a proactive mindset. Through a product like Teramind, management can view incoming/outgoing emails checking for malicious attachments, or actively monitor visited website URLs to see if the connection is secure. A user-analytics monitoring software like Teramind can be the toughest defense in decreasing the risk score of the power sector. Further reading on this subject can be found at this online IT Brief Case article.
ALSO IN THE INTERNAL SECURITY INDUSTRY SERIES:
Internal Security Industry Spotlight: Financial Sector
Internal Security Industry Spotlight: Entertainment Sector
Internal Security Industry Spotlight: The Gas & Oil Sector