Tuesday, December 30, 2014

Cyber Security: Banks, oil & gas, governments most vulnerable to cyber-attacks, Cisco says

Banks and other financial institutions, oil and gas firms as well as governments in Nigeria have been identified as the most vulnerable to cyber attacks by a Cisco report released yesterday. These sectors were among the global list of industries susceptible industries to cyber security across the globe according to the Cisco 2014 Security Report. Read the article here.

Monday, December 29, 2014

Cyber Security: Low-risk cyber security issue found at nuclear plant

Personnel at the PPL Susquehanna Steam nuclear power plant in Salem Township are working to address a low-level security violation discovered by the U.S. Nuclear Regulatory Commission during a recent inspection at the facility. The violation was related to cyber security, and PPL spokesman Joe Scopelliti said it was a low risk infraction. Read more here.

Friday, December 26, 2014

Cyber Security: FBI warns Iranian hackers targeting defense, energy, and education

Pondering the saga of Stuxnet, the nuke-flustering virus that drove Iran's atomic mullahs to distraction, the Economist (by way of Business Insider) mused that the future of cyber-warfare could involve attacks on vulnerable infrastructure systems, mimicking the way Stuxnet made those Iran WMD factories "go nuts and damage themselves." Read more here.

Tuesday, December 23, 2014

Cyber Security: 2015 cyber risk and data protection predictions

Businesses in 2015 are expected to experience increasing challenges as they struggle to contend with the burgeoning threat of complex cybercrime. EY analysis has outlined some of the key areas that cyber risks threaten to impact in the coming year, including the difficulties in the insurance sector of underwriting cyber risk, the raft of regulation coming out of both the EU and the UK, the importance of integrated risk functions in firms, and the cyber risk of supply chains moving to the cloud. Click here to read more.



Monday, December 22, 2014

Cyber Security: Gov't beefs up cyber-security after website attacks

The Government of Jamaica (GOJ) says it is implementing a raft of measures to address the issue of cyber security, following an attack on more than 10 government websites three weeks ago. “Upon becoming aware of the attacks, the ministry immediately moved to implement several measures to safeguard against further attacks,” Minister of State in the Ministry of Science, Technology, Energy and Mining, Julian Robinson said. Read more here.

Friday, December 19, 2014

Cyber Security: Payment Card Gateway Firm Hacked

The latest retail breach is not a retailer, per se, but it's in the ballpark. Charge Anywhere, a company that provides electronic payment gateway solutions to retailers and other merchants, is reporting that criminals infiltrated its system five years ago, putting unencrypted payment card of payment card data it holds is an absolute priority and has apologized for the incident, it seems breaching the data was also the cybercriminal's priority -- and the criminal won the security match. Read the article here.

Thursday, December 18, 2014

Cyber Security: Holding masses of data, cybercriminals face new hurdles to cashing out

After Sony Pictures Entertainment's computer network was breached in late November, it appeared the hackers wanted to blackmail the company. Apparently Sony Pictures didn’t give the hackers what they wanted, and gigabytes of data were posted online, including a spreadsheet of all of the company’s employees and their salaries. Though the Sony hackers apparently did not get what they wanted, data clearly has a value. But determining its value depends on a variety of factors. And it’s not as easy as it used to be to cash out. Read more here.

Wednesday, December 17, 2014

Cyber Security: Hiring 'Good' Hackers To Find Flaws

With cyber attacks seemingly getting worse every day, a bidding war has broken out between Silicon Valley tech giants and black marketeers for the talents of hackers who spot software vulnerabilities that can be used to steal everything from corporate trade secrets to consumers' financial information. Increasingly, local firms -- including Google, Facebook and Mozilla -- are offering "bug bounties" worth thousands of dollars to outside code crunchers who spot such flaws. Click here to read the article.

Tuesday, December 16, 2014

Cyber Security: Sony hackers preparing large 'Christmas Gift'

The Sony hackers released a seventh dump of files online Saturday morning and promised a larger "Christmas gift" that will "put Sony Pictures into the worst state." It's unknown what exactly the stolen documents released on Saturday were but, according to Re-Code, they may have consisted of files relating to the video site Crackle and former Sony exec Jim Underwood, who now works at Facebook. Click here to read more.

Monday, December 15, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of December 8

Click the link below to view the summary of cyber security vulnerabilities for the week of December 8 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-349

Cyber Security: The Global Cyber Advisor Newsletter - November 2014 Vol. 38

Welcome to the latest Global Cyber Advisor Newsletter!

You can’t open the news today without coming across various serious cyber events.   From loss of production to loss of critical information, you can’t ignore the impacts to the world we live in.  Our clients are tasked daily with protecting their environments from cyber attacks or espionage.  We understand that our products must support the latest cyber security functions and features but our scope of cyber security relevance cannot be exclusive to only what products we install/sell.   A cyber secure industrial site is secure, not because the systems in place support various cyber features but because those secure systems are part of a much larger, more comprehensive, cyber security plan and approach. Schneider Electric has a team that can help our clients with the larger cyber security approach and ensure that our software and hardware solutions are installed, positioned, and supported correctly to reduce our clients' overall risk profile along with ours as a provider.

Continuously Secure:   We continue to prove to the industry that we stay vigilant and help our customers develop their cyber strategies and secure their process environments. We have staff to help our clients on a global basis to assess, design, implement and manage their cyber posture. We have developed suites of products with complementary consulting, which are unmatched in the industry.   

This month's Consultant's Corner is by Charles Smith: “Are Firewalls and Anti-Virus Products Relics of the Past?”
                                                                                             
The Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with their entire cyber security program. We have essentially the industry’s largest vendor-based cyber security team that assists our clients secure their entire process environment. We understand that cyber security extends beyond a single system and our valued clients need assistance and advice in how to secure their entire plant infrastructure.   Cyber security is so much more than product features, firewalls and anti-virus software. 

If you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the November 2014 newsletter.


Friday, December 12, 2014

Cyber Security: Companies Should Assume Cyber Attackers Are Already Inside

Companies seeking to shield valuable data from criminals and government spying should assume the attackers have already penetrated their systems and adjust defensive strategies, security firms McAfee and Symantec Corp. said. "You must assume something is going on and you have to start looking for it," Patty Hatter, chief information officer and senior vice president of operations at Intel Corp.'s McAfee, said today at the Bloomberg Enterprise Technology Summit in London. Click here to read the full story.

Thursday, December 11, 2014

Cyber Security: One Step Closer to the End of Passwords

Are usernames and passwords soon to be a thing of the past? If advancements in cryptography proceed at their recent pace, they might be. The Mountain View, California-based FIDO Alliance, an industry group pushing for an alternative to username and password logins, this week published final specifications of a universal standard for accessing sites and online services more securely. Read the article here.

Wednesday, December 10, 2014

Cyber Security: Cyber attacks to worsen in 2015, McAfee researchers say

A series of spectacular cyber attacks drew headlines this year, and the situation will only worsen in 2015 as hackers use more advanced techniques to infiltrate networks, security researchers said yesterday. Click here to read the article.

Tuesday, December 9, 2014

Cyber Security: Passwords key to home computer security - tips to create the tough-to-break password

American author and astronomer Clifford Stoll has been quoted as saying, “Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.” While some people may want – and are likely required – to change their computer passwords more than twice a year, Stoll’s words are still good ones to live by, given our current state of technology, growing sophistication of hackers and rising number of computer system security breaches. Click here for tips on how to create a tough-to-break password.

Monday, December 8, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of December 1

Click the link below to view the summary of cyber security vulnerabilities for the week of December 1 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-342

Cyber Security: Another retailer confirms a data breach of customer info

Bebe says attackers managed to steal customer names, card numbers, expiration dates and verification codes for cards swiped in stores between November 8th and November 26th of this year in the U.S. and U.S. Virgin Islands. Read the article here.

Friday, December 5, 2014

Cyber Security: A Good Cyber Defense Can Protect Pharmaceutical and Medical Device Companies

The inability to keep data safe can undermine the results of a clinical study and an organization’s ability to generate new products and ensure the safety of existing ones. Much of the world’s critical infrastructure and vital goods are at significant risk of cyber security threats. Add to this discomforting list of threats to medical devices and pharmaceutical manufacturing.

Some companies in different industries underestimate the threat of cyber attacks believing falsely that because their control and monitoring systems are not connected to the Internet, they many not be subject to traditional hacking. “The big theory is that there is no technology connection between us in the plant and others in the outside world so our control systems are safe,” said Doug Clifton, global director, critical infrastructure and security practice at Schneider Electric.

Read the full article here.


Thursday, December 4, 2014

Cyber Security: Automakers aim to drive away car computer hackers

Against the team of hackers, the poor car stood no chance. Meticulously overwhelming its computer networks, the hackers showed that - given time - they would be able to pop the trunk and start the windshield wipers, cut the brakes or lock them up, and even kill the engine. Their motives were not malicious. These hackers worked on behalf of the U.S. military, which along with the auto industry is scrambling to fortify the cyber defenses of commercially available cars before criminals and even terrorists penetrate them. Click here to read the article.

Wednesday, December 3, 2014

Cyber Security: Hacker claiming ties to Anonymous forces Toronto police website offline for hours

The Toronto Police Service's website went offline Sunday after a Twitter user who claims to be connected with the hacker group Anonymous threatened to infiltrate it. The City of Ottawa website was hacked late last month, with the name of an Ottawa police officer involved in a 'swatting' investigation displayed beside a dancing banana. Read more here.

Tuesday, December 2, 2014

Cyber Security: ICS-CERT Vulnerability Summary for Week of November 24

Click the link below to view the summary of cyber security vulnerabilities for the week of November 24 as collected and reported by ICS-CERT.

https://www.us-cert.gov/ncas/bulletins/SB14-335

Cyber Security: Anonymous pledges more attacks in Canada

The Anonymous hacker group that took credit for the cyber attack on Ottawa City Hall has pledged eight more targets in Canada, including Ottawa Police and the Supreme Court. Click here for the full story.

Monday, December 1, 2014

Cyber Security: One in six adults 'fallen prey to a cyber attack'

One in six adults has been stung online and been the victim of a cyber attack, fresh data has shown. Global information services Experian revealed the 16% of adults had fallen victim to a phishing scam, had personal data taken to use offline or had an account hijacked. Click here to read more.