Cyber Security Awareness Month 2018: Have We Become Apathetic to Breaches?

Another day, another breach. It’s sarcastic, it’s satirical, but it’s also real. Barely a day goes by where we don’t hear of a new breach.

Credit Card Data & Identity Theft: The Cyber Attacks of Yesteryear 

Organizations are infiltrated, probed and leveraged with shocking regularity. This is not a new phenomenon as mainstream hacking in various forms have been happening for decades.  What has changed over the past few years though, is the advent of silence. With each colossal breach, public outcry seems to become more muted. Sometimes, it does not even make the news.

October is National Cyber Security Awareness Month, and it's important to ask ourselves the question: Have we become too used to and too apathetic to the trajectory of the breach?

If we were discussing hacking attempts even a decade ago, the types of hacks we saw focused on credit card data, identity theft and corporate espionage. We saw Heartland Payments suffer a major breach that exposed millions of payment credentials.

Arguably, with that breach and others like it, the average person saw for the very first time that it was not just corporate data that was at risk, but personal identities and credit cards. An incensed population began to demand companies secure their personal information, because the consumerization of the threat was a clear and present danger.

The Transition from IT to OT Surfaces: The New Face of Sophisticated Attacks

Today, the target of a breach is moving from IT to OT infrastructures. The infrastructure that supports our day to day lives such as electricity, clean water, our cars, the buildings we work or live in, are in the hacking crosshairs. With the advent of the IIoT, literally everything we have come to rely on, is connected to a network and thus is vulnerable to a potential attack.

The types of control systems that essentially manage critical infrastructure facilities were designed decades ago, and can very easily be penetrated, disabled, and manipulated. With this in mind, today's cyber attacks are no longer about data and privacy issues. Today, it's about safety and life-threatening situations.  

For instance, the Kemuri Water Plant was hacked and had chemical levels changed in the water treatment process. An electric transmission station north of the city of Kiev was hacked blacking out a fifth of its total power capacity. And in Houston a cyberattack on a shared data network forced four of the nation’s natural-gas pipeline operators to temporarily shut down computer communications with their customer.

With more sophisticated attacks on a new attack surface, why is there a lack of public outcry?

Is ignorance bliss?

Growing up, I lived near an airport. Planes flew overhead regularly and it unnerved some of my friends because of the regular jet noise above us.

It was never an issue to me, because I was used to it. This is not unlike these regular OT security incidents. People either do not hear about breaches anymore, or they tune them out. They are ever-present, thus unfortunately becoming background noise.

Be #CyberAware: Take Part In National Cyber Security Awareness Month 

October is Cyber Security Awareness Month and thus it is important that as individuals and as organizations supporting the daily infrastructure which supports our way of life, that we recognize that without the knowledge of the threat it is hard to secure against these breaches.

In order to bring awareness to industrial cyber security, we created a video series, featuring our CEO, Barak Perelman, in which he explains the implications of a cyber attack on various critical sectors.

CyberAware Video Part ICyberAware Video Part 2CyberAware Video Part 3

 Video Oct 23 Video Oct 30

Indegy is a company that focuses on ensuring the visibility, security and control of OT operations. We have partnered with the DHS to help spread the awareness this month of the threat that is growing in intensity and impact. 

To learn more about how you can automatically gather the most comprehensive and critical information about every asset on your network, download the Indegy Device Integrity brochure.

Industrial Security