S09 ORME 3 2020 Cyber security_Layout 1 21/04/2020 16:48 Page 34
Security teams need to be able to prioritise the threat data and alerts within the context of their organisation.
Protecting
critical infrastructure Markus Auer, regional sales manager Central Europe at ThreatQuotient, discusses how to effectively manage cyber threats on critical infrastructure. RIMINALS ARE TIRELESSLY attacking critical infrastructure (CRITIS) around the world and compromising the Industrial Control System (ICS) and the Supervisory Control and Data Acquisition (SCADA) systems that control these infrastructures. In 2010, the Stuxnet worm infiltrated numerous control systems and damaged nuclear power plants. Five years later, the BlackEnergy malware attack on the Ukrainian power supply became the first cyberattack that caused a blackout. However, the term CRITIS not only covers the power grid, but also areas such as military, manufacturing, healthcare, transport, water supply and food production. In 2017, the outbreak of the ransomware WannaCry affected several healthcare companies. In 2018, the US CERT, together with the British National Cyber Security Center (NCSC) and the FBI, issued a warning that the Russian government had launched an attack on critical infrastructure in various industries. In addition,
C
34
oilreview.me
Issue 3 2020
for several years, threats to air travel booking and public transit systems have been making headlines. In early 2019, the ransomware variant LockerGoga began infiltrating and disrupting the production processes of chemical companies and aluminum producers.
The existing security teams are barely able to handle the myriad of alerts.� Important challenges According to an investigation by (ISC)2, there is a shortfall of nearly three million cybersecurity experts worldwide, and nearly 60 per cent of the 1,452 survey respondents believed that their company was at medium to
high risk of virtual attacks.The existing security teams are barely able to handle the myriad of alerts. Moreover, they are often not sufficiently represented at senior management level to receive the necessary attention and support for important initiatives. For example, only 31 per cent of organisations in the aviation industry have a dedicated CISO. To make the most of their existing resources, security teams must be able to understand and prioritise the threat data and alerts within the context of their organisation. This gives teams the opportunity to easily and clearly communicate relevant security issues to management, and to justify additional resources needed to improve security processes. More and more attacks use multiple vectors in parallel and make the defense more difficult. The US CERT warning mentioned above mentions a variety of these used TTPs, including spear-phishing emails, watering hole attacks, credential capture, and specific
Image Credit: Adobe Stock
ďƒ¨ Cyber Security
