Tuesday, 6 September 2016

Cyber security requires buy-in at all levels

Cevn Vibert explores the changing face of cyber-attacks and explains why security needs to be a priority throughout the industrial IT supply chain. 
In 2010, the industrial IT industry received a wake-up call in the aftermath of the Stuxnet attack. For a period, the sector was looking over its shoulder and evaluating the risks. However, Stuxnet quickly became the stuff of folklore. The common – but incorrect – story of how it spread via infected USB drives quickly became an accepted truth. Many businesses, regarding themselves as not politically or strategically important – like the original targets of the attack – so assumed they were safe. In reality, however, the threat to industrial control systems has never been closer.
Today many still understand little of the stuxnet legacy and, worse, others believe the myths surrounding its origins. Stuxnet has been dismissed by many as an anomaly, caused by the use of infected USB drives. The reality is much more frightening, or at least, it should be. To get their weapon into the plant, the attackers launched an offensive against the computer systems owned by a number of different companies. The significance of these companies? They were involved in industrial control and processing of some sort, either manufacturing products and assembling components, or installing industrial control systems. They were all chosen because they had some connection to the target company and provided a gateway through which to pass Stuxnet. Researchers now know that the sabotage-oriented code used supplier businesses as Trojan horses, making indirect attacks a reality.  For the full article click here 


from cyber security caucus http://ift.tt/2c0H1S5
via IFTTT

No comments:

Post a Comment