As technology advances at an incredible pace and industries transform, Powel encounters challenges as well as opportunities for innovation. An extremely important part of this transformation is information (IS) and operational technology (OT) security. It is critical to Powel’s business and by extension, to everyone who builds or deploys products at Powel. In a world of sensors and IoT, big data, analytics and mobile, security becomes the number one job.
Following the recent WannaCry ransomware attack and claims that last year’s Ukrainian power outage was merely a dry run, cyber security is at the forefront of people’s mind like never before. Yet, poor security and lack of cyber security awareness means that many businesses are still at risk from a big attack.
Is your business one of them?
Keep your data safe
“Many of our customers manage infrastructure classified as critical national infrastructure and increasingly, we experience that security is often the first conversation customers want to have,” says Kevin Gjerstad, CTO in Powel. “Many are apprehensive about a hyper-connected world with data in the cloud. They are unsure how Powel and our cloud platform Microsoft Azure will keep their data safe.”
Several studies show that a large percentage of companies do not conduct regular cyber risk trainings or vulnerability assessments. Which, to some commentators, is equal to inviting the cyber criminals in. With cyber criminality becoming ever more sophisticated, proper security measures are an absolute must.
Powel recently appointed our first Chief of Cyber Security, just the latest step in a list of security measures we have undertaken over the last few years. Mike Loginov, a certified award-winning CISO, is a renowned security expert who will work to help protect both Powel and our customers from attacks. He will both advise on and implement security measures internally, but will also assist any of our clients that feel they require advice or assurances.
Although breaches of cyber security can cause a lot of damage, the good news is that knowledge, awareness and implementation of even small cyber-security hygiene measures will make your business safer straight away.
The problem with IoT
The advent of Internet of Things (IoT) means that the world and everything in it is increasingly becoming more connected. Gartner Inc. forecasts that by 2020 the number of things connected to the internet will reach 20.8 billion. For all the exciting possibilities and opportunities this development brings, these connected devices also present us with a number of challenges. Security is one area where IoT has the potential to create problems.
“The problem with many IoT devices is that they have default login credentials which makes it much easier for a botnet to guess the login credentials of the users,” says Loginov. “This type of attack and so-called brute force attacks are a common tactic used by adversaries. Essentially, it is a systematic approach used by hackers to harvest the login credentials of their victims. Bots capable of trying thousands of combinations of credentials within a minute are one example of the techniques used in these types of attacks, and feeds the volume of compromised login credentials available for sale on the dark web,” says Loginov.
The easiest way to limit the risk of a brute force attack substantially is simply to choose a strong password. “This should consist of at least 15 random characters including alphanumeric keys, symbols, capital and small letters,” says Loginov, who also recommends using a two-factor authentication system along with other measures to limit the prospect of a dictionary or brute force attack.
Both computers and people are targets
When it comes to IT and OT security, you are only as secure as the least aware employee. Are your employees trained and aware? Phishing attacks and attempts at social engineering may well be aimed at individuals, but they have potential devastating effects on your business.
Phishing attacks are probably the type of attacks most people are familiar with. However, familiarity does not mean that people are not still being tricked. As late as March 2017 both Facebook and Google fell victims to a phishing attack, where they were tricked into paying the scammer over $100Million. Through phishing e-mails, the attacker, who was caught by the authorities, faked his identity as an employee of a firm that used to work for Facebook and Google through phishing emails.
The hacker in a phishing attack sends e-mails usually disguised as someone you trust or sometimes as a promotional offer forcing the target to take some action. The action could be either entering login credentials, opening an attachment or etc. And as soon as the action is taken, the hacker can steal your login credentials, download a spyware or a malware on your computer and even install a Trojan into your device making it a DDoS master to infect more IoT devices!”
Another broader type of attack that takes advantage of the vulnerability of employees is a social engineering attack.
This is a broad term, which includes all the tricks used by hackers to get sensitive information off the victims. These attacks are aimed at fooling humans rather than machines and it refers to psychological manipulation of people into performing actions or divulging confidential information. An e-mail with a link to download a paid software for free is one example of social engineering attack. Someone talking their way into company premises under false pretences is another.
“Computers are getting better at identifying dubious attachments or rogue links, and this is driving attackers towards the easier and more cost-effective approach of directly fooling humans,” says Loginov. “Unfortunately, the ability to fool humans is an art perfected since the dawn of time and at its core it has not evolved very much. People still fall victims to the same old reworked scams.”
Let Powel help you stay safe
Powel takes security seriously and we are in the throes of a big security push. This includes training, implementation of best practice processes and security consultancy to our customers. We will do everything in our power to ensure your data, IT and operational technologies stays safe – always.
“You know you could reduce your chances of being victimised just by staying aware of the best security practices and this is exactly what we aim to provide. Reading a bit about security practices, changing your passwords and patching systems regularly, consulting security experts once in a while is a must if you wish to stay safe,” Loginov finishes.
As an innovator in the world of technology, Powel recognise the security need and offers a managed security service (MSS) where we deploy a well-proven seven-step process to ensure the Hacker Hardening(TM) and certification of your organization against the risk of a significant cyber compromise.
Please contact us for further information.