Tag: Compliance | SpinSafe

Tag Archive for: Compliance

The ELD Hacking Threat: Q&A with Serjon’s Urban Johnson – Safety & Compliance

March 23, 2024/in Internet Security

ELDs are an easy gateway for hackers to get into a fleet’s IT network and do major damage, warns Serjon’s Urban Johnson.

HDT Graphic/Serjon headshot

Did you know your fleet’s electronic logging devices may be vulnerable to hackers?

It’s true. Serjon, a cybersecurity firm specializing in fleet transportation security, held a press conference during the Technology & Maintenance Council annual meeting in New Orleans in early March. Urban Johnson, senior vice president, information technology and cybersecurity services for Serjon, briefed media on the threats facing fleets with compromised ELDs.

ELDs are essentially communication devices used to record and report truck driver hours of service. Due to certain technical requirements of the regulations, ELDs require the ability to “write” messages to the truck’s network to obtain information, such as engine hours. The ELD also requires internet access to report the HOS information.

This creates a truck network-to internet communication bridge that introduces significant cybersecurity concerns.

We sat down with Johnson to learn more about this new cybersecurity threat to North American fleets and what they can do to protect themselves. (This interview has been lightly edited for clarity)

HDT: Many fleets aren’t aware that ELDs can be hacked. Talk a little about how hackers can gain access to an ELD.

Johnson: Different ELD vendors use different designs to deliver the functionality required by the ELD mandate. A common design is a hardware device that connects to the vehicle’s on-board diagnostics (OBD) port and then uses a Bluetooth or Wi-Fi connection to a cellular device, such as a tablet or cellphone, to collect the ELD information and report it.

That ELD information can be attacked by hackers locally (close to the truck) or remotely across the internet.

In a recent paper presented at VehicleSec’241, the researchers were able to compromise an ELD device locally by simply connecting to the ELD Wi-Fi connection point, which had a predictable SSID [network name] and a weak default password….

Source…

https://spinsafe.com/wp-content/uploads/2024/03/hdt-qa-eld-hacking-__-1200x630-s.png 600 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2024-03-23 14:00:092024-03-23 14:00:09The ELD Hacking Threat: Q&A with Serjon’s Urban Johnson – Safety & Compliance

2024 Thales Data Threat Report Reveals Rise In Ransomware Attacks, As Compliance Failings Leave Businesses Vulnerable To…

March 20, 2024/in Internet Security

(MENAFN– AETOSWire) (BUSINESS WIRE ) — Thales today announced the release of the 2024 Thales Data Threat Report , its annual report on the latest data security threats, trends, and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries across 37 industries. This year’s report found that 93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year.

Threats continue to increase in volume and severity

The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this escalating threat, less than half of organisations have a formal ransomware plan in place, with 8% resorting to paying the ransom demands.

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year – closely followed by phishing and ransomware. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

The report shows that for a second year running, human error remains the leading cause of data breaches, with 31% of enterprises pinpointing this as the root cause.

These insights are drawn from the 2024 Thales Data Threat Report, conducted by 451 Research. The report sheds light on how businesses are adapting their data security strategies and practices in response to an evolving threat landscape.

Compliance is the key to data security

The research found that over two fifths (43%) of enterprises failed a compliance audit in the past twelve months – with the report highlighting a very clear correlation between compliance and data security.

Of those that had failed a compliance audit in the past twelve months, 31% had experienced a breach that very same year. This compares to just 3% of those who had passed compliance audits.

Operational complexity continues to cause data headaches

Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. Only a third (33%) of organisations are…

Source…

https://spinsafe.com/wp-content/uploads/2024/03/A_3c186image_story.jpg 480 369 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2024-03-20 16:00:092024-03-20 16:00:092024 Thales Data Threat Report Reveals Rise In Ransomware Attacks, As Compliance Failings Leave Businesses Vulnerable To…

how financial institutions can prepare to react quickly through regulatory compliance

January 18, 2024/in Internet Security

All over the world, the number of attacks by cybercriminals targeting the financial sector is increasing, and the UK & Ireland is no exception
to this trend. According to Veritas research half of UK organisations said that, over the past two years, they had been the victim
of at least one successful ransomware attack in which hackers were able to infiltrate their systems.  

The increasing profitability of these attacks for the criminals, means a whole new industry – Ransomware-as-a-Service (RaaS) – is growing rapidly.  Professional hackers, exploiting AI-driven target identification, breach execution, victim extortion, and
ransom collection, all offering their malware as a service to the highest bidder. 

The increasing threat this poses to national economies led the EU to pass the Digital Operational Resilience Act (DORA) setting out specific requirements
for financial service providers concerning risk management. DORA legislated specifically on key areas including reporting accuracy of any ICT-related incidents, and management of third party risk.  

This means that when an attack on any financial services provider occurs, the decisions and actions taken in the hour following an attack will be decisive for the level of organisational impact, and the ultimate survival of the business. 

For financial institutions, process predictability is paramount 

IT teams must prepare thoroughly to anticipate an attack by implementing effective operational resiliency practices to secure their data.  Ongoing training for IT and business teams, together with tools for data identification and visibility, are critical
when it comes meeting regulatory requirements.  

As part of the ICT risk management process to comply with DORA regulations, successful completion of a specialised audit to identify all types, locations and classifications of data and storage infrastructure must be carried out. These rules have been developed to
help prevent and mitigate cyber threats and ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats. 

Compliance with these processes…

Source…

https://spinsafe.com/wp-content/uploads/2024/01/thumb_158284_mark_nutt_9.jpg 200 200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2024-01-18 08:30:072024-01-18 08:30:07how financial institutions can prepare to react quickly through regulatory compliance

Resumption of all Kyivstar services in compliance with security protocols takes time – security service

December 13, 2023/in Computer Security

It is planned to resume the Kyivstar fixed-line Internet for households and begin the launch of mobile communications and the Internet on Wednesday, December 13, while the resumption of all services of the mobile operator in compliance with the necessary security protocols will take time, the Security Service of Ukraine has reported.

On Wednesday, Security Service of Ukraine said on its Telegram channel that its cyber specialists and Kyivstar experts, in collaboration with other government agencies, continue to work on restoring the network after the cyber attack.

“According to preliminary estimates, on December 13 it is planned to resume fixed-line Internet for households, and begin the launch of mobile communications and the Internet,” the security service said.

At the same time, the Security Service of Ukraine emphasizes that critical damage was inflicted on Kyivstar’s digital infrastructure, and therefore “the restoration of all services in compliance with the necessary security protocols will take time.”

“The responsibility for the attack has already been claimed by one of the Russian pseudo-hacking groups. It is a hacker unit of the main intelligence directorate of the General Staff of the Russian Armed Forces (more commonly known as GRU), which thus publicly legitimizes the results of its criminal activities in this way,” the Security Service of Ukraine said.

The Ukrainian service continues to document the Russian cyber attack on Ukraine’s civil infrastructure as another war crime committed by the occupiers.

Source…

https://spinsafe.com/wp-content/uploads/2023/12/ljA3_xlqlSSP.jpg 675 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-12-13 06:00:052023-12-13 06:00:05Resumption of all Kyivstar services in compliance with security protocols takes time – security service