Home Tags CYBERSECURITY

Tag: CYBERSECURITY

Cyber-Kinetic Threat
A growing number of today’s entertainment options show protagonists battling cyber-attacks that target the systems at the heart of our critical infrastructure whose failure would cripple modern society. It’s easy to watch such shows and pass off their plots as something that could never happen. The chilling reality is that those plots are often based on real cyber-kinetic threats that either have already happened, are already possible, or are dangerously close to becoming reality. Cyberattacks occur daily around the world. Only when one achieves sufficient scope to grab the attention of the news media – such as the WannaCry ransomware...
Cyber-Kinetic Attacks History
The fact that cyber-kinetic attacks rarely appear on mainstream news doesn’t mean they don’t happen. They happen more frequently than you would think. Many, for various reasons, aren’t even reported to agencies charged with combatting them. This hinders security experts in understanding the full scope and recognizing the trends in this growing problem. We’ll highlight examples of cyber-kinetic incidents and attacks in this chapter. Some were malfunctions that, nonetheless, demonstrated cyber-physical system vulnerabilities. Some were collateral damage from hacking or computer viruses. The vulnerabilities these exposed inspired a growing number of targeted cyber-kinetic attacks in recent years. The Beginning of Cyber-Kinetic...
Cyber-Kinetic Timeline
Below is a timeline of key historic cyber-kinetic attacks, system malfunctions and key researcher demos targeting cyber-physical systems (CPS), Internet of Things (IoT) and Industrial Control Systems (ICS) resulting in kinetic impacts in the physical world. I tried to select only those that were first-of-the-kind or that significantly increased general awareness about a particular type of an attack or incident I know that the list is incomplete. That’s where you come in. If you are aware of an incident or a research that demonstrated something new regarding cyber-kinetic threats or helped significantly raise the awareness, please contact me. For a more...
FinCrime Cyber
The worlds of financial crime and cybercrime are colliding, converging into one. The biggest threat to businesses globally is the new cyber-enabled financial crime. Yet businesses and even financial institutions tasked with protecting our money continue to fight this combined threat with multiple separate defense systems and multiple separate defense teams. The situation is like a military leader trying to fight different enemies on different fronts. While those enemies remain in different fronts, it makes sense to send separate defense forces against them, each focused on fighting only the enemy assigned to it. But what if those enemies merge and...
Cyber-Kinetic Robot
The attacker stepped out from behind a hedge in the upper-class suburban neighborhood, being careful to stay in the shadows. Across the street, the last lights shining through the windows of the house had just flickered out. She tugged the bottom of her black hoodie into place and pulled the hood up over her head, casting her face deeper in shadow. Her target sat in the driveway at the front of the house, a bright red and completely decked out SUV. Glancing up and down the street to ensure no one was looking, she slipped across the street into the...
Security Standards Regulations Guidelines
Below is my attempt to list of all published 5G, IoT and "Smart Everything"-related security guidelines, frameworks and standards. If you are aware of additional entries that should be here, please let me know at [email protected]
Cyber-Kinetic Security, IoT Security, OT Security
We live in a world in which the way we observe and control it is radically changing. Increasingly, we interact with physical objects through the filter of what computational systems embedded in them tell us, and we adjust them based on what those systems relate. We do this on our phones, in our cars, in our homes, in our factories and, increasingly, in our cities. Physical objects are so interconnected that we simply take those connections for granted, as if being able to unlock your car by pushing a button on your key fob, unlocking it with your phone or...
Italian Earthquake Risk Management
We have to ask ourselves; at what point does an unexpected outcome via expert prediction justify a prison sentence? Minutes after I delivered cyber risk assessment results to my Italian client, I heard the news – six Italian scientists and a government official have been sentenced to six years in prison over statements they made prior to a 2009 earthquake that killed 309 in the town of L’Aquila in Italy. The offense? Manslaughter. This group was comprised of well-respected members of the National Commission for the Forecast and Prevention of Major Risks which apparently the public had deemed as being able to...
Cyber-War
“Cyber war” is a term that is in recent days used so liberally that people may often wonder if these words are as menacing as they sound or used only as a tool to incite fear as a way to control a society that increasingly depends on technology. How we prepare and respond to cyber attacks depends on whether we believe we are in cyber war. It influences how we estimate the risks, potential impacts, or insurance premiums. Preparation for and response to cyber war implies government involvement and that might mean handing over the control of our networks to...
Social Engineering
Social engineering doesn't have to be just a supporting process to obtain system access; it is could be even more dangerous when it is used as the main attack. We, information security defenders, rarely consider that risk. If you think Social Engineering is an effective way to obtain access to systems by exploiting the weakest link – people – you are correct. But not completely correct. Social engineering could be much more than what is being discussed in the media or on social engineering awareness sessions. Social Engineering is the most effective way to: obtain information. It’s a subtle difference, but one...
Cyber Risk Management
There is a new danger lurking in the information assets of countless organizations around the globe disguised by a plan devised to protect a large portion of those assets while failing miserably to protect the rest. Zero tolerance approach to cyber security is untenable Traditional approach to cyber security was for a board / management to declare that they have “zero tolerance” for cyber breaches, and for the first line to erect barriers and try to control access to any outsiders. That approach is untenable today. Cyber criminals demonstrated that our perimeter protections are not sufficient. Customer voted for ease for access...
Information Security IT Security
Information security and IT security are often used interchangeably. Even among InfoSec professionals. The terms are interrelated and often share the common goals of protecting the confidentiality, integrity and availability of information, however; there are significant differences between them. IT security is only concerned with the systems that store, process, transfer and make available electronic data. Information security goes far beyond that. It encompasses classification of information across an organization, information security policies and procedures, physical security aspects, legal protections, HR, awareness, and retention of information, regardless of information format. Even when the information is on paper or in employees’ heads. Examples...
Mastodon