Cyber Security: An Update

If you read trade journals, any trade journals, you’ve seen articles and reports about network security. It is the most common subject observed across multiple industries. From “Chemical Engineering” to “Plant Services”, everyone it seems is talking about network security, its dangers, and ways to combat it. Even a local law firm has done a series of white papers to help their clients be informed and forewarned. 

We first wrote about network security in 2015 and have regularly shared links to articles on the subject on our LinkedIn company page. We thought it would be helpful to pull many of these linked stories together and highlight some key points that they address.

It’s Omnipresent

Cyber security pressures are everywhere, all the time. You could say the sun never sets on the criminal hacking world. And while all areas of business are targets, some reports indicate the manufacturing sectorcould be the most targeted. In all likelihood, those activities are primarily intelligence oriented, hackers looking for intellectual property, financial data, and other sensitive information that could provide a business advantage. 

On the infrastructure scene, it’s a different matter. This is where there’s worry of damage being wrought for malicious purposes, especially terrorism. Control systems imbedded into water treatment plants or the electrical grid could jeopardize lives if compromised. 

And it seems that everything we do that touches a network or the Cloud is subject to being breached. Now there’s a report indicating that cellphones can be compromised through their charging port. Be careful about using public charging stations.

It’s More Simple Than You Think

From movies and TV we’ve become accustomed to associating hacking with fantastically implemented penetrations of firewalls. And no doubt, that exists. But more common breaches start with simple emails. 

Phishing is the process of using an email that poses as something safe to gain access to your system. We’ve all seen them. “Your email account has been deactivated. Click here to confirm your instructions to deactivate your account.” The ruses are many. And for the uninformed or unobservant, effective. 

It’s About Defense

The government might be able to play offense in the hacking wars, but as businesses, we are forced to play defense. We have to do it well. And defense begins with employees. Check out our post from our VP of Information Technology regarding protection against ransomeware and note the number one recommendation involves employees.

We are following our own advice. Our IT group randomly probes employees with fake phishing emails that alert them if they click on a link or attachment that could be harmful in a real phishing attack. The program trains them to be vigilant and questioning toward all emails that don’t “smell” right.

This testing approach is one of eight steps Burr Forman is recommending to their clients in their paper “The Top Eight Things You Should be Doing to Protect Your Business From Cyber Threat.” All of the eight are essentially common sense steps that are available to any business.

A recent article in “World Industrial Reporter” provided what seemed to be good news about a new defense mechanism against cyberattacks developed by a collaboration of scientists. The technique, known as Moving Target Defense (MTD) which moves the IP address of targets to make it harder for attackers to stay connected. 

MTD itself is not new, having been used for some time by very large organizations to combat denial of service attacks. What the current collaboration has developed is a variation called Flexible Random Virtual IP Address Multiplexing (FRVM). With FRVM, the real IP address doesn’t change, but virtual IP addresses change. The goal is to make this a mechanism that’s financially available to more businesses than just the big guys.

Conclusion

Cyber threats abound. They’re for real, and they can do real damage. Employee complacency and lack of training in how to spot attacks made via email can be a major weak spot in defending against cyber threats. You need to assess your circumstances and vulnerabilities, and then take appropriate action to mitigate the threats and the possible consequences of a breach. Stay vigilant. Train employees. Take common sense actions in your defense.