Tuesday, December 30, 2014

Cyber Security: Banks, oil & gas, governments most vulnerable to cyber-attacks, Cisco says

Banks and other financial institutions, oil and gas firms as well as governments in Nigeria have been identified as the most vulnerable to cyber attacks by a Cisco report released yesterday. These sectors were among the global list of industries susceptible industries to cyber security across the globe according to the Cisco 2014 Security Report. Read the article here.

Monday, December 29, 2014

Cyber Security: Low-risk cyber security issue found at nuclear plant

Personnel at the PPL Susquehanna Steam nuclear power plant in Salem Township are working to address a low-level security violation discovered by the U.S. Nuclear Regulatory Commission during a recent inspection at the facility. The violation was related to cyber security, and PPL spokesman Joe Scopelliti said it was a low risk infraction. Read more here.

Friday, December 26, 2014

Cyber Security: FBI warns Iranian hackers targeting defense, energy, and education

Pondering the saga of Stuxnet, the nuke-flustering virus that drove Iran's atomic mullahs to distraction, the Economist (by way of Business Insider) mused that the future of cyber-warfare could involve attacks on vulnerable infrastructure systems, mimicking the way Stuxnet made those Iran WMD factories "go nuts and damage themselves." Read more here.

Tuesday, December 23, 2014

Cyber Security: 2015 cyber risk and data protection predictions

Businesses in 2015 are expected to experience increasing challenges as they struggle to contend with the burgeoning threat of complex cybercrime. EY analysis has outlined some of the key areas that cyber risks threaten to impact in the coming year, including the difficulties in the insurance sector of underwriting cyber risk, the raft of regulation coming out of both the EU and the UK, the importance of integrated risk functions in firms, and the cyber risk of supply chains moving to the cloud. Click here to read more.



Monday, December 22, 2014

Cyber Security: Gov't beefs up cyber-security after website attacks

The Government of Jamaica (GOJ) says it is implementing a raft of measures to address the issue of cyber security, following an attack on more than 10 government websites three weeks ago. “Upon becoming aware of the attacks, the ministry immediately moved to implement several measures to safeguard against further attacks,” Minister of State in the Ministry of Science, Technology, Energy and Mining, Julian Robinson said. Read more here.

Friday, December 19, 2014

Cyber Security: Payment Card Gateway Firm Hacked

The latest retail breach is not a retailer, per se, but it's in the ballpark. Charge Anywhere, a company that provides electronic payment gateway solutions to retailers and other merchants, is reporting that criminals infiltrated its system five years ago, putting unencrypted payment card of payment card data it holds is an absolute priority and has apologized for the incident, it seems breaching the data was also the cybercriminal's priority -- and the criminal won the security match. Read the article here.

Thursday, December 18, 2014

Cyber Security: Holding masses of data, cybercriminals face new hurdles to cashing out

After Sony Pictures Entertainment's computer network was breached in late November, it appeared the hackers wanted to blackmail the company. Apparently Sony Pictures didn’t give the hackers what they wanted, and gigabytes of data were posted online, including a spreadsheet of all of the company’s employees and their salaries. Though the Sony hackers apparently did not get what they wanted, data clearly has a value. But determining its value depends on a variety of factors. And it’s not as easy as it used to be to cash out. Read more here.

Wednesday, December 17, 2014

Cyber Security: Hiring 'Good' Hackers To Find Flaws

With cyber attacks seemingly getting worse every day, a bidding war has broken out between Silicon Valley tech giants and black marketeers for the talents of hackers who spot software vulnerabilities that can be used to steal everything from corporate trade secrets to consumers' financial information. Increasingly, local firms -- including Google, Facebook and Mozilla -- are offering "bug bounties" worth thousands of dollars to outside code crunchers who spot such flaws. Click here to read the article.

Tuesday, December 16, 2014

Cyber Security: Sony hackers preparing large 'Christmas Gift'

The Sony hackers released a seventh dump of files online Saturday morning and promised a larger "Christmas gift" that will "put Sony Pictures into the worst state." It's unknown what exactly the stolen documents released on Saturday were but, according to Re-Code, they may have consisted of files relating to the video site Crackle and former Sony exec Jim Underwood, who now works at Facebook. Click here to read more.

Monday, December 15, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of December 8

Click the link below to view the summary of cyber security vulnerabilities for the week of December 8 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-349

Cyber Security: The Global Cyber Advisor Newsletter - November 2014 Vol. 38

Welcome to the latest Global Cyber Advisor Newsletter!

You can’t open the news today without coming across various serious cyber events.   From loss of production to loss of critical information, you can’t ignore the impacts to the world we live in.  Our clients are tasked daily with protecting their environments from cyber attacks or espionage.  We understand that our products must support the latest cyber security functions and features but our scope of cyber security relevance cannot be exclusive to only what products we install/sell.   A cyber secure industrial site is secure, not because the systems in place support various cyber features but because those secure systems are part of a much larger, more comprehensive, cyber security plan and approach. Schneider Electric has a team that can help our clients with the larger cyber security approach and ensure that our software and hardware solutions are installed, positioned, and supported correctly to reduce our clients' overall risk profile along with ours as a provider.

Continuously Secure:   We continue to prove to the industry that we stay vigilant and help our customers develop their cyber strategies and secure their process environments. We have staff to help our clients on a global basis to assess, design, implement and manage their cyber posture. We have developed suites of products with complementary consulting, which are unmatched in the industry.   

This month's Consultant's Corner is by Charles Smith: “Are Firewalls and Anti-Virus Products Relics of the Past?”
                                                                                             
The Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with their entire cyber security program. We have essentially the industry’s largest vendor-based cyber security team that assists our clients secure their entire process environment. We understand that cyber security extends beyond a single system and our valued clients need assistance and advice in how to secure their entire plant infrastructure.   Cyber security is so much more than product features, firewalls and anti-virus software. 

If you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the November 2014 newsletter.


Friday, December 12, 2014

Cyber Security: Companies Should Assume Cyber Attackers Are Already Inside

Companies seeking to shield valuable data from criminals and government spying should assume the attackers have already penetrated their systems and adjust defensive strategies, security firms McAfee and Symantec Corp. said. "You must assume something is going on and you have to start looking for it," Patty Hatter, chief information officer and senior vice president of operations at Intel Corp.'s McAfee, said today at the Bloomberg Enterprise Technology Summit in London. Click here to read the full story.

Thursday, December 11, 2014

Cyber Security: One Step Closer to the End of Passwords

Are usernames and passwords soon to be a thing of the past? If advancements in cryptography proceed at their recent pace, they might be. The Mountain View, California-based FIDO Alliance, an industry group pushing for an alternative to username and password logins, this week published final specifications of a universal standard for accessing sites and online services more securely. Read the article here.

Wednesday, December 10, 2014

Cyber Security: Cyber attacks to worsen in 2015, McAfee researchers say

A series of spectacular cyber attacks drew headlines this year, and the situation will only worsen in 2015 as hackers use more advanced techniques to infiltrate networks, security researchers said yesterday. Click here to read the article.

Tuesday, December 9, 2014

Cyber Security: Passwords key to home computer security - tips to create the tough-to-break password

American author and astronomer Clifford Stoll has been quoted as saying, “Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.” While some people may want – and are likely required – to change their computer passwords more than twice a year, Stoll’s words are still good ones to live by, given our current state of technology, growing sophistication of hackers and rising number of computer system security breaches. Click here for tips on how to create a tough-to-break password.

Monday, December 8, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of December 1

Click the link below to view the summary of cyber security vulnerabilities for the week of December 1 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-342

Cyber Security: Another retailer confirms a data breach of customer info

Bebe says attackers managed to steal customer names, card numbers, expiration dates and verification codes for cards swiped in stores between November 8th and November 26th of this year in the U.S. and U.S. Virgin Islands. Read the article here.

Friday, December 5, 2014

Cyber Security: A Good Cyber Defense Can Protect Pharmaceutical and Medical Device Companies

The inability to keep data safe can undermine the results of a clinical study and an organization’s ability to generate new products and ensure the safety of existing ones. Much of the world’s critical infrastructure and vital goods are at significant risk of cyber security threats. Add to this discomforting list of threats to medical devices and pharmaceutical manufacturing.

Some companies in different industries underestimate the threat of cyber attacks believing falsely that because their control and monitoring systems are not connected to the Internet, they many not be subject to traditional hacking. “The big theory is that there is no technology connection between us in the plant and others in the outside world so our control systems are safe,” said Doug Clifton, global director, critical infrastructure and security practice at Schneider Electric.

Read the full article here.


Thursday, December 4, 2014

Cyber Security: Automakers aim to drive away car computer hackers

Against the team of hackers, the poor car stood no chance. Meticulously overwhelming its computer networks, the hackers showed that - given time - they would be able to pop the trunk and start the windshield wipers, cut the brakes or lock them up, and even kill the engine. Their motives were not malicious. These hackers worked on behalf of the U.S. military, which along with the auto industry is scrambling to fortify the cyber defenses of commercially available cars before criminals and even terrorists penetrate them. Click here to read the article.

Wednesday, December 3, 2014

Cyber Security: Hacker claiming ties to Anonymous forces Toronto police website offline for hours

The Toronto Police Service's website went offline Sunday after a Twitter user who claims to be connected with the hacker group Anonymous threatened to infiltrate it. The City of Ottawa website was hacked late last month, with the name of an Ottawa police officer involved in a 'swatting' investigation displayed beside a dancing banana. Read more here.

Tuesday, December 2, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of November 24

Click the link below to view the summary of cyber security vulnerabilities for the week of November 24 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-335

Cyber Security: Anonymous pledges more attacks in Canada

The Anonymous hacker group that took credit for the cyber attack on Ottawa City Hall has pledged eight more targets in Canada, including Ottawa Police and the Supreme Court. Click here for the full story.

Monday, December 1, 2014

Cyber Security: One in six adults 'fallen prey to a cyber attack'

One in six adults has been stung online and been the victim of a cyber attack, fresh data has shown. Global information services Experian revealed the 16% of adults had fallen victim to a phishing scam, had personal data taken to use offline or had an account hijacked. Click here to read more.

Wednesday, November 26, 2014

Cyber Security: Hackers work to turn holiday shopping boom into boon for data thieves

As Americans collapse onto their couches this week after a marathon day of shopping, they'll leave behind the telltale evidence of another Black Friday in the books: a nearly infinite number of credit machines on the verge of exhaustion from all the activity. While consumers will have spent their day gathering bargain deals and gifts for friends and families, the machines have been busy gathering data. Hackers will be busy, too, trying to get their hands on that data. Read the article here.

Tuesday, November 25, 2014

Cyber Security: One in six smartphone users victim of cyber attack

One in six smartphone users in the world have fallen prey to a cyber attack, reveals a new study, adding that 60 percent of smartphone users and almost half of tablet users are vulnerable to hacking as these devices have no protection against malicious software. According to the findings by global information services firm Experian, the cyber attacks range from phishing emails to session hijacking attacks where a user's web browsing is interrupted by a hacker, monitored or even hijacked. Read more here.

Monday, November 24, 2014

Cyber Security: Sony Paralyzed By Computer Hacker Attack With Ominous Message

Things have come to a standstill at Sony today, after the computers in New York and around the world were infiltrated by a hacker. As a precaution, computers in Los Angeles were shut down while the corporation deals with the breach. It has basically brought the whole global corporation to an electronic standstill. Click here to read the article.

Cyber Security: ICS-CERT Vulnerability Summary for Week of November 17

Click the link below to view the summary of cyber security vulnerabilities for the week of November 17 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-328

Friday, November 21, 2014

Cyber Security: Next year's DDOS attacks to come from Vietnam, India and Indonesia

Vietnam, India and Indonesia might not have the most advanced Internet infrastructure, but they do have a large number of insecure smartphones coming online, making them the big botnet sources for next year's distributed denial of service attacks, according to a report released by Black Lotus Communications, a DDOS mitigation vendor. "They have a lot of young people just getting their smartphones, specifically Android smartphones," said Frank Ip, the company's vice president of business development. These new users are more susceptible to phishing, and are less aware of how to secure their devices, he added. Read more here.

Thursday, November 20, 2014

Cyber Security: Online shoppers should stay vigilant against privacy hackers

More of you are expected to shop online this holiday season and that means more vigilance is needed to protect your private information, a Wheaton expert said. A National Retail Federal survey said 56 percent of responding consumers plan to shop online this holiday season, compared to 51.5 percent last year, and the most in the survey's 13-year-history. Read the article here.
 
 

Wednesday, November 19, 2014

Cyber Security: 10 ways to protect your Devices and Data

Gee, it used to be just your desk computer that needed protection from cyber thugs. Now, your connected thermostat, egg tray monitor, teen’s smartphone, garage door opener, even baby monitor, are all game for cyber creeps. Click here to read about 10 ways to help protect your devices and data from hackers.

Tuesday, November 18, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of November 10

Click the link below to view the summary of cyber security vulnerabilities for the week of November 10 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-322

Cyber Security: Hackers targeting businesses, consumers

Several people will visit stores in the next few weeks. And already this year, hundreds of thousands of people have fallen victim to security breaches at major retailers. Experts said there are ways to make sure your debit and credit cards are safe. Read the article and watch the video here.

Monday, November 17, 2014

Cyber Security: State Department shuts down email system after suspected hacker attack

The State Department has shut down its entire unclassified email system after a suspected hacker attack, the latest in a string of federal agencies to suffer a security breach. Read the full story here.

Friday, November 14, 2014

Cyber Security: What CIOs Can Learn From the Biggest Data Breaches

A postmortem analysis of some of the biggest recent data breaches offers IT leaders several pieces of advice for staying a step ahead of hackers. We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn't always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a similar headline. Click here to read more.

Thursday, November 13, 2014

Cyber Security: US weather system hacked, affecting satellites

The National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block the attackers, government officials were forced to shut down some of its services. Read more here.

Wednesday, November 12, 2014

Cyber Security: China hackers target rights groups, say Canadian researchers

Chinese hackers are attacking activists, journalists and human rights groups using many of the same techniques they apply to steal state secrets and spy on corporations, a Canadian technology research group said on Tuesday. The difference is that those groups lack resources to defend themselves against sophisticated intrusions and face greater risk from exposure, according to Citizen Lab, which researches the use of political power in cyberspace. Read the fully story here.


Tuesday, November 11, 2014

Cyber Security: The Need for Cyber Security Awareness by Michael Gasparovic, Consultant for Invensys Critical Infrastructure & Security Practice

Michael Gasparovic, Consultant for Invensys Critical Infrastructure & Security Practice, discusses the need for cyber security awareness.


The Need for Cyber Security Awareness

In today’s environment, where nearly everyone utilizes personal computing devices—from desktop computers to smart devices—and security failures are becoming daily occurrences, it is imperative to raise the user’s cyber security awareness and adherence to security policies and procedures. 

 
In many industries, there are many satellite locations that sit outside the focus of the corporate center.  Many of these locations are understaffed, and employees feel that cyber security is an additional burden that they do not have time for.  These locations present easy targets for today's skilled hacker.  Firewalls and other security controls provide baseline protection; however, they can be rendered useless if a user misuses their access or fails to protect resources, such as user IDs or passwords. 

 
To raise awareness, companies should provide regular training that is consistent company-wide and reinforces the security policies and procedures that are in place.  This training should not focus on the details of regulations, but rather focus on the general requirements and good practices users should take away and make part of their daily routine. 

 
Cyber security awareness provides a foundation for addressing the fundamental principles of cyber security—protecting the confidentiality of information, ensuring the integrity of information, and ensuring the availability of information and resources.  By raising cyber security awareness, a company can minimize the cost of security incidents and assure the consistent implementation of security controls throughout the organization.

 

Cyber Security: Simulated terrorist cyber-attack on London

A cyber-detonated terrorist attack on the UK's critical infrastructure targeting key landmarks in London will be at the heart of the 2015 Cyber Security Challenge UK Masterclass, with some 42 of the country's most talented amateur cyber-defenders seeking to thwart the attack in real time. Click here to read the article.

Monday, November 10, 2014

Cyber Security: USPS Hit By Cyber Attack

The U.S. Postal Service said today it has been the victim of “a cyber-security intrusion” that exposed the personal information of some 800,000 employees. The FBI is investigating the source of the attack, but a source briefed on the incident told ABC News it appears to have originated in China and has been going on for the last two months. Read the article here.

Cyber Security: ICS-CERT Vulnerability Summary for Week of November 3

Click the link below to view the summary of cyber security vulnerabilities for the week of November 3 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-314


Friday, November 7, 2014

Cyber Security: 12 percent of businesses have no cyber attack defenses

Twelve percent of financial executives surveyed said their companies have no cyber attack defense plans. Other findings from the Association for Financial Professionals survey:
  • 62 percent of businesses have been subject to a cyber attack or an attempted attack during the last year.
  • 71 percent of companies have increased spending to combat attacks, with 25 percent increasing it by at least 50 percent.
  • 15 percent have increased their cyber insurance.
  • 31 percent carry no cyber insurance.
Click here for a link to the full survey results.


Thursday, November 6, 2014

Cyber Security: Badly secured routers leave 79 percent of US home networks at risk of attack

As many as four out of five internet-connected households in the US could be at risk of attack through their wireless router. This is among the findings of a study by security specialist Avast which found that more than half of all home routers are poorly protected using default or easily hacked password combinations such as admin/admin or admin/password. Read the article here.

Wednesday, November 5, 2014

Cyber Security: 6 things we learned from this year's security breaches

According to the Open Security Foundation, three out of 10 of the all-time worst security breaches happened this year. That includes 173 million records from the NYC Taxi & Limousine Commission, 145 million records at Ebay, and 104 million records from the Korea Credit Bureau. And that's not counting the 1.2 billion user names and passwords reportedly stolen by Russian hackers, or the 220 million records recently discovered stolen from gaming sites in South Korea. 2014 is well on its way to replace 2013 as the highest year on record for exposed records, according to the Open Security Foundation and Richmond, Vir.-based Risk Based Security Inc. Click here to read the article.



Tuesday, November 4, 2014

Cyber Security: Add data breaches to holiday shopping stress

With the holiday shopping season on the horizon, many retailers soon will be dishing out deals and special promotions to get shoppers in the spending spirit. But what consumers seem to really want for Christmas this year is to keep their personal financial information out of the hands of hackers. CreditCards.com, a credit-card comparison website, recently conducted a survey of 865 credit and debit card holders, and 45 percent said they would not shop this holiday season at retail chains that had been affected by major data breaches. Read more here.

Monday, November 3, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of October 27

Click the link below to view the summary of cyber security vulnerabilities for the week of October 27 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-307


Cyber Security: Small firms also face cyber attack

It’s not just big businesses such as JPMorgan Chase, Target, Neiman Marcus and Home Depot that are hacked. Small companies suffer from intrusions into their computer systems, too. The costs associated with computer and website attacks can run well into the thousands – and even millions – of dollars for a small company. Many small businesses have been attacked – 44 percent, according to a 2013 survey by the National Small Business Association, an advocacy group. Those companies had costs averaging $8,700. Click here to read the full story.




Friday, October 31, 2014

Cyber Security: Many firms still unprepared for cyber attack, survey shows

More than a third of organizations have no real-time insight on cyber risks necessary to combat rising threats, a survey has shown. These organizations also lack the agility, budget and skills to mitigate known vulnerabilities to prepare for and address cyber security, according to EY's latest annual Global Information Security survey. Read more here.

Thursday, October 30, 2014

Cyber Security: Online Security Experts Link More Breaches to Russian Government

For the second time in four months, researchers at a computer security company are connecting the Russian government to electronic espionage efforts around the world. In a report released on Tuesday by FireEye, a Silicon Valley firm, researchers say hackers working for the Russian government have for seven years been using sophisticated techniques to break into computer networks, including systems run by the government of Georgia, other Eastern European governments and militaries, the North Atlantic Treaty Organization and other European security organizations. Read the article here.

Wednesday, October 29, 2014

Cyber Security: Targeted cyber attacks on the rise

All companies have to fend off the viruses and malware floating around the modern Internet. But a growing number face much more targeted attacks, in which hackers take aim squarely at them. Twelve percent of companies participating in an annual cyber security survey from Kaspersky Lab and B2B International reported experiencing a targeted attack during the last year. That’s up from 9 percent in 2013. Click here to read the article.

Tuesday, October 28, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of October 20

Click the link below to view the summary of cyber security vulnerabilities for the week of October 20 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-300


Cyber Security: Asia Pacific countries most vulnerable to advanced cyber attacks

229 days of plundering and phishing data. That is how long it takes for advanced hackers to remain undetected before being discovered, exposing organizations to potential malicious activity for months. Besides the alarming statistic uncovered by network security company FireEye, its other reports have revealed that Asia Pacific countries are more susceptible to advanced-cyber attacks than the world as a whole. Read the article here.