Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

When cybercrime affects health and safety

1 April 2019 Editor's Choice, Information Security

By Craig Gonzales, head of ethical hacking AMEA, BT in Africa.

Too often I read cybercrime articles where experts lay out a doomsday scenario without following through with strategies for tackling the issues. So today I want to do things differently, raising awareness of a significant problem, but also offering a simple approach to help you avoid it happening to your organisation.

Craig Gonzales
Craig Gonzales

As a matter of course, certain industries, such as oil and gas, manufacturing, and chemicals, already take human life into consideration when designing and planning work, using frameworks from disaster recovery planning through to checklists designed to avoid issues. These industries are well aware that disasters are usually caused by some combination of human error, dangerous working conditions, and faulty equipment.

The threat of a category one cyber-attack in these industries is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work as it’s supposed to – yet danger could still unfold. This was seen back in 2010 when the Stuxnet virus caused fast-spinning centrifuges to tear themselves apart. While this attack didn’t cost lives, it’s not improbable to imagine another attack that does have catastrophic consequences.

Serious cybercrime is around the corner

Ciaran Martin, CEO of the National Cyber Security Centre (NCSC), outlines the stark reality of cybercrime today: “I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead – what we would call a category one attack.”

A category one attack causes “sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or loss of life”. The UK government expects this type of attack to happen as cyber warfare and Internet-connected control systems increase in popularity, yet that expectation or threat is not limited to the UK. Almost every country has critical national infrastructure, many of which are based on similar hardware and software, so when vulnerabilities are identified and exploited, the impact could be felt anywhere.

How to prevent a category one attack

You’re not in a position to identify and patch every zero-day in your supply chain, so there are no guarantees. Likewise, a category one attack will most likely come from a nation-state attacker with time, money, and legal protection. Our recommendation is to mix board-level awareness with a systematic approach to defence in depth. These best practices allow you to make the right defensive decisions whilst mitigating the impact of an exploited vulnerability.

Step 1: Get the C-suite and board to buy into this threat

We’re in a time when security is top-of-mind at the highest level and you should work hard to ensure senior leaders fundamentally believe that they don’t want to be the company that experiences a category one. Every senior security leader and chief I speak to repeats the importance of governance in business operations. Your job is to convince them that this isn’t a scenario where ‘risk acceptance’ is acceptable. Once you get them on board, you’re able to take the next step.

Step 2: Assess and interpret threat intelligence

Once your leadership is on board, you must assess what you have and what could be vulnerable to a category one, and then seek threat intelligence on those assets. When working with customers, our first step in any job is to try and understand what exists, what could be vulnerable, and then act upon that knowledge.

If you have the senior approval, then take the time to assess your situation and invest in threat intelligence against the systems you have. When new vulnerabilities are disclosed or when other industrial control systems (ICS) are attacked, even if it’s in the academic research versus in the wild, you should have a mechanism to know that and start paying attention to your systems.

Step 3: Continuous visibility

Knowing what is happening in your ICS is vital for identifying and stopping an attack. The marketplace and talent for asset and traffic visibility is growing rapidly, so finding help shouldn’t be hard, but making the decision to capture and analyse traffic to your ICS is essential.

Step 4: Mitigate damage

Finally, once you know what could be vulnerable and have intelligence and monitoring established, you’ll want war game and table-top scenarios to see what fallout could occur. Running these exercises will give you a sense of the damage that could be caused. This then leads to disaster recovery updates, new processes and procedures, and maybe new mitigation technology so breakdowns don’t cascade into category one experiences.

Find out more about BT’s ethical hacking services at https://www.globalservices.bt.com/en/solutions/products/security-ethical-hacking





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
2024 State of Security Report
Editor's Choice
Mobile IDs, MFA and sustainability emerge as top trends in HID Global’s 2024 State of Security Report, with artificial intelligence appearing in the conversation for the first time.

Read more...
Cyberthreats facing SMBs
Editor's Choice
Data and credential theft malware were the top two threats against SMBs in 2023, accounting for nearly 50% of all malware targeting this market segment. Ransomware is still the biggest threat.

Read more...
Are we our own worst enemy?
Editor's Choice
Sonja de Klerk believes the day-to-day issues we face can serve as opportunities for personal growth and empowerment, enabling us to contribute to creating a better and safer environment for ourselves and South Africa.

Read more...
How to spot a cyberattack if you are not a security pro
Editor's Choice
Cybersecurity awareness is straightforward if you know what to look for; vigilance and knowledge are our most potent weapons and the good news is that anyone can grasp the basics and spot suspicious activities.

Read more...
Protecting IP and secret data in the age of AI
Editor's Choice
The promise of artificial intelligence (AI) is a source of near-continuous hype for South Africans. However, for enterprises implementing AI solutions, there are some important considerations regarding their intellectual property (IP) and secret data.

Read more...
Super election year increases risks of political violence
Editor's Choice
Widening polarisation is expected in many elections, with terrorism, civil unrest, and environmental activism risks intensifying in a volatile geopolitical environment. Multinational businesses show an increasing interest in political violence insurance coverage in mitigation.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.