Aviation Cyber Security – A Look at Some Real Threats Facing the Industry

CybeRiskBlog, Cybersecurity

Aviation Cyber Security

Faced with the task of transporting millions of passengers between various destinations around the globe on a daily basis, the aviation industry is required to maintain one of the most complex and integrated information and communications technology (ITC) systems on the planet. And like any digital/computer system, this electronic infrastructure is vulnerable to software glitches, hardware, software, and network failures, and the attention of cyber-attackers. But unlike in many other industries, the consequences of a systems failure or a successful cyber-attack can have life-threatening and potentially catastrophic consequences. The safety of aircraft and their passengers, the operational integrity and financial health of airlines and related industries, and the reputation of the aviation sector as a whole may be threatened by … Read More

Enterprise Cyber Resilience – Equifax and Uber Learn the Hard Way

CybeRiskBlog, Cybersecurity

Enterprise Cyber Resilience

57 million people affected worldwide, by a breach that was covered up for over a year. 143 million American consumers affected by a single database hack – again with delays in making this news public, and with as yet undetermined impact at a global level. The recent data breach incidents at the smartphone app-based ridesharing company Uber, and the massive international credit reporting agency Equifax represent the antithesis of the principles of enterprise cyber resilience – both in their scale and in the haphazard and frankly inadequate nature of the response which they met from the targeted organizations. With public and media outcry, several ongoing lawsuits, and the financial and reputational damage suffered by both Equifax and Uber, the lessons … Read More

Healthcare Cyber Attacks – Hospital’s Critical Unit and The Cyber Threat

CybeRiskBlog, Cybersecurity

Healthcare Cyber Attacks

In its “2017 Fourth Annual Data Breach Industry Forecast”, Experian predicts that organizations in the healthcare industry will be the prime targets for cyber attacks this year – continuing a trend established over the past two years with several low and high-profile ransomware assaults on hospitals and other healthcare institutions which netted the perpetrators significant gains in both finances and notoriety through reputational damage. Healthcare Cyber Attacks are an issue of growing concern to the patients, staff, administrators, and stakeholders of healthcare institutions across the globe. Update: In early May 2017, over 200,000 victims in over 150 nations were affected during widespread attacks involving a strain of ransomware variously dubbed WannaCry, WCry, or WannaCrypt. Prominent among them were numerous healthcare … Read More

Cyber Security Incident Response – Some Valuable Lessons Learned

CybeRiskBlog, Cybersecurity

Incident Response

The past couple of years has seen a rash of data breaches, malware infections, and other security issues in the business, governmental, and institutional spheres – incidents both high-profile and more privately contained. Forensic investigators and response teams have encountered evidence of new and established attack vectors and techniques, adding to a growing global store of security and threat intelligence. But too often, the emphasis has been on stockpiling and analyzing information on malware variants, attack methodologies, and the consequences for affected systems and networks, ignoring the valuable lessons that can also be learned from incident response and how security incidents are actually being handled. To help redress this balance, this article summarizes much of the accumulated wisdom of security … Read More

Radio Frequency IDentification – Why RFID Cloning is a Major Security Concern

CybeRiskBlog, Cybersecurity

RFID

In an information security environment where “multi-factor authentication” is becoming the watchword, and both users and enterprises are shying away from traditional keypad-based and numeric methods of personal identification and access control, a technology that makes it possible to instantaneously authenticate individuals via hardware they can keep in the change pocket of their jeans makes good marketing sense. Such a technology exists in radio frequency identification (a.k.a. Radio Frequency IDentification or RFID) – but its many applications and ease of deployment are among the very factors now rendering it such a major security concern. RFID – A Nice Idea in Principle Radio Frequency IDentification or RFID uses radio waves for the reading and writing of digital/computer data. It allows objects … Read More

The Usage of Drones in Cyber Attacks – Both as Targets for Attack and as Potential Attack Vectors

CybeRiskBlog, Cybersecurity

Usage of Drones in Cyber Attacks

As digital circuitry and wireless technology become an integral part of increasing numbers of consumer and industrial goods, the opportunities available for cyber-criminals to compromise or exploit these items grows, in tandem. Unmanned Aerial Vehicles (UAVs) or drones are now being looked upon as an emerging security issue in this respect – both as targets for cyber-attack, and as potential attack vectors for malicious actors, themselves. An Expanding Range of Influence Following their successful deployment in military and intelligence applications, drones have seen rapid adoption in the commercial sector, with unmanned aerial vehicles acting as a supplement or substitute for traditional modes of delivery. Retail outlets, food chains, and restaurants are now routinely using drones to fulfill customer demands for … Read More

Cyber Security Realities – The Hacker is in The Details

CybeRiskBlog, Cybersecurity

Often new companies and start-ups or even massive corporates rush into system development or upgrades in order not to miss a business opportunity. While doing so, executives and directors are leaving the technical parts to the tech teams without understanding the business impact and importance of cyber security. A few months ago, I watched the 5th season of “Homeland”. ***SPOILER ALERT*** In Episode One, one of the first scenes shows a hacker accidently (or not) hacking into the CIA station in Berlin and downloading more than a thousand classified files. Later on, there is an investigation trying to understand the breach in the network. Saul Berenson is questioning Mills about what went wrong: “Want to tell me how our classified … Read More

Cyber Threat Detection vs. Prevention – Where to Invest?

CybeRiskBlog, Cybersecurity

An age-old dispute continues to rage between those in the security realm who believe it’s both prudent and possible to safeguard your assets by preventing the execution or intrusion of cyber threats entirely, and those advocating the need to be able to detect any existing or incoming threats and respond appropriately to them as they occur. It’s a dilemma that continues to vex security professionals and enterprises across the board – especially when it comes to the issue of justifying the expenditure of corporate funds and the allocation of resources toward one approach or the other. A number of arguments exist as to which line of investment is more worthwhile – some espoused by leaders in both the corporate and … Read More

Passive Attacks vs Active Attacks

CybeRiskBlog, Cybersecurity

Even as the thoughts and activities of politicians, private citizens and corporate bodies leak to the press and become public knowledge – and as recent IoT-fueled Distributed Denial of Service (DDoS) attacks on the USA and Liberia confirm – network security is under continuous threat from the work of spies, thieves, and malicious actors. Some use methods which are non-disruptive and covert. Others prefer a more aggressive and direct approach. Still others use a combination of techniques. All present an ongoing challenge to users, network administrators, and security professionals. Passive Attacks vs Active Attacks – Basic Principles and Motivations For classification purposes, methods which use covert and non-disruptive techniques and technologies to gain access to data are deemed as passive. … Read More