[BreachExchange] Cybersecurity for the Fourth Industrial Revolution
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jun 21 20:21:44 EDT 2018
http://telecoms.com/opinion/cybersecurity-for-the-fourth-
industrial-revolution/
The Fourth Industrial Revolution, the increasing connectivity of our lives
and businesses, is driving business transformation and improving the lives
of employees and customers globally. But there’s a darker side to this
increased mobility and interconnectedness in the form of security risks
that grow exponentially as more data and business operations move to the
cloud. Quicker, smarter cloud apps that power business growth are also
driving a quickly evolving threat landscape, with at least 360,000 new
malicious files detected every day in 2017 (an increase of 11.5 per cent
from 2016).
The UK Government’s Cyber Security Breaches Survey 2017 found that almost
seven in 10 large businesses identified a breach or attack last year.
What’s more, businesses holding electronic data about their customers were
far more likely to be compromised than those that didn’t. In tandem,
governments, utilities and public services are also at greater risk than
ever. An attack resulting in loss of connectivity or equipment damage can
leave an entire city without electricity.
The recent WannaCry ransomware attack affected some 400,000 computers in
over 150 countries and resulted in major outages in key services such as
healthcare, transport and banking. As more and more data gets stored on
mobile devices, the risk of attacks increases.
With every business, financial institution, telecoms provider, energy
company and government at risk, the only effective response is a defence
strategy to protect assets. Operators need to think not only about how
criminals can gain access to their networks, but also what they do when
they are inside. Temporary loss of files, compromised software or systems,
permanent loss or change of files or personal data, lost access to third
party systems, money assets or intellectual property stolen – all are
possible in any number of combinations.
Identifying risk
Think of this like a large building with black and white windows. In order
to repair the building, you need to find the black windows – analyse the
problems to find where threats and viruses can come in. The broken window
then needs to be fixed; a new window or a new frame (implementing the right
solution and software). To add to the complexity, the windows are
constantly changing, so continuous monitoring is needed to keep up. Only
through these four elements – the right assessment, the right solution, the
right software, and the right monitoring, can the building be secured.
Of course, this was much easier when data was operators’ own and
applications were hosted internally. Companies had their own servers and
could install a firewall. Now, to defend assets operators need qualified
security professionals, a good understanding of vulnerability of important
domains and a continuous up to date management. Even with talented staff in
place, the threat landscape changed, with new viruses, new systems and new
types of software and approaches needed.
New vulnerability through the Internet of Things
Cybercrime is moving from computers to mobiles and the Internet of Things.
Mobile network infection has gone up by 63% and 50% of those attacks are
very serious, with ransomware spreading easily into networks. All new
devices that connect into an operator’s network are new vulnerability
points and this pool is growing daily as the IoT booms. In the near future,
every area of our life will be connected by a sim card and the
vulnerability this brings along with the potential for device loss or theft
is huge.
Alongside the business impact of network attacks (such as lack of network,
impacting critical operations), there’s the very real risk of private data
loss. Not only can enterprise problems cause consumer problems through lack
of access or loss of service, but companies are responsible for keeping the
customers, and their data, safe. Regulations, particularly in the EU, mean
that if a virus at the network level allows a hacker to steal 9 million
credit card details, the company responsible for the data loss will be held
to account.
Preparing for the Fourth Industrial Revolution
Now is the time for companies to start thinking about the vulnerabilities
the Fourth Industrial Revolution and ever-expanding Internet of Things will
expose. Keeping operations and customers safe needs to be firmly front of
mind, both in terms of companies’ own networks and applications, but also
in terms of where a network interacts with others.
It’s a complex puzzle and it can be difficult to know where to start, but
only by undertaking a thorough assessment and benchmarking against industry
averages can an operator create an improvement plan and take steps toward
becoming ready for potential security risk. With a plan in place, it is
possible to identify the right solution, implement the right software and
have a deeper understanding of the monitoring required to keep the business
safe. Keeping data safe will be an essential part of realising the benefits
and potential of the Fourth Industrial Revolution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180621/a13cdc7d/attachment.html>
More information about the BreachExchange
mailing list