In the midst of the Covid-19 pandemic, it is clear that hackers are hoping to capitalize on public fear. Whether for profit, data hoarding, or espionage, hackers target individuals and institutions through a variety of virus-related attack methods. In the first three months of 2020, more than 16.000 domains linked to Covid-19 were created. Unfortunately, about half of them, which often appear to be a real news website, can inject malware into a person's device. Malware can compromise a system and steal or even delete available data, disrupt basic system functionality, and secretly track a victim's activities. While Covid-19 is a new vector that hackers can connect to, another area of growing concern is operational technology (OT) – the tools used to control complex systems like power grids and traffic signals. . Bringing systems online that were not originally designed for this can be tricky if not done correctly can leave businesses vulnerable to machines taken offline by hackers or used as a means to bring them online. ''Access the largest corporate network. Protecting OT systems can really mean keeping people alive, so companies should not approach this with a strategy built for data-centric IT systems, but rather effectively integrate their IT and OT protection strategies.
How has Covid-19 changed the security landscape?
Since the outbreak of the Covid-19 pandemic, many companies around the world have moved to employees working from home, often without notice or preparation. Due to the large number of employees accessing networks and sensitive data from various locations around the world, there has been a significant increase in cybersecurity risk. Some workers who now rely on unknown personal devices and unsecured networks could effectively become a back door to their larger company's computer network, thus putting a target on their backs for cyberattacks. While the pandemic hasn't necessarily changed the way cybercriminals operate, we've seen a dramatic shift in where and when they launch their crime. As the virus grew and spread across the world, the attacks also increased. Those linked to the coronavirus first appeared in Asia and then in Eastern and Western Europe.Is the UK's critical national infrastructure vulnerable to cyberattacks?
The UK's Critical National Infrastructure (CNI) has long been a target for those seeking to disrupt or cause damage to the UK. What is different now is the impact of Covid-19. Since the Covid-19 outbreak, additional cyber support has been installed around government infrastructure such as the NHS, which hackers have targeted in abundance. Our Cyber Threat Intelligence team has found that the biggest threat to hospitals today is ransomware attacks, which can bring a hospital to a standstill and kill patients. This critical situation often leads victims to be more willing to pay the ransom, a fact that cybercriminals take advantage of. From a broader CNI perspective, such as nuclear power plants, airports, and power grids, a bigger problem has been managing these systems remotely as lockdowns have been imposed.Does the UK have a cybersecurity skills problem?
Cyber security is not based on a single skill; it's a complex set of skills and different roles require a different set of skills. OT security, for example, is often as much an engineering challenge as a cybersecurity challenge, because you regularly deal with systems that should never have been connected. This can make it very difficult to recruit for a cybersecurity role, especially when there is a clear need for more talent in the industry. According to (ISC), it is estimated that more than four million jobs in the cybersecurity industry are unfilled worldwide, and this skills gap is growing. While there are no quick fixes, the industry must continue to focus on educating companies about the skills they should look for in people, while teaching their own employees about potential threats to be aware of. and how to protect your data, including the ability to detect attacks or suspicious behavior.Is board participation still a problem for online professionals?
For a long time, the biggest battle for IT managers has been educating the board to take the security threat seriously, but ultimately, their encouragement to address security solutions is growing. However, as security professionals on the traditional side of IT management and data protection gain ground, those charged with protecting OT face a bigger battle. Simply put, your factory security is not currently an issue at the board level. However, things are changing and companies are becoming more aware of the operational productivity risk of bringing systems online and the threats that come with it. In the future, expect this to be addressed more at the boardroom level in the years to come.- Gareth Williams, UK Vice President, Secure Communications and Information Systems, Thales.