It’s no longer a question of whether your business will be attacked, but rather when it will be attacked. Cyber attacks, particularly those on public sector and utility businesses, are now a regular, often daily occurrence. Here, Robin Whitehead, managing director of systems integrator Boulting Technology, explains how this is impacting the role of the chief information security officer (CISO) and resulting in the need for end-to-end digitalisation.
It’s a simple fact that data makes the modern economy turn. Being the first business to take action, based on the insights gained from some pivotal piece of information, gives businesses a distinct competitive advantage. However, it’s also quickly becoming a fact of life that the same data is being targeted by skilled cybercriminals intent on stealing this new currency and even causing maximum damage to infrastructure.
We can see the potential scale of cyber crime if we look at the number of data breaches made each month. For example, in December 2017, security firm IT Governance reported that 33.8 million records — including a mixture of personal and business information — had been leaked around the world. In November 2017, the number was 59 million.
Sophisticated cyber attacks
With the world facing the likes of WannaCry, Petya and NotPetya in 2017, sophisticated cyber threats are the biggest technological fear in 2018. Although sectors such as financial services and the public sector are most at risk, there have also been numerous high-profile attacks on utilities, oil and gas and food manufacturing environments in recent years.
At 9:30am on 27 June, 2017, confectionery manufacturer Cadbury was hit by a cyber attack, which halted production at its Hobart factory in Australia. Computers at the facility were infected with the Petya ransomware virus and displayed a message on the screen demanding payment in cryptocurrency.
Later that same day, NotPetya — a variant of the Petya virus — went on to do further damage to facilities across Europe. NotPetya exploits a backdoor in the update system of a Ukrainian tax-preparation programme running on Windows and used by around 80% of all Ukrainian businesses.
It uses a vulnerability in the Windows operating system called EternalBlue — originally believed to have been developed by the US National Security Agency (NSA) — to encrypt the filesystem’s master file table (MFT), preventing the system from locating its own files.
Launched on the eve of Ukraine’s Constitution Day holiday — NotPetya quickly spread to networks in Russia, France, Germany, Italy, Poland, the UK and the US and affected many sectors. “It’s massive,” Christiaan Beek, a lead scientist and principal engineer at McAfee, told WIRED about the situation in Ukraine. “Complete energy companies, the power grid, bus stations, gas stations, the airport, and banks are being targeted.”
The new CISO
It should come as no surprise then that the advice of IT and security experts is now being sought at the highest levels of business. The role of the chief information security officer (CISO) is also changing in response. Acting as the head of IT security, the CISO has traditionally been responsible for things […]
The post The CISO’s evolving role: How digitalisation is bringing the fight to industrial security threats appeared first on IoT Now – How to run an IoT enabled business.