A sobering reminder about cybersecurity

Breaches of the MGM and Caesars hotels and casinos in Las Vegas are recent examples of increasingly sophisticated, aggressive, and costly cyberattacks against businesses and institutions – including hospitals. It’s been reported the ransomware group that hacked the casinos has also been responsible for recent attacks on companies in manufacturing, retail, and technology. The resurgence of business-crippling cyberattacks is a sobering reminder that October is National Cybersecurity Awareness Month (NCSAM) – an initiative the U.S. Department of Homeland Security and the National Cybersecurity Alliance launched in 2004 to prioritize safeguarding online interactions.

Sam Heiney, vice president of product and a cybersecurity expert for Impero Software (https://www.imperosoftware.com/us), offers this assessment of the MGM and Caesars cyberattacks. “It appears the hackers made use of social engineering to get into the systems – first impersonating an employee on LinkedIn and then contacting the help desk (a vendor shared by both companies) and pretending to have lost their password to get into the account, claim additional credentials, and gain increasing control.”

Is manufacturing at greater risk for such attacks? Heiney replies, “Regardless of the industry, all it takes for the hackers to win is for one link in the larger cybersecurity fence to be compromised, and the whole wall will come tumbling down.” He adds manufacturing has much to consider as it becomes increasingly dependent on connected technology.

“Industry 4.0 – and the smart factories that emblemize it – has already demonstrated the ability to increase overall production by as much as 7x, but those gains come with equal risks for those who neglect cybersecurity. Every new piece of technology on the factory floor (e.g., Internet of Things [IoT] devices, sensors, robots, security systems, cameras, printers – even heating, ventilation, and air conditioning) also creates a potential door into the heart of the system if left open.”

To keep that door safely shut, Heiney says zero-trust, secure access service edge (SASE), and other newly defined security approaches can provide secure access and interconnectivity. “These new strategies are built on foundational security principles using encryption, network segmentation, and various levels of access control to create layered security that bends and evolves without breaking.”

Heiney says everyone can improve their security by focusing on the basics. “Patch and upgrade your systems. Train your users about the dangers of phishing and malware. Improve role-based access controls by adding attribute-based controls such as date, time of day, and location.”

Don Boxley, CEO and co-founder of security software solutions provider DH2i (https://dh2i.com) notes software-defined perimeters (SDPs) are becoming an alternative to virtual private networks (VPNs), eliminating vulnerabilities such as susceptibility to lateral network attacks. SDPs simplify secure network connection and ensure servers, applications, IoT devices, and users gain access only to the data required for their tasks, eliminating lateral paths attackers could exploit. Boxley says adopting SDPs and zero-trust principles can give organizations the robust defenses needed to outpace ever-advancing cyber threats. – Eric