Category: Detect

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As more connected vehicles hit the road, cyberattacks are increasing. Deloitte estimates that there will be over 470 million connected cars in use by 2025 if their popularity continues to grow at the current rate. And because each connected car produces about 25 GB of data every hour, they are a tempting challenge for cybercriminals and bad actors with malicious intent. 

Connected vehicles come with enhanced features that give drivers more to love about their favorite car brands, but cybersecurity in automobiles has a long way to go. If you drive a connected car or are considering buying one, you need to know how to protect your new car against a potential cyberattack. 

In this article, we’ll talk about how hackers can infiltrate your vehicle and what you can do to protect yourself and your car from a serious attack. 

Can your car get hacked?

Cars today are built using hundreds of sensors connected to computers that help monitor how your car operates, add internet capabilities, and enable connected apps. While these technologies are helpful and convenient for drivers, they can also lead to data theft and even threaten your safety while driving. For example, remote manipulation, identity theft, and vehicle theft are all ways that bad actors can exploit the security vulnerabilities of your connected car. 

The push toward electric vehicles also poses a unique threat to connected car owners. A recent survey revealed that 79% of two-car households are considering an electric car for their next purchase, but ethical hacking exercises have shown that electric vehicles can easily be drained by remote hackers. This can potentially put drivers in a dangerous situation if they are stranded without a means of charging their vehicle. 

There are many ways that bad actors can hack into your car. They can manipulate the signal from a key fob to unlock your doors, change the code in the apps to create a backdoor to steal your data, learn about your driving habits, control your vehicle’s security response systems, and much more. Cars today are essentially human-assisted computers, which means they can be hacked just as easily as any other IoT device. 

How to protect your connected vehicle from a cyberattack

Connected vehicles provide users convenience and peace of mind while traveling across the country or making their daily commute. But they also pose a significant threat when bad actors execute attacks for data theft, taking over vehicle controls, and even tracking your location. If you’re going to take advantage of connected vehicle features, you need to know how to protect yourself from becoming the victim of an automotive cyberattack. 

Here are five tips to protect your connected vehicle from an attack:

Remove dongles

Dongles are small devices that plug into the diagnostic port and allow companies to monitor your driving habits for various reasons. It can be used to monitor vehicle performance, improve gas mileage, and set more accurate insurance rates based on driving activity. 

Many people choose to use dongles to save money and ensure their car is running at top performance, but these devices can be an easy entry point for hackers. If you want to use a dongle in your connected vehicle, it’s best to take it out when you’re not driving so that hackers can’t take advantage of this attack vector while you’re unaware. 

Lock key fobs away

Key fobs are now standard over traditional keys to unlock vehicle doors. Many cars come with security features that won’t allow doors to be opened unless the fob is near the vehicle or require proximity for the vehicle to start. But hackers can intercept the key fob signal to trick the car into thinking the fob is closer than it really is by amplifying its signal. To protect from this type of attack, store your key fob in a metal drawer or refrigerator to reduce the keys’ signal when you’re not planning to drive.

Disable in-car wireless services

Wireless systems are also pretty standard in newer vehicles for things like in-car Wi-Fi, satellite radio, telematics, and Bluetooth. These wireless services allow users to have connected experiences while driving to make their trips safer and hands-free, but they are also perfect entry points for hackers to take advantage of. 

If you’re unsure what features your vehicle has, look at the owner’s manual and see if there are any features you don’t use that can be disabled. This will help reduce the attack surface and limit the ways that hackers can interfere with your vehicle.

Be cautious about installing unauthorized software and systems 

Many connected cars come with options to download additional apps, and those that don’t can still be jailbroken so that users can install aftermarket software and systems. While a fully custom vehicle is a nice thought, installing unauthorized software and systems can seriously threaten your physical and digital safety. 

Be sure to only download official software from trusted brands using a secure network, and learn the potential vulnerabilities of jailbreaking and installing new systems to your vehicle. 

Visit your service department if you suspect you’ve been hacked

If you think your car has been hacked, it’s time to get it to the service department so that the professionals can determine whether it was breached or is suffering another malfunction. 

There is no way to say for sure that your connected vehicle has been hacked without a comprehensive checkup from your car’s servicer. If your systems start to act funny or you notice your car behaving unusually, it’s crucial to get your car checked out, even if it is just a bug or configuration issue.     

Final thoughts

Connected cars make our daily drives safer, easier, and more convenient, but they can also pose a serious threat to our digital and physical safety. If you plan to buy a connected vehicle or you already drive one, it’s important to know the cyber risks so that you can proactively prevent an in-car attack. 

In addition to these five tips for protecting your connected vehicle from hackers, it’s recommended that you update your vehicle’s software and patch security bugs when new releases become available. Usually, this is something that the dealership or car company will do themselves, but if you attempt to do it on your own, ensure that all vulnerabilities are safe and secure. 

Pay attention to the news about this emerging technology, and stay informed about how to keep your connected vehicle secure while you’re on and off the road.

The post 5 Tips for protecting your connected vehicle against Cyberattacks appeared first on Cybersecurity Insiders.

The cybersecurity industry has seen a lot of recent trends. For example, the proliferation of multifactor authentication (MFA) to fight against credential harvesting is a common thread. Threat actors have been creating legitimate-looking phishing campaigns, which have been a big driver for this trend. Although some of the tools for MFA can be complex, proper authentication/authorization is an absolute fundamental that every enterprise should embrace.

Where should we start with fundamentals?

People, Process & Technology

Let’s have a little more strategic look at this, though. To provide a holistic approach to security, a higher-level perspective is necessary. Your Process must be sound. Yes, that means policy-level guidance. Yes, that means that standards need to be in place. Finally, it means that procedures to provide more detailed guidance must be available for employees.

Again, perspective is essential. Nobody wants to work on the process first. Indeed, I was guilty of having a negative view of process early in my career. Let’s take the first example and reveal how the process might assist. An enterprise policy statement might provide simple guidance that access to all company resources requires management approval (as a policy).

How does an enterprise define who needs access to specific resources? Glad you asked. Standards can be used to and determine data classification and controls for accessing and protecting the various categories of data. An access control standard would also be appropriate to complement the data categories. So far, we have policy-level guidance, data classification, and access control standards which guide the controls necessary to control access to company resources.

Where does the requirement for MFA live? That is a good question; my thoughts are likely in the standards area. However, requiring MFA could be a policy, standard, or process/procedure level requirement. The next reasonable question is: where do the requirements for implementing an MFA belong? In an authentic consultant manner, I would say: It depends. Take that with the lighthearted intention I meant it with. Implementing MFA may be a process/procedure used by IT. Why did I say, “maybe?”

The reality is that there may be automation that handles this. It is possible that HR defines each employee’s role, and based on that, an HR system provides that through API to the systems used to provide authentication/authorization. Doesn’t that sound pleasantly streamlined?

More likely, things are not that automated. If they are, then kudos to your enterprise. There are likely multiple processes and procedures required before even setting this up, but I think most of the folks reading this will understand where I’m trying to go with this.

HR will have processes and procedures around defining roles and requesting implementation. IT will have processes and procedures focused on implementing the solution. The information security team will have processes and procedures for monitoring authentication/authorization mechanisms. This is just to state that Process is as important as the tool or technology chosen to meet the need. None of these documents state which tool or Technology to use. That is the point. If you have policy guidance and standards that define the need and processes to guide implementing MFA, then the Technology should be interchangeable. So, the first fundamental which should be a foundation is sound process.

I spoke about various teams here (IT and HR). That is another fundamental: People. People need to understand the requirements. People need to understand their role, and people need to be part of the solution.

Finally, the last high-level fundamental is Technology. But I said Technology could be interchanged. Yes, in many cases it can but it is one of the three primary fundamentals required to manage and secure an enterprise. Are their differences in the technical solutions used for MFA? Certainly, there are and what Technology is used very much depends on your environment and the resources that will be accessed using MFA.

OK, Cybersecurity 101 so far: People, Process & Technology. The title uses fundamentals in battling complex cybersecurity threats. Right you are! The introduction shows that People, Process and Technology are critical to managing and securing your environment (Technology and facilities). Now let’s look at another group of 3 fundamentals: Prepare, Respond & Recover.

3 more fundamentals: Prepare, Respond & Recover

Prepare – How do you prepare for cyber threats? Based on the intro, it would be evident that having the correct people, process and technologies in place would be good preparation. Gold star for you if you were already thinking that. Let’s take a closer look.

Ransomware as an example

How do you prepare for Ransomware? Let me answer that question with several other questions: Do you have an incident response plan (Process [Policy])? Do you have a playbook (Process [procedure]) that provides your IT or Security group guidance for identifying, containing, eradicating, responding, and recovering from a ransomware attack?

Do you have an endpoint detection and response (EDR) solution (Technology) that can help prevent or minimize the spread of malware? Do you have a standard for collecting inventory and vulnerability information on your network resources or a tool like a vulnerability scanning platform to collect that information? Does the standard guide the prioritization of remediation of those vulnerabilities?

Do you have a security information and event management (SIEM) solution that ingests this type of information and assists with identifying possible indicators of compromise? Do you have the People necessary to remediate the problems? So many questions. Preparing for complex attacks can be hard.

But aren’t we still talking about fundamentals? Yes, Preparing includes understanding the environment which means the inventory of assets and vulnerabilities. Preparing includes good cyber hygiene and remediation of problems when they are found. Training is an essential aspect of preparation. Support people need the correct knowledge and skills. End users must understand the importance of reporting anomalies and to whom to report them.

Respond – What happens when you have prepared, and Ransomware still impacts you? It is time to respond. Proper response requires an even more detailed understanding of the issue. It requires research using tools like a SIEM and containing the problem by isolating with EDR tools or network controls. The response includes communicating to leadership that a problem exists. Response may require that you inform employees on proper guidance for sharing information. Response can also mean that you reach out to a partner or third-party expert to assist with investigating the problem.

Depending on the severity of the issue, response may include your leadership notifying customers that there is an issue. How well we prepare can greatly impact how well we respond. Ransomware is often complex and frequently an attack by a sophisticated threat actor. Even if an organization doesn’t have the qualified People part of the three fundamentals, they can still successfully respond to these attacks by having the right Technology in place and processes that include engaging partners with the right skills.

Recover – What does recovery look like? First, let me ask: Do you have any disaster recovery (DR) or business continuity plan (BCP)? Have you tested it? Ransomware is a type of cyber incident and certainly a type of disaster. Does that mean you can use disaster recovery procedures to recover from a ransomware attack?

The procedures may be different, but your DR processes can be leveraged to recover from a ransomware attack. Of course, the exact processes may be a little different. Still, fundamentals like recovering systems from backup and using alternative processes for system outages may be necessary during a ransomware attack. Just like with any type of disaster, recovery should be the highest priority. How do you know if you can successfully recover from any type of disaster?

Closing / recommendations

It would be easy to write a book on this stuff, and I’m sure others have done exactly that. I have talked about fundamentals like People, Process and Technology as well as Preparing, Responding and Recovering. The question you may have is: what is the short list of things we need to ensure we have or are doing?

1. Have a plan! (Prepare) – Have a formal DR Plan. Have a formal Incident Response Plan. Have supporting processes like playbooks that provide specific guidance to maintain calm rather than letting chaos rule.
2. Test the plan! (Prepare) – Practice like you are under attack. Perform a tabletop exercise. Engage a partner to conduct a Red Team exercise. You want to test the Processes, People, and Technology to make sure they are all sound.
3. Build or buy! Have processes, technologies, and people needed to respond! (Respond) – If you don’t have the expertise in-house, find a trusted firm that can step in and assist. Implement tools (SIEM, EDR & scanning) or outsource if necessary.
4. Recover – Just having backups isn’t good enough anymore. Data needs to be backed up to prevent altering (immutable). Make sure that all of the identified problem areas have been remediated. The last thing an organization wants is to restore operations only to find that the problem is still resident. Use a scanning tool to verify that common vulnerabilities are fixed.

These are all basic fundamentals. Every organization needs to evaluate their environment to see where the gaps are. Using a framework like NIST, CIS or other industry standards to assess your environment is a great place to start. These assessments can reveal gaps in People, Process or Technology. Once you have the gaps identified, create a plan to address those areas.

The post Prepare, respond & recover: Battling complex Cybersecurity threats with fundamentals appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Phishing attacks are becoming more and more common, and they're only getting more sophisticated. While there are a variety of ways to defend yourself against phishing attacks, one of the best methods is simply to be able to spot them. With that in mind, here are 10 common signs that an email or other communication may be a phishing attempt.

Calls from an unknown number

If you get a call from an unknown number, and the caller claims to be from your bank or another organization, be very careful. This is a classic phishing tactic.

The caller will try to obtain personal information from you, such as your credit card number or Social Security number. They might also try to get you to click on a link that will install malware on your computer.

Don't give out any personal information to someone who calls you out of the blue. And if they try to get you to click on a link, don't do it. Hang up and call the organization they claimed to be from using a number you know to be legitimate (e.g., the number on the back of your credit card or from the organization's website).

What’s more, consider doing a reverse phone lookup on them to see where the number is actually originating from.

The message is not personalized

If you receive an email that doesn't address you by name or refers to you as “Dear User” or “Dear Valued Customer,” be wary. Phishing emails often use generic greetings in an attempt to seem more widespread – and less suspicious – than they actually are.

That's because they are usually sent out en masse as part of a massive automated campaign. Phishers usually just have a list of email addresses and the idea isn't to find out the name of the person it belongs to or do any kind of in-depth personalization, but to get as many people as possible to click on the links in their message.

The sender's email address doesn't match the organization they're claiming to represent

This is a pretty straightforward way to spot a phishing attempt. If you get an email purporting to be from your bank, but the email address it comes from is something like johnsmith12345@gmail.com, then it's pretty clear that something is not right.

Organizations won’t send out official communications from a Gmail or Hotmail address. They will always use their own domain name (e.g., WellsFargo.com, PayPal.com). So, if the email you receive is coming from anything other than an organization's official domain, it's a huge red flag.

There are grammatical errors or typos in the email

If you receive an email that is full of grammatical errors, typos, or just generally seems to be poorly written, it's a good indicator that it's a phishing email.

Phishers often send out their emails quickly and without much care or attention to detail. So if an email looks like it was dashed off in a hurry, with no regard for proper spelling or grammar, it's probably a phishing email.

Phishing scams also originate overseas, and the architects of these scams aren't native English speakers. So another giveaway that an email might be a phishing attempt is if it contains poor grammar or strange phrasing.

The message is urgent or includes a sense of urgency

Phishers often try to create a sense of urgency in their emails in order to get people to act quickly without thinking. They might say that your account is about to be closed, or that you need to take action immediately to prevent some kind of negative consequence.

Of course, none of this is true. Phishers just want to create a sense of urgency so that you'll click on their links without thinking. So, if an email includes language that tries to create a sense of urgency, be wary.

The email contains attachments that you weren't expecting

If you receive an email with an attachment that you weren't expecting, be very careful before opening it. This is another common phishing tactic.

The phisher will send you an email with an attachment that appears to be benign, such as a PDF document or an image. But when you open the attachment, it will install malware on your computer.

If you weren't expecting an email with an attachment, be very careful before opening it. If you don't know the sender, or if the email looks suspicious in any way, don't open the attachment. Delete the email and move on.

The email contains threats or ultimatums

Phishers will sometimes try to intimidate their victims into taking action by including threats or ultimatums in their emails. They might say that your account will be closed if you don't take action, or that you'll be subject to legal action if you don't respond.

Of course, none of this is true. Phishers just want to scare you into taking action without thinking. So, if an email includes threats or ultimatums, it's a good indicator that it's a phishing attempt.

The email asks for personal information

Phishers will often try to obtain personal information from their victims, such as credit card numbers, Social Security numbers, or login credentials. They might do this by asking you to fill out a form with your personal information. Or they might include a link that takes you to a fake website where you're prompted to enter your personal information.

Never give out personal information in response to an email or click on a link that takes you to a website where you're prompted to enter your personal information. If you need to update your account information, log in to the website directly and update it yourself. Don't do it through an email or a link in an email.

The email is from a free email service

If an email is from a free email service like Gmail or Yahoo, that's a red flag. While there's nothing inherently wrong with free email services, phishers often use them to send their emails because they're easy to create and don't require any verification.

So if you receive an email from a free email service, be extra careful. It's not necessarily a phishing attempt, but it's worth taking a closer look before taking any action.

Someone with no followers or friends adds you on social media

This one is more common on social media sites like Facebook and LinkedIn. If someone with no followers or friends adds you, that's a red flag. It's possible that they're just trying to build up their network, but it's also possible that they're a phisher.

If someone with no followers or friends adds you on social media, be careful before accepting their friend request. Take a look at their profile and see if anything looks suspicious. If you're not sure, err on the side of caution and don't accept their request.

Conclusion

Phishing is a serious problem, and it's only getting worse. By understanding how phishing works and knowing what to look for, you can protect yourself from these attacks.

If you're ever unsure about an email or a website, err on the side of caution and don't take any action. It's better to be safe than sorry. And if you think you might have been the victim of a phishing attack, change your passwords and run a virus scan on your computer just to be safe.

The post 10 Ways to spot a phishing attempt appeared first on Cybersecurity Insiders.

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.

Executive summary

Humans are considered the weakest link in cybersecurity. No matter how much a company invests in firewalls, antivirus, and other security software to detect, deter, and prevent attacks humans will always be the main vectors for compromise. If no adequate user-security training is provided within the organization, they will always be at risk. Phishing is one of the oldest cyber-attacks yet one of the most used by attackers due to its effectiveness and low cost.

The Managed Extended Detection and Response (MXDR) team received an alarm indicating a user had successfully logged in from a country outside of the United States (US. Upon further review, this was the first time the user had logged in from outside of the US. The analyst team created an investigation in which the customer responded and took the necessary steps to recover the account from the attacker. 

Investigation

Initial alarm review

Indicators of Compromise (IOC)

The initial alarm was triggered as a result of the account being accessed from outside of the United States. Due to the recent shift of remote working, it is common to see users accessing their accounts from different countries that could be caused by Virtual Private Network (VPN) or because of travel activity.

Expanded investigation

Events search

When investigating potentially malicious behavior, it is important to understand what the baseline of a user's activity looks like. While looking at the historic data for their activity, logs showed this was the first instance the account has been accessed from outside of the United States.

The logs did not show any failed login attempts from another country, which is usually seen whenever an attacker attempts to compromise an account.

Response

Building the investigation

After gathering enough information, an investigation was created for the customer to confirm if this should be expected from this user.

Customer interaction

Within minutes of the investigation being created, the customer confirmed the user had clicked a phishing email and input their credentials, which the attacker then used to successfully logged in into their account.

The phishing email contained a URL to the following site:

Once clicked, this site would send the user to a page that impersonated a login for an email account that was used to harvest credentials.

Limitations and opportunities

Limitations

For this investigation, the MXDR team did not have full visibility into the Microsoft Office 365 Exchange environment, hindering visibility into the initial attack. We were unable able to see the phishing email being sent to this account. The only events being observed by the SOC were the successful log ins from outside of the United States.

The post Stories from the SOC – Phishing for credentials appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Blockchain has been outlined as a digital, decentralized ledger that keeps a record of all transactions that present itself across a peer-to-peer network. It permits the secure transfer of assets while not being an associate mediator. It conjointly provides a record of transactions that's absolutely clear and displayed in time period for the good thing about participants.

GDPR is a law that protects data/Information security, promotes a lot of management over a person’s individual data and information on digital platforms. Blockchain, on the opposite hand, is a technology that develops unvarying rransaction ledgers.

The interaction between GDPR’s data privacy rights and therefore the idea of blockchain serving as a decentralized, incorrupt digital junction have led to varied takes on classic philosophical conflicts.

What is GDPR?

GDPR is a General information Protection Regulation that was adopted as a law in the EU. The purpose of the law is to cater to the requirements of  information privacy of an individual.

The law offers rights to the users, that include:

Legality of blockchain and privacy:

The governance parties can decide with certain conditions that the specific transaction will occur in blockchain or not.

• As blockchain technology evolves, it'll become a lot more powerful thanks to choosing the organization to use transactions on the blockchain. For an emptor, it's useful if the suppliers conjointly comply with including the blockchain transactions.
• For a decentralized platform, it's difficult to use blockchain laws because the info is distributed round the globe.
• Although blockchain is taken into account extremely securely, it poses some regulation barriers to data privacy such as the California Client Privacy Act of 2018 (“CCPA”) and also the EU’s GDPR.
• Both GDPR and CCPA require that private data is to be removed under any circumstances.

CRUD vs. CRAB

In order to fully understand the blockchain & data privacy (GDPR), one needs to understand the difference between CRUD & CRAB. Many tech professionals call the process CRAB (An alternative of the term CRUD) – CRUD (For traditional databases) stands for Create, Read, Update & Delete.

The term CRAB stands for Create, Retrieve, Append & Burn. The burn is the method of deleting encryption keys.

Keeping private data/information “off the chain, instead of on the chain” is the one obvious solution. As the blockchain info is  “on the chain”, deleting & redaction info is sort of not possible.

Developing a closed blockchain is another solution. In a closed (permission-based) blockchain, information is stored on local devices or rented cloud storage. So it is relatively easier to delete personal data on an individual's request using the process called forking.

Now, because there is no definition in GDPR of “erasure of data” at this point for blockchain, you probably need to interpret this as meaning that throwing away your encryption keys for blockchain technology, isn't acceptable as ‘erasure of data’ in line with GDPR.

Solution:

Storing private data on a blockchain is not an option per GDPR policies. A good option to get around this issue is a really simple one: You store the private data off-chain & store the reference to this data (along with a hash of this information and alternative data like claims and permissions regarding this data) on the blockchain.

This workaround will increase the complexity of fetching and storing information on a blockchain. Now, let's cover the pro’s and con’s of this approach.

The pros:

The approach described above is a 100% GDPR compliant solution, which makes it possible to completely erase data in the off-chain storage. Therefore, rendering the links & hashes on the blockchain is utterly useless.

In this situation, you use the blockchain primarily as an ‘access control’ medium, wherever claims are publicly verifiable. This would be able to provide somebody the suggestions to prove that some node mustn't store the information once an opt-out is chosen. This benefit may also be present if private data was kept on a blockchain.

The cons:

Transparency with blockchain is reduced. By storing your information off-chain, you have got no method of knowing who has accessed your information, and who has access to your information. Once any company has the link to retrieve the info, they’re not bound to access anything.

Data ownership with blockchain is also reduced. Once your information has been kept off-chain, who owns it? The information owner has all the encryption keys to administer his data.

It would be desirable to have a point-to-point integration between all the collaborating parties. When obtaining the link from the blockchain, you wish to share information from A Company to B company. For each new party supplemental to the system, you may have to be compelled to add new point-to-point integrations with every existing member as provision of a secure PKI.

This may mean more attack vectors. Every company has their own infrastructure and application landscape. By spreading private information over these totally different corporations, the risk will increase for a possible breach where information can be stolen.

Conflict:

But here is the conflict: The goal of GDPR is to “give users back the management of their personal information, while imposing strict rules on those hosting and ‘processing’ this data, anyplace within the world.” Also, GDPR states is that data “should be erasable”. Since abandoning your cryptography keys isn't identical to ‘erasure of data’, GDPR prohibits the world from storing personal data on a blockchain level.

This removes the power to reinforce management over your personal data. Now, I know that sounded harsh. And in defence of GDPR, you could optimize the proposed solution above to counter some disadvantages. Or select a very totally different resolution than the one represented to tackle the issue of close immutability of transactions. However, no matter the resolution you're going with, more complexity can still be a significant disadvantage.

Conclusion:

With blockchain technologies being used in many ways, we've got new ways in which to strengthen data-ownership, transparency and trust between entities (to name a few). The way GDPR is written, we have a tendency to not store personal data directly on the blockchain since in GDPR terms ‘it isn't erasable’. This prohibits the world from using this technology to its full potential, therefore we want to think about ‘older’ systems for storing data that simply will not guarantee same advantages as most blockchain technologies: who owns (the data|the information) in your off-chain storage? Is the off-chain data even encrypted? Who can access this data? Wherever is it stored? Is it already copied to alternative systems?

The post The blockchain & data privacy (GDPR) appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Retirement plans are an easily overlooked but often critical cybersecurity concern. Employee stock ownership plans (ESOPs), while less common than others, may face particular risks.

ESOPs can provide a valuable way to foster employee engagement and reward loyal workers, but businesses must consider their cybersecurity risks. Without proper security, these plans and those who depend on them may be in danger.

ESOP security risks

Employee Retirement Income Security Act (ERISA)-regulated plans covered an estimated $9.3 trillion as of 2018. Individual ones can hold millions of dollars, making them tempting targets for cybercriminals.

ESOPs pose unique risks, as participating employees have an ownership stake in the company. Consequently, cyberattacks that damage the business’s reputation will affect ESOP participants. Lower stock values will reduce workers’ payouts when they retire.

This ownership stake means an attack doesn’t have to target the retirement plan directly to impact its participants. Any cybersecurity incident against the business poses a significant risk, and ESOP security means safeguarding the entire company’s attack surface.

How to minimize ESOP security concerns

ESOP cybersecurity concerns are significant, but you can take several steps to address them. Here’s how you can mitigate these security risks.

Assess company-specific risks

The first step in ESOP cybersecurity is to assess your specific risk landscape. Every organization and plan within one has unique considerations determining the most effective mitigation measures, so these assessments are a crucial starting point.

Every risk contains two key components: an event that could happen and the consequences if it does. Teams must compile a formal list of threats facing their ESOP plans, ensuring to cover both these categories. This will reveal the most important vulnerabilities to address, helping guide further security steps.

Verify vendors

Like many retirement plans, ESOPs typically rely on third-party vendors to manage funds. Consequently, breaches in these partners could impact the business itself. About 51% of all organizations have experienced a data breach from a third party, so verifying their security before going into business with them is crucial.

Ask for third-party audits and similar proofs of security to ensure any vendors meet strict cybersecurity standards. Contracts should include detailed pictures of their security responsibilities and consequences for noncompliance. Ensuring all vendors have sufficient cybersecurity insurance is also a good idea.

Minimize access

You should minimize access privileges across the organization and its partners even after verification. Well-meaning employees can still make critical errors, but if each account can only use a few resources, a breach in one won’t jeopardize the entire system.

Operate by the principle of least privilege: Every user, program and endpoint should only be able to access what it needs to work correctly. That applies to third parties as well as company insiders. This will minimize lateral movement risks, helping keep ESOPs safe from attacks elsewhere in the organization.

Create a culture of Cybersecurity

ESOP participants slowly gain increasing ownership stakes in the company, so their cybersecurity responsibilities should follow. Employees should understand how their actions impact the wider organization’s security and use best practices out of habit.

You can foster a cybersecurity culture by offering regular training, tying security goals to their impact on employees’ personal lives, and encouraging feedback and questions. When cybersecurity comes as second nature, the company will become inherently more secure, protecting ESOPs.

Develop a business continuity plan

It’s important to realize that no defenses are 100% effective. There were at least 1,862 data breaches in 2021 alone, and that figure has consistently risen over the years. Given this trend, it’s too risky to assume you’ll never suffer a successful attack, so business continuity plans are critical.

These plans should cover encrypted backups of all sensitive data, emergency communications protocols and steps to contain a breach. Ideally, they should also include cybersecurity insurance to cover any losses. These backup plans and resources will ensure ESOP participants can still protect their resources when a breach occurs.

ESOPs need strong Cybersecurity

Attacks on ESOPs and the organizations sponsoring them can cause substantial damage. In light of that risk, any company offering such a plan should also implement strong cybersecurity measures.

These steps will help any ESOP organization minimize its risk landscape. They can then ensure that cybersecurity incidents won’t jeopardize plan participants’ hard-earned retirement income.

The post Minimizing security concerns of ESOPs appeared first on Cybersecurity Insiders.

As we head into 2023, we look back at the last year and the focus will continue to be on reducing risk exposure and resilience. Organizations are strengthening their ransomware defense, security, and privacy approach to product development, cyberattack response, supply chain risk management and operational technology (OT) security and based on working with customers across industry sectors, here is a compilation of some trends we predict for 2023.

1. Critical Infrastructure and Public Sector will continue to become attractive targets.

As cyberattacks become more sophisticated, building collaborative communities between the public and private sectors will be crucial to synchronize operations and take preventative measures as a unified front to critical infrastructure threats. The public sector has become a favored target for cybercriminals. Armed with automated botnets, hackers rummage through computer systems to locate “soft targets.” In recent years, US state and local government agencies have fallen prey to cyber-attacks.

Legacy security is proving ineffective against the growing legion of diverse, sophisticated, and confrontational cyber threats. Public agencies collect and store sensitive data. Like the private sector, government institutions have gone digital. The addition of cloud, mobile, and SaaS have expanded an organization's attack surface, and it further illuminates that your cyber security is only as strong as your weakest point.

2. OT attack patterns will become more prevalent.

IT and OT teams must find common ground to eliminate the substantial risk factors of planned and accidental IT/OT convergence. But the mission does not end there. OT security solutions that work in conjunction with IT security solutions can be the catalyst that not only provides the visibility, security, and control needed to thwart new cyber threats but also brings these once separate teams together for the common security of every manufacturing, critical infrastructure and industrial organization will need to fulfill its core mission efficiently and securely.

The rising demand for improved connectivity of systems, faster maintenance of equipment, and better insights into the utilization of resources has given rise to internet-enabled OT systems, which include industrial control systems (ICS) and others such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCSs), remote terminal units (RTUs), and programmable logic controllers (PLCs).  With everything becoming internet-facing and cloud-managed, the manufacturing and critical infrastructure sector (i.e., healthcare, pharma, chemicals, power generation, oil production, transportation, defense, mining, food, and agriculture) are becoming exposed to threats that may be more profound than data breaches. In the coming years, OT attacks will become more prevalent and be used in cyber warfare.

3. Privacy will start getting more attention within the US.

We are going to see more states pass laws with a focus on privacy. Data privacy laws in the United States have been primarily sector-based, with different data privacy laws applying to other sectors of the economy. For example, HIPAA for health care, FERPA for education, GLBA for finance, etc. While this approach has allowed laws to be tailored to specific contexts, it has also resulted in many businesses being exempt from meaningful data privacy regulation.

Recognizing these gaps, these state consumer data privacy laws will seek to establish a comprehensive framework for controlling and processing personal data by many businesses currently exempt from other regulatory schemes. While the state laws vary somewhat, they share a few common principles around establishing standards and responsibilities regarding a business's collection of personal data from consumers; granting consumers certain individual rights concerning their data, such as the rights to access, correct, delete, and obtain a copy of the personal data a business holds about them; and establishing an enforcement mechanism allows state governments to hold businesses accountable for law violations.

4. Culture of resilience and safety versus compliance and prevention of breaches.

Resilience means more than bouncing back from a fall at a moment of significantly increased threats. When addressing resilience, it's vital to focus on long-term goals instead of short-term benefits. Resilience in the cybersecurity context should resist, absorb, recover, and adapt to business disruptions. Cyber resiliency can't be accomplished overnight. For the longest time, the conversation around getting the cybersecurity message across at the board level has revolved around the business language.

Businesses cannot afford to treat cybersecurity as anything but a systemic issue. While the board tends to strategize about managing business risks, cybersecurity professionals tend to concentrate their efforts at the technical, organizational, and operational levels. According to the World Economic Forum, 95% of cybersecurity breaches are caused by human error.

Unfortunately, many businesses still mistakenly believe that cyber-resilience means investing in bleeding-edge technologies while paying scant heed to the human factor. Fixing human vulnerabilities start with culture. Business leaders must reassure staff that it's okay to develop questioning attitudes and challenge high-risk requests, such as emailing sensitive information or processing payments.

5. Strengthening of fundamentals- Vulnerability and patch management, risk reduction, and Managed Extended Detection and Response (MXDR).

As digital transformation initiatives accelerate, CSOs require a deep and accurate understanding of their organization's cyber risk. Understanding the details of your risk, what should be prioritized, and how it can be effectively reduced is the best foundation for building a holistic plan for managing threats across the organization—priorities for cyber resilience now and into 2023.

This will be the year for MXDR with a unified platform that automates incident investigation such as enrichment, analysis, classification, and response rather than relying on an overworked security Organizations will look for MXDR to include 24/7 monitoring, critical alerting, root cause analysis and around-the-clock “eyes on glass” support. 

6. Growth of cybersecurity as a service – Security at scale and not a roadblock!

With budgets tightening across the board and competition for a limited pool of IT and security talent growing fiercer, cyber as a service provider will continue to become an optimal solution for many companies. Internal security teams can concentrate on their core missions because they can count on their partners to focus on specific vectors. Cyber Security as a Service (CSaaS) allows the services utilized to change over time and be periodically realigned to ensure the customer's business needs are met.

7. CISO –role change and mindset of the future, the impact of burnout and blame game.

The future is here and now, with digital transformation driving organizations rapidly. Today the role of a Chief Information Security Officer (CISO) within organizations has become transformational. The CISO leads cross-functional teams to match the speed and boldness of digital transformations with agile, forward-thinking security and privacy strategies, investments, and plans.

The operational leader and master tacticians are tech-savvy and business-savvy CISOs. They can deliver consistent system performance, with security and privacy throughout the organization and its ecosystem amid constant and changing threats. It's time to stop repeating how things can't be done (on security grounds). Instead, we need to preach from the business transformation book and explain how they can be.

We must stop operating out of silos and build relationships with all business players, embedding 'scenario thinking' and responsiveness into organizational cyber functioning. But just as importantly, to address the first part, the board needs to plan and prepare for a cyber-crisis proactively; only by understanding the risks can the business be in the right strategic place to combat them successfully.

8. Security mesh, Zero Trust and SASE- Consolidation and optimization.

As 2023 planning kicks off, it would be interesting to look at how many Zero Trust initiatives have surfaced during budget discussions, how many product investments are tied to this initiative, and, more importantly, which are real Zero Trust or ones just seeking a budget home?  Organizations in the early strategy stages for Zero Trust need to think of this as a multi-year plan which is probably starting to take shape, but it's not the playbook you need to make today's priority calls.  Many teams will struggle to move an emerging Zero Trust strategy to practical implementation. The need will arise further for approaches that can help with practical implementation and accelerate Zero Trust data initiatives.

9. Board with more cyber knowledge and investment.

Business and cybersecurity success go hand in hand. As the board's role in cyber-risk oversight evolves, the importance of robust dialogue with the cyber influencers within an organization cannot be overestimated. Without close communication between boards and the cyber/risk team, the organization could be at even greater risk. If this sounds like a cybersecurity grooming exercise, that's because it is. Preparing cybersecurity practitioners with business acumen for the board to act as the voice of educated reason isn't such a bad idea.

The best businesses thrive because they have people at the very top who can exert control based on informed decision-making when a crisis looms. Leaving cybersecurity out of this success equation in 2023 is a risky game. Cybersecurity teams should equip the board with the following as a starting point. 

• A clear articulation of the current cyber risks facing all aspects of the business (not just IT); and
• A summary of recent cyber incidents, how they were handled, and lessons learned.
• Short- and long-term road maps outlining how the company will continue to evolve its cyber capabilities to address new and expanded threats, including the related accountabilities in place to ensure progress; and
• Meaningful metrics that provide supporting essential performance and risk indicators of successful management of top-priority cyber risks that are being managed

10. Skills shortages and product silos exacerbate the situation.

There's no question that cybersecurity should be a number one focus for businesses that want to keep growing. But improving and scaling cybersecurity efforts in a constantly changing environment is challenging, with new threats and technologies continually being developed. To make things worse, the cybersecurity labor crisis is going to intensify.

A saturation of cybersecurity products with umpteen features is a desperate cry for consolidation, and the future is about cyber platforms and not siloed feature sets. The focus should not just be on finding issues but instead on remediation. There is going to be a need to demonstrate speed to value. We need technology that shows immediate value with simple implementation. Everyone talks about tech spending but forgets to include all the labor to roll out and maintain the technology platforms and the reason to consider cyber as a service.

Our current global landscape is testing resiliency. As organizations continue to digitally transform it has created new and heightened cyber risk concerns. Protecting these digital connections needs to stay top of mind for leaders looking to help their organizations adapt to these changes while continuing to innovate. 

The post 10 Cybersecurity predictions for 2023 appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Digital transformation in banking began following the creation of the internet in the 1990s as a way for banks to deliver services to their customers more conveniently. Today, it has completely changed how most people interact with their banks. From opening a new account to making transactions and applying for loans, you can access all banking services directly from your computer or smartphone.

According to an FDIC survey on banking behavior, over 80% of account holders engage in some form of digital banking. The popularity of digital banking stems from the convenience and level of personalization that it offers. But is digital banking good for you, or do the risks, such as cybersecurity issues, outweigh the benefits? 

Below, let’s explore some of the pros and cons of digital transformation in banking.

Pros of digital transformation in banking

Digital banking offers several advantages to the modern banking customer. Here are a few:

• 24/7 Access to your bank

One of the most significant benefits of digital banking is that it gives you round-the-clock access to your account. You don’t have to wait for working hours to deposit your funds, get an account statement, change your account details, or transact funds. You can do it at any time from wherever you are. 

Additionally, you don’t have to waste time in long queues in the banking hall. Digital banking is like having your personal bank right in your pocket.

• Better rates, lower fees

Banks typically charge account maintenance and transaction fees to cover expenses like employees, bank premises, etc. Since digital banking allows customers to serve themselves directly over the internet, there’s less demand for bank employees and multiple brick-and-mortar branches. Therefore, banks embracing digital transformation have lower overheads and can offer their customers lower fees and higher interest rates. These benefits are especially pronounced for purely digital banks without physical premises.

• Better customer experience

A 2021 survey by Deloitte Insights found that digital-first banks routinely outperform traditional banks in multiple areas that matter most to customers, including simplicity of transactions, transaction speed, and the overall quality of the banking experience.

Digital banks provide a smoother experience compared to traditional banks. For instance, transacting on a digital bank takes just a few minutes on your smartphone or laptop. In contrast, simply making a transaction in a traditional bank could take close to an hour as you must get to the physical bank, wait in line, fill out transaction forms, and speak to a teller.

In addition, digital banks offer features like budgeting tools that make it easier to manage your money. They also update you on every aspect of your account with text and email alerts, such as when you make transactions, when you don’t have enough money for an upcoming bill, and so on. This makes the digital banking experience much better than what you get with a traditional bank.

• Automated payments

With digital banks, it’s amazingly easy to automate your payments. You can set up payments that you want to make from your account every month, so you don’t have to worry about fees and penalties for late or delayed payments. Plus, if you use a net-30 account to pay for goods or services and manage your cash flow, you can automate these payments too. 

You can also set up automated savings where the bank automatically deducts a specific amount from your account every month and deposits it in your savings account. This level of automation gives you a hands-free solution for managing your money instead of manually making all these transactions every month.

Drawbacks of digital transformation in banking

Despite offering convenience and better banking experiences, digital transformation in banking has flaws too. Some of these include:

• Security concerns

The convenience of digital banking also comes with security risks. The online capabilities that allow you to access your account and transact remotely introduce loopholes that people with malicious intents can exploit to steal your money.

Today, there are lots of cybersecurity challenges facing digital banking. For instance, hackers may break into the online banking platform and steal sensitive customer data. Other risks include malware and ransomware attacks, spoofing, credential harvesting, identity theft, fraud, etc. While banks have put many measures into place to avoid such situations, the risk is always there.

Digital banks also place some responsibility for the safety of your money on you. When you put your money in a traditional bank, the bank is solely responsible for keeping your money safe. With a digital bank, you’re involved in protecting your money. You have to use strong passwords and multi-factor authentication for your online banking accounts and avoid logging into your account on public Wi-Fi networks. 

You must also avoid clicking on dubious links, be aware of phishing attacks, and protect yourself from many other client-side security threats. If you’re not security conscious, there’s always the risk of losing your money.

• Possible technical issues

The electronic systems on which digital banks run are not always reliable. For example, the servers of your digital bank could experience an outage and lock you out of your account. Similarly, your bank’s website could have a technical issue that could prevent you from accessing your account. Even a problem with your internet connection can leave you unable to access your funds.

While the possibility of such scenarios is quite low, such technical problems can easily leave you stranded, especially when you need to access your money urgently.

• It’s easy to spend your money

The convenience of having fast and constant access to your money is a benefit, but sometimes, it can be a disadvantage. If your digital bank is linked to your online shopping accounts, you could easily find yourself spending your money on things you hadn’t budgeted for. 

Additionally, making such payments is so effortless that you can easily forget how much money you’re spending. With a traditional bank, you’d have to visit a physical branch to access your money, which is enough to deter you from most impulse purchases.

However, digital banks also make it easier to track where you’re spending your money. Linking your digital bank account with your budgeting tool can help you prevent spending your money on unplanned expenses.

Wrapping up

The digital transformation in banking has completely revolutionized how people interact with their money and banks. It offers many benefits: convenience, round-the-clock access to your money, payment automation, lower fees, higher interest rates, and a better banking experience.

Still, it’s important to be aware of its drawbacks, such as security concerns, the possibility of technical issues locking you out of your account, and the likelihood of spending your money on things you’ve not budgeted for.

Most people will find that the pros outweigh the cons, but if you decide to adopt digital banking, don’t forget to take the appropriate steps to keep your money safe. 

The post The pros and cons of the digital transformation in banking appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In times of economic volatility, precious metals are a safe harbor for investors of all sizes. This has been reflected in choppy pricing for metals such as gold, which, according to CNBC, have only just settled down after weeks of gradual rise against a weakening dollar.

While there is a sense of solidity in trading precious metals, given their very real world physical sense, they are, like every other digitally traded item, subject to the same cyber threats and risks that attack the digital markets every day. Staying safe in the face of these threats is key and starts with protecting spot trades.

Understanding stock market attacks

Precious metals are traded, just like other stocks, shares and commodities, at spot price. This means the buyer will pay a determined price from the seller, in addition to a variable degree of commission to the broker or other middleman. The high-profile nature of stock markets means that they are often well protected against cyber-attack, but this protection is faltering as stock trades become more diversified.

As more and more brokers and agents get involved in trading, the number of weak points in the networks increases. This is especially the case in precious metals; the sensitive pricing of precious metals means that the trades need to be completed quickly, or at high frequency. According to Investopedia, this extreme need for expediency offers an ‘in’ for attackers in two main forms.

Seizing the algorithm

Cryptocurrency has helped to shed a light on one of the most important threats to counter – algorithm hacking. This is a process whereby the malicious actor will attempt to seize control of a trading algorithm, whether used on a wider scale by the market or by individual brokers. Through this, they can crash prices, causing instant damage that will be confusing to rectify with corrections.

As Yahoo highlights, cryptocurrency deals with such attacks on a minute-by-minute basis; through proper online hygiene and experienced 2+ factor authentication, trading houses can stop third parties from accessing this data.

Distributed outages

A very common form of cyber-attack in the modern day is the DDoS. This takes networks offline, denying users access to data, and can sow confusion. While proprietary vendors such as Cloudflare have helped to provide coverage, there have still been high-profile attacks on stock markets.

Consider, for instance, the multi-day outage of the New Zealand stock exchange, highlighted by GARP. While not a primary player in the world markets, these smaller hubs feed into the larger, regional markets, in London, New York and Tokyo. While smaller hubs are taken down, there are huge risks in terms of inaccurate costing, hijacked sales, and other risks. Ensuring that markets are protected as much as possible by DDoS protection is essential and, for individual traders, looking to take full logs and using a high-quality broker will help further.

Criminals will continue to exploit the increased amount of business being seen in the precious metals market. Protection must come first, or profits could be at risk.

The post ​​​​​​​As volumes continue to rise, precious metal traders must be cyber vigilant appeared first on Cybersecurity Insiders.

As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.

Operational and security experts at these companies are well aware of the balancing act they must achieve under these conditions, according to a new industry breakout of the AT&T Cybersecurity Insights Report. Released this week, the AT&T Cybersecurity Insights Report: Focus on Energy and Utilities shows that technologists in these organizations are called upon by the business to roll out edge use cases such as remote-control operations, self-healing assets, and intelligent grid management. At the same time, they must ensure these deployments are done with cybersecurity as a central component, as the impact of attacks against this vertical's edge-connected assets could have drastic consequences for companies tasked with delivering the most vital resources for modern living.

Rapid rate of energy and utility innovation

One of the key areas examined by the AT&T Cybersecurity Insights Report is the rate of adoption of edge computing, the use cases in play, and their stage of maturity. This was tracked across six major sectors. This latest industry report dives into the trends for companies that provide services and resources such as electricity, oil and gas, water, and sewer. The study shows that some 77% of energy and utilities respondents worldwide are planning to implement, have partially implemented, or have fully implemented an edge use case. The study dug into nine industry-specific use cases and examined their stage of adoption across the energy and utilities sector.

Combining the mid-stage and mature stage adoption rates reveals that the use of edge computing in infrastructure leak detection has the highest combined adoption maturity (82%) among survey respondents. Some examples of how this looks in action includes using sensors to gauge the flow of water in a municipal water system and using the low latency of edge connections to monitor that data in real time for drops or spikes in pressure that could indicate the need for preventive maintenance or immediate servicing of equipment. This is of course a single example in a broad range of use cases currently under exploration in this sector.

Edge computing has opened up tremendous opportunities for energy and utilities companies to solve tough problems across the entire value chain, including the safe acquisition of energy supplies on the front end of the supply chain, the proper monitoring of consumption of energy and resources on the back end, and the efficient use of facilities and equipment to run the functions between the two phases. Some additional examples most commonly cited were:

• Remote control operations
• Geographic infrastructure exploration, discovery, and management
• Connected field services
• Intelligent grid management

Interestingly, in spite of many energy companies engaged in proof-of-concept and insulated projects, overall the sector's rate of mature adoption was the least prevalent compared to all other sectors, sitting at about 40%. Survey analysis indicates this isn't from a lack of interest, but instead a product of the justifiably cautious nature of this industry, which keeps safety and availability top of mind. The fact that this market segment had the highest level of adoption in mid-stage compared to other industries offers a clue that these companies are all-in on edge deployments but taking their time considering and accounting for the risks—including those on the cybersecurity front.

Compromise worries grow

The study shows that 79% of energy and utilities respondents believe there is a high or very high likelihood of a compromise in one of the use cases intended for production within the next three years. When respondents were asked about the impact that a successful compromise would have, energy and utilities industry respondents were the most concerned of all industry respondents. This is hardly shocking given the grave real-world, physical consequences that can stem from a loss of control or safety over operational technology (OT) assets that run the power plants and pipelines within this industry.

 Given the media attention surrounding very public ransomware attacks in this sector recently, it's no surprise that ransomware is one of the top cybersecurity concerns for technology leaders in this space. However, it is nevertheless not the number one cybersecurity concern for technology leaders in the energy and utilities space, sitting instead as number two behind the more pressing issue of potential sniffing attacks against radio access networks (RAN). Also tied for second alongside ransomware were attacks against 5G core networks, and attacks against user/endpoint devices.

An interesting point to note about this industry is its heightened level of concern over physical attacks against technical components such as IoT devices. The industry rated this concern much higher than the average respondent. This is likely a function of the industry's growing reliance on remote sensors, devices, and endpoints in low-latency (and often far-flung) environments.

The unique cyber considerations in energy OT environs

Protecting the ability of an organization to safely provide reliable electricity, accurate bills, and safe pipelines will increasingly require cyber controls be applied to the external assets that deliver the benefits of edge computing use cases.  Fortunately, energy and utilities leaders are investing accordingly in cybersecurity controls around the edge.

The study shows that the energy and utilities sector has the second-highest commitment to major security investments baked into edge use cases compared to the others, lagging only slightly behind the US public sector. Approximately 65% of energy and utilities firms are allocating 11% or more of their edge funding directly for security.

One of the challenges in applying that funding is the so-called IT-OT security gap that face industrial sectors like this one. Energy and utilities firms can't rely on many classic cybersecurity controls like other industries, due to the limitations in technology and operational factors not found elsewhere. For example, many OT systems can't be patched in a timely fashion due to the operational risks posed by a failed update and the fact that many OT devices may run months or even years between scheduled maintenance windows. Operators in this sector have an extremely low tolerance security actions that potentially risk bringing down an entire oil refinery or wastewater treatment facility. This is why when the report examined the effectiveness rating of security controls in this industry, patching ranked dead last, as compared to a relatively high rating in all other industries.

Further, it may be challenging to collect and normalize data for monitoring purposes given the increase in data across merged IT/OT networks. OT networks cannot be monitored in the same way that IT networks are, due to unique protocols and also similar risk problems that the security 'cure' may be worse than the disease. For example, active scanning techniques can often disrupt or take down OT networks. This is likely why intrusion detection solutions were rated to have the highest total cost of ownership (TCO) within this particular sector.

As energy and utilities companies strive for the right balance of innovation and security at the edge, we recommend a careful approach that accounts for the fact that traditional endpoint-centric controls like patching can't always be the go-to solution. Proactive controls such as micro segmentation, passive vulnerability scans, and threat hunting should be considered for these more difficult use cases. These organizations should consider getting professional guidance from service providers on the front end to evaluate road maps for current and proposed use cases. The experts at these providers have already tread this ground and can best advise on the potential hazards that an organization may face along the way.

The post AT&T Cybersecurity Insights Report: Focus Energy and Utilities appeared first on Cybersecurity Insiders.