WHAT IS CYBERSECURITY?
Cybersecurity is a set of controls used to protect your business against digital attacks and attackers that aim to exploit or destroy sensitive information. This sensitive information can range from:
- Personally Identifiable Information (PII) – data that identifies a specific individual or any information that can be used to distinguish one person from another is considered PII.
- Personal Health Information (PHI)
- Payment Card Information (PCI) and Card Data Environments (CDE), other critical data such as system passwords, network architecture, forbidden access to to critical systems.
- Intellectual Property, Trade Secrets, and Sensitive Client Information
Having your bank account hacked on your personal computer can definitely ruin your day. However, the consequences of a cyber attack can be devastating and life threating especially when discussing cyber threats to Industrial Control Systems (ICS)
“In 2021, Russian hackers breached computerized equipment that operates the largest fuel pipeline in the U.S., causing the Colonial Pipeline Company to shut down its pipeline, which originates in Houston, for six days to contain the attack. The breach triggered fuel shortages and a spike in gas prices on the East Coast.” Texas Tribune
ICS are found in many industries such as electric, water and wastewater, transportation, oil and natural gas, chemical, pharmaceutical, and manufacturing (e.g., automotive, aerospace, etc). Because there are many different types of ICS with varying levels of potential risk and impact, there are many different methods and techniques for securing ICS, one of the most important method is Penetration Testing.
Consequences of an ICS incident/breach:
* Impact on national security—facilitate an act of terrorism
* Reduction or loss of production at one site or multiple sites simultaneously
* Injury or death of employees
* Injury or death of persons in the community
* Damage to equipment
* Release, diversion, or theft of hazardous materials
* Environmental damage
* Violation of regulatory requirements
* Product contamination
* Criminal or civil legal liabilities
* Loss of proprietary or confidential information
* Loss of brand image or customer confidence
Learn more about ICS/SCADA and critical infrastructure testing here
Did you know?
“54 percent of companies say their IT departments are not sophisticated enough to handle advanced cyberattacks.” Sophos
“The worldwide information security market is forecast to reach $366.1 billion in 2028.” (Fortune Business Insights)
“56 percent of Americans don’t know what steps to take in the event of a data breach.” (Varonis)
“Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet.” (Bloomberg)
“On average, a company falls victim to a ransomware attack every 11 seconds.” (Cybersecurity Ventures)
Here are some basic Tips to help keep yourself and your company safe:
LIMIT YOUR ONLINE DIGITAL FOOTPRINTS
Make sure to limit your digital footprints from across the web. Your digital footprints can range from passwords to text messages to images and videos and more. Digital footprints leave behind traces of you and your information on the internet and expose data to malicious actors at the ready to Social Engineer you and your company.
UPDATE YOUR PASSWORDS
Keep track your passwords utilizing a password management tool such as Kaspersky Password Manager. Always avoid reusing passwords and don’t become complacent with using Weak passwords. Weak passwords are passwords that are easy to guess and gain access to. An example of a weak password would be 12345 or mydogsnameismax. Passwords 14 characters or less are also easy to crack with common hacking tools:
Here is the list of the most popular Password Cracking Tools:
If your password is weak, change it immediately. 8 characters can be cracked in less than 3 hours.
STAY DIGITALLY PROTECTED WHEN ONLINE
Use trusted anti-virus software, threat detection and VPNs to prevent hackers from entering and attacking your systems and gaining access important information. By using trusted anti-virus programs your risk of viruses drops greatly. Trusted anti-virus programs can scan your device(s) to check for any sort of virus that may be extremely dangerous and harmful that could lead to a serious cyberattack. Along with using a trusted anti-virus program purchase a VPN to go with it. VPN stands for “virtual private network”. VPNs are mostly if not always used to guard against hackers by preventing them from being able to access private subjects like your IP address, search history and any personal data on Wi-Fi networks. A VPN (virtual private network) is an incredibly useful service that keeps your internet connection safe and your privacy online protected and away from the eyes of experienced hackers who are looking to do bad upon you and your business. Make sure the VPN and anti-virus protection you are using is under a protected, secure site.
For more network cybersecurity tips view how to prevent network cyber attacks here
KEEP YOUR PROGRAMS AND SOFTWARE UP TO DATE
Make sure your programs and software are always up to date and patched with the latest software /hardware updates. Outdated or unsupported software leaves you more vulnerable to cyberattacks and cybercriminals. As technology advances across cybersecurity controls, the threat landscape also advances making cyber security an always evolving dynamic struggle. By having outdated programs and software you simply are making it much easier for an experienced cybercriminal to gain access to your sensitive data.
Should you be concerned?
Well, yes of course…Check out this site that hackers use to gather information: Shodan
Here are other common websites used during OSINT Hacking Phase:
- OSINT Framework – a website directory of data discovery and gathering tools for almost any kind of source or platform.
- SpiderFoot – an OSINT tool to scrape data from over 100 data sources on personal, network, and business entities.
- Google Dorks – OSINT data gathering method using clever Google search queries with advanced arguments.
- Maltego – an OSINT tool for gathering information and bringing it all together for graphical correlation analysis.
- Recon-ng – an open-source web reconnaissance tool developed in Python and continues to grow as developers contribute to its capabilities.
- Employees are a vulnerable target as 48% of malicious email attachments are office files.
- 82% of employers report a shortage in cyber security skills.
- 66% of security breaches are a result of employee negligence or malicious acts.
- Home workers are the primary target of criminals as cyber attacks have risen 238% since the beginning of the pandemic.
- 44% of those surveyed said they didn’t provide cyber security training to their staff on the threats of working from home.
- 68% of the organizations surveyed did not deploy antivirus software for work-issued devices.