What can you do?
Develop mitigation plans: Ensure your policies include how to deal with large attacks and brief key operations staff on the best course of action should an incident occur. Have a solid, comprehensive strategy that details what your organisation should do in the event that your primary anti-DoS service fails.
Make sure it works: Don't wait for a breach to occur to discover that there are gaps or failures in your plan. Test it and update it regularly as your infrastructure and processes change and as new DoS techniques emerge.
Separate key systems: Don't allow less important systems to act as a gateway to more important ones. Segregate critical systems on different network circuits.
Cyber-espionage: Cyber-espionage accounted for the second biggest share of security incidents in the manufacturing sector — with 31 percent falling into this attack pattern. However, cyber-espionage is the most common classification when it comes to incidents that caused confirmed data compromise.
Manufacturers hold intellectual property that is attractive to attackers. Competitors might want their proprietary product information, but state-affiliated attackers could target manufacturers operating in areas such as aerospace or defence in search of sensitive trade or national secrets.
This data is rarely held on the internet-facing edge of the company network; rather it is kept on user devices and servers deep within the organisation. Compromised desktops provide a foothold in the network that attackers can use to move deeper into the organisation and find the information they need.
What can you do?
Patch promptly: Attackers often seek to exploit software vulnerabilities, so you should maintain a robust patch- management process. Apply patches as they become available.
Use anti-virus and malware detection tools: Keeping your anti-virus software up to date won't protect you from zero-day attacks, but many organisations continue to fall prey to well-known dangers.
Monitor email links and attachments: Phishing is one of the most common ways of compromising an organisation's network, so implement email scanning to identify suspicious links and attachments.
Enforce two-factor authentication: User credentials account for 30 percent of the data stolen during breaches. By implementing two-factor authentication, you can limit the damage that attackers can cause with this information.
Crimeware: Almost a fifth of all security incidents (18 percent) in the manufacturing sector were crimeware. Crimeware incidents involve the use of malicious software (malware) to compromise a system or network to access confidential or sensitive data, including user credentials and customer records.
Unlike cyber-espionage and DoS attacks, crimeware attacks are largely opportunistic. They are often carried out by organised criminal enterprises, not by state-affiliated actors.
These attacks include many different techniques, including keylogging malware, Trojans such as Zeus/Citadel, and ransomware — software that takes control of a device and only releases it back to the user once they pay the hacker a ransom. To get crimeware on to target devices, attackers use methods such as phishing or malicious web downloads.
What can you do?
Expect malware: Be prepared by monitoring executable files that have been introduced into your IT environment and use anti-virus software to handle items identified as malicious.
Monitor traffic: Use network monitoring to identify command and control traffic from malware to known malware servers.
Educate staff: Train staff to ensure that they don't click on links or open attachments in emails from unknown senders, or enter their credentials on untrusted websites.
The author is Executive Consulting Partner & Head - Professional Services, Verizon Enterprise Solutions, Asia.
END