Tag Archive for: resilience

Building in cyber resilience | Envirotec

/in



cyber-security

A criminal cyber-attack on a UK water company in August 2022 saw hackers gain access to customer banking details, and led utilities to urgently reassess cybersecurity strategies. In this Q&A, Philippe Willems, engineering manager at Ovarro, discusses the challenge for the water sector and suppliers.

What are the biggest cybersecurity threats facing the water sector today?
The biggest cybersecurity hazard for water companies, and for all critical infrastructure companies, is an attacker taking control of their IT or OT [operational technology] systems to steal data and block or disrupt operations. Risks stem from water companies still using legacy systems which were installed many years, if not decades, ago.

These systems have minimal, if any, cybersecurity features and present a huge digital attack surface – this means there are many pathways an attacker can take to gain unauthorised access to a computer or network.

Protecting insecure legacy infrastructure can seem like a daunting challenge. The main task for water companies is to update or protect their existing systems. This requires a detailed analysis of their OT network vulnerabilities, before establishing an initial plan to protect the most vulnerable entry points for attackers.

Who is behind water sector threats and attacks, and what are their motives?
There are three main attacker types. Hackers who do it for the sake of doing it – they are perhaps the least concerning. Then there are the attackers who want to block access to computer systems using malicious software, such as ransomware, until a sum of money is paid. The most dangerous and under-the-radar, unnoticed threat comes from state-backed attackers trying to gain access to water companies, and other critical infrastructure, in what is called cyber-warfare.

What steps should water companies take to protect their systems from attacks?
First and foremost, companies must undertake a full assessment of their security systems. The correct steps can then be taken to protect these systems. Actions may include replacing existing unsecured devices with cyber-secure devices, by using firewalls, or by segregating IT and OT networks, to ensure any…

Source…

Building cyber resilience in HE needs everyone’s commitment

/in


UNITED KINGDOM

When it comes to cyber threats in 2023, no sector is safe. While the financial, insurance and consumer industries have traditionally been some of the worst hit by breaches, higher education has fast become a new favourite target for attackers in recent years.

According to the United Kingdom government’s 2022 Cyber Security Breaches Survey, of the educational institutions surveyed, higher education employees were the most likely to identify breaches or attacks, with 92% reporting an incident within the last 12 months.

The consequences have been extreme. A ransomware attack impacting the University of York in 2021 resulted in sensitive data being encrypted and held captive by hackers for weeks without resolution. At other universities, sophisticated attacks such as phishing emails and distributed denial of service (DDoS) have run havoc – intercepting confidential logins, tampering with student data and forcing downtime during valuable learning hours.

A vulnerable sector

It’s unsurprising, then, that higher education institutions face a variety of challenges that render them at higher risk for such attacks.

For starters, the ongoing digital skills shortage has meant a lack of experienced candidates capable of safeguarding universities from today’s cyber threats.

In the private sector, 51% of businesses have reported a shortage of “basic technical cybersecurity skills”. In the public sector, additional budget constraints heightened by the global economic downturn have made matters even worse.

‘Head of Cybersecurity’ salaries are currently being advertised at a fraction of what they would be in a private firm, which makes cyber recruitment an uphill battle for many public sector organisations, including universities.

There has also been a surge in the number of devices being used by both students and staff on a daily basis. Laptops and mobile phones became staples of remote learning during the pandemic due to lockdowns and social distancing protocols. Internet of Things (IoT) devices – including assistive technology and ID scanners – have also become commonplace across university campuses.

While these devices boost efficiency and support learning, they…

Source…

A Proclamation on Critical Infrastructure Security and Resilience Month, 2022

/in


    This month, we recommit to improving the resilience of our Nation’s critical infrastructure so it can withstand all hazards — natural and manmade.  By building better roads, bridges, and ports; fortifying our information technology and cybersecurity across sectors, including election systems; safeguarding our food and water sources; moving to clean energy; and strengthening all other critical infrastructure sectors, we will lay the foundation for long-term security and prosperity.

     When our critical infrastructure shows signs of wear, everyday Americans pay the price.  When powerful storms and forest fires — made more frequent and ferocious by climate change — shut down energy grids, families can lose power for weeks.  When unsecure networks are hacked, critical services can go offline, and businesses can suffer huge losses.  When bridges collapse and first responders must travel further to reach disaster sites, Americans can die.  Crumbling infrastructure around the world affects us at home as well:  Extreme weather, cyberattacks, and other disasters have ripple effects, threatening global stability and disrupting supply chains everywhere.

     That is why my Administration is reinforcing America’s critical infrastructure and supporting our international partners as they do the same.  Last year, I signed the Bipartisan Infrastructure Law to make a once-in-a-generation investment in resilience and build a better America — modernizing our roads, bridges, and ports; delivering clean water and high-speed internet to our communities; and helping to eliminate the use of lead pipes in this country, all while creating a new generation of good-paying jobs.  This year, I signed the CHIPS and Science Act into law, securing historic funding for research and development and to build a resilient supply chain for semiconductors here in America.  At the same time, we are shielding our entire country against — and actively countering — malicious cyber activity, and establishing clear international rules of the road as they relate to cyberspace.  Our Federal agencies are working more closely with the private sector — which owns and…

Source…

“A privacy-first engineering approach is central to organizations’ cyber resilience”

/in


Many enterprises have started realizing the benefits of adopting confidential computing in today’s distributed work environment. In an interaction with Express Computer,  Ivar Wiersma, Head of Conclave, R3 outlines how organizations can leverage confidential computing to  securely aggregate their datasets to solve shared business problems for their customers and across markets. 

What are the current cyber security challenges, especially in the new normal post the pandemic? 

The new normal definitely poses new challenges for cyber security given the fact that many businesses have found ways to operate virtually. There has been a 17% increase in the number of data breaches now compared to 2020 which underlines the importance of ensuring the security of user data for many businesses in this day and age. 

Coupled with the projection that 75% of the world’s population will have their personal data online by 2023, user data security will not only become a responsibility of businesses but a priority for businesses who wish to thrive in a post-pandemic world. To cater to the demands of a growing digital citizenry, businesses have ramped up their partnerships with other businesses to collaborate digitally in a distributed environment.  

When doing so, this gives rise to the need to ensure that the data shared is kept secure, confidential and tamper proof. To prevent any tampering of confidential data, many businesses simply do not share their confidential data with partners. This is a key challenge for businesses in the post-pandemic world. Information sharing offers great opportunities for businesses in which customer data can inform actionable insights, enhance customer experience and build a more resilient, pandemic-proof organization. However, many businesses are still hesitant to share their data as the space remains difficult to control from a technological standpoint once the data is made available. 

In the light of these challenges, what are the changes that cyber security practitioners need to adopt? 

One possible solution for companies who wish to enhance the security of their complex enterprise structure could be to adopt confidential computing. With this type of…

Source…