In the last few years, executives overseeing energy, utility and other industrial organizations have begun to worry about the threat of cyberattacks on our nation’s most critical infrastructures. Ten years ago, their main concerns were focused on safety or environmental risks. Back then, operators believed the virtual barricades, or air gaps, between networks and technologies were sufficient enough to defend against malware and cyberattacks.
Advocating for the return on investment (ROI) in IT security has traditionally been a challenge for IT professionals to communicate to management. IT teams are responsible for the complicated task of balancing budget limitations with strong protection that will reduce the risk of a cyberattack in today’s dynamic threat landscape. However, according to a recent Kaspersky Lab report, businesses are starting to invest more in IT security rather than treat it as a cost center.
Technology has advanced at an astonishing rate in the last decade, and the pace is only set to accelerate. Capabilities that seemed impossible only a short time ago will develop extremely quickly, aiding those who see them coming and hindering those who don’t. Developments in smart technology will create new possibilities for organizations of all kinds – but they will also create opportunities for attackers and adversaries by reducing the effectiveness of existing controls. Previously well-protected information will become vulnerable.
Researchers from the U.K.-based penetration testing service Pen Test Partners recently attacked a video surveillance system, and they pulled off a fairly scary feat. “We successfully switched video feeds from one camera to another through the cloud service, proving arbitrary access to anyone’s camera,” they wrote.
Don’t know what a penetration tester is? You’re not alone; more than 50 percent of U.S. adults surveyed by the University of Phoenix have never heard of pen testers or “White Hat” ethical hackers, among other cybersecurity job titles, and only about one in 10 survey respondents is “very familiar” with the 11 jobs in the industry queried in the survey.
At its National Cybersecurity Summit in late July, the Department of Homeland Security unveiled its new National Risk Management Center, which will coordinate national efforts to protect U.S. critical infrastructure.
Almost one in 10 U.S. security professionals admits to having considered participating in Black Hat – or cybercriminal – activity, according to the report White Hat, Black Hat and the Emergence of the Grey Hat: The True Costs of Cybercrime, conducted by Osterman Research and sponsored by Malwarebytes.