Tenable®, Inc., the Cyber Exposure company, recently discovered a critical remote code execution vulnerability in two Schneider Electric applications used in manufacturing, oil and gas, water, automation and wind and solar power facilities. If exploited, the vulnerability could give cybercriminals complete control of the underlying system. Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.
At worst, miscreants can, potentially, “gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack the critical code running the machine.
For its recently released 2018 State of Cyber Resilience study, Accenture surveyed 4,600 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries. 83% of respondents to the survey agree that advanced technologies are essential and they would commit funding to them if they could. But only 40% are investing in AI, machine learning, and automation technologies to improve their security defenses.
Just as HIPAA compliance does not guarantee security, next-generation firewalls and intrusion detection systems do not make for a comprehensive security program.
Artificial intelligence-powered threat detection and response can be very valuable – as long as it’s researched and deployed with care and planning.
Most leaders in infrastructure-related industries take cyber risk seriously, but their public sector counterparts need to start addressing vulnerabilities with more urgency. Many experts and pundits are already pressuring lawmakers and regulators to take more decisive action across all of our physical systems. Despite this pressure, there are a number of obstacles that need to be addressed alongside the implementation of new policies.
The four telecom companies – Singapore’s Singtel, Japan’s Softbank, United Arab Emirates’ Etisalat and Spain’s Telefonica – are creating the Global Telco Security Alliance. The alliance members say they expect to share intelligence on cyber threats and leverage their global reach, assets and cybersecurity capabilities to serve customers worldwide.
Routers are high value targets for attacks. Given the position routers play in normal network operations,the ability to utilize these devices in man-in-the-middle attacks is extremely attractive for attackers.
Considering the multitude of models router vendors produce — and the difficulty of supporting and updating so many devices — the relative insecurity of routers (particularly devices intended for home or home office use) makes these devices low hanging fruit for hackers.
Cybersecurity jobs are requiring candidates to obtain and maintain certifications in the industry.The following article goes into further detail on which cert to focus on.
Two of the most common questions i’m asked are, “Is having a computer security certification helpful in getting a job or starting a career in computer security?, and if so, “Which certification should someone get?” The answer to the first question is a definite yes. Getting a certification, while not a cumulative showing of your entire experience and knowledge in a particular area, can only help you.
According to the U.S. Department of Labor’s Bureau of Labor statistics,the median pay in 2018 for a cybersecurity analyst is likely to reach well over $100,000.
With 3.5 million cybersecurity jobs expected to open by 2021, employers will continue to seek out prospective job candidates from technical schools and undergraduate programs to fill them.
Sixth-grader Reuben Paul demonstrates how household items and “smart toys” can be easily hacked through insecure Bluetooth and Wi-Fi connections.