Ukraine Cyberattack a Warning to U.S. Companies By Floyd Arthur PPT
-
Upload
floyd-arthur -
Category
Documents
-
view
218 -
download
1
description
Transcript of Ukraine Cyberattack a Warning to U.S. Companies By Floyd Arthur PPT
Ukraine Cyberattack a Warning to U.S. Companies
By Floyd Arthur
On Dec. 23, 2015, hundreds of thousands of homes and businesses in the Ukraine lost
electrical power for six hours following what is now being called a well-coordinated,
well-planned cyberattack. Referring to the attack on the power-grid as the first of its
kind, SANS Industrial Control Systems described the takedown as a multi-faceted
effort that involved:
Cyberattacks
* remotely switching off breakers to cut the power supply
* exploiting malware already in the system to prevent utility company employees from detecting the outage
* flooding phone lines to prevent customers from reporting that the power was out
The malware also damaged the system server, preventing the affected power
companies from quickly restoring service and making investigation more difficult.
Although Ukrainian authorities have yet to release a full report, and questions about
the malicious code used to implement the cyberattack remain, the cybersecurity
firm iSIGHT Partners has attributed it to the Russian hacker group Sandworm. In an
interview with Ars Technica, John Hultquist, head of iSIGHT's cyber espionage
intelligence division said, "It's the major scenario we've all been concerned about for so long.”
U.S. Utility Companies Warned of Cyberattack Dangers
In the wake of the attack, the U.S. power industry’s Electrical Information Sharing
and Analysis Center issued a warning to power companies that they needed to review
their cyber-defense systems and “do a better job” of preventing cyberattacks,
according to a Reuters report. The warning did not identify any critical shortcomings
in the U.S. power grid, nor did it indicate that the group felt there was an imminent
danger of a similar incident on U.S. soil. According to EIS spokesperson, Kimberly
Mielcarek, "There is no credible evidence that the incident could affect North
American grid operations and no plans to modify existing regulations or guidance based on this incident."
Increasing Awareness of Cyberattack Threat
Perhaps the most disturbing aspect of the Ukranian cyberattack was how easy it was.
According to Robert Lipovsk, senior malware researcher at the Ukrainian software-
security firm ESET, "The alarming aspect of this attack was that the infection vector”
[for the malware] was phishing, the practice of using email with a malicious
attachment to gain access to a computer, “which is quite a trivial way to get in.”
In fact, cyber-security firms advise that employee carelessness, such as opening email
attachments from unknown senders of using insecure passwords on private
computers used at work, is one of the biggest threats to a business’ cybersecurity.
According to experts who weighed in at a Guardian roundtable last October, another
is the failure of company leadership to understand the threat. “One of the real
dangers is that many leaders don’t realise their organisations have become digital,”
said one participant. They “probably started their careers when their business was
paper-based, and in their minds that’s how the business still works.”
Communication and education (at all organizational levels), the group agreed, is the
key to an effective cyber security program, whether the company is protecting
customer data or access to a power grid. The group, which included industry leaders
such as Nigel Harrison, non-executive director of the Cyber Security Challenge UK,
Andrew Rogoyski, vice-president of cybersecurity services at CGI, and Emma Philpott,
chief executive at the IASME Consortium, also urged businesses to:
* Encourage all employees to set strong passwords and change them regularly
* Update hardware, firmware and software as needed
* Regularly patch firewalls
* Change the default password on WiFi routers and gateways
* Educate leadership and employees about cybersafety
* Mandate that employees who use their own devices at work install firewalls and antivirus software.
All across the globe, cybercriminals are becoming more adept at planning and
implementing cyberattacks, and no business, no matter how small, is immune. A
strong IT security program and educated employees is the best defense against
hackers, but having cyber liability insurance to protect your firm is important as well.
Find out more about this essential form of coverage by contacting one of our business
insurance experts today. Call us at 516-292-3780 Monday through Friday 9 a.m. to 6
p.m., or request a free consultation online now.
Visit www.Carmoongroup.com