Lesezeit ca. 6 Min.
arrow_back

Cybersecurity in a changing world


Logo von Business Spotlight
Business Spotlight - epaper ⋅ Ausgabe 7/2022 vom 29.06.2022

TECHNOLOGY

MEDIUM

Artikelbild für den Artikel "Cybersecurity in a changing world" aus der Ausgabe 7/2022 von Business Spotlight. Dieses epaper sofort kaufen oder online lesen mit der Zeitschriften-Flatrate United Kiosk NEWS.

Bildquelle: Business Spotlight, Ausgabe 7/2022

In the early hours of 12 May 2017, a massive cyberattack with a virus called WannaCry hit multiple organizations across the world, including Britain’s National Health Service (NHS). The attack was wide-reaching and very damaging.

According to Europol, WannaCry infected about 200,000 computers in 150 countries in a very short time. The NHS reported that up to 70,000 devices had been impacted, including computers and MRI scanners, with some hospitals having to send ambulances away as a result of the attack.

While it was five years ago, WannaCry is still a warning to businesses that cyberattacks can have dangerous consequences in the physical world. It is not the only one.

The Stuxnet virus, possibly created by the US and/or Israel, was discovered after it attacked an Iranian nuclear facility in 2010.

And in 2021, one of America’s largest fuel pipelines, between Texas and New York, had to ...

Weiterlesen
epaper-Einzelheft 7,99€
NEWS Jetzt gratis testen
Bereits gekauft?Anmelden & Lesen
Leseprobe: Abdruck mit freundlicher Genehmigung von Business Spotlight. Alle Rechte vorbehalten.
Lesen Sie jetzt diesen Artikel und viele weitere spannende Reportagen, Interviews, Hintergrundberichte, Kommentare und mehr aus über 1050 Magazinen und Zeitungen. Mit der Zeitschriften-Flatrate NEWS von United Kiosk können Sie nicht nur in den aktuellen Ausgaben, sondern auch in Sonderheften und im umfassenden Archiv der Titel stöbern und nach Ihren Themen und Interessensgebieten suchen. Neben der großen Auswahl und dem einfachen Zugriff auf das aktuelle Wissen der Welt profitieren Sie unter anderem von diesen fünf Vorteilen:

  • Schwerpunkt auf deutschsprachige Magazine
  • Papier sparen & Umwelt schonen
  • Nur bei uns: Leselisten (wie Playlists)
  • Zertifizierte Sicherheit
  • Freundlicher Service
Erfahren Sie hier mehr über United Kiosk NEWS.

Mehr aus dieser Ausgabe

Titelbild der Ausgabe 7/2022 von Thinking big. Zeitschriften als Abo oder epaper bei United Kiosk online kaufen.
Thinking big
Titelbild der Ausgabe 7/2022 von The other London underground. Zeitschriften als Abo oder epaper bei United Kiosk online kaufen.
The other London underground
Titelbild der Ausgabe 7/2022 von Managing Russia’s war economy. Zeitschriften als Abo oder epaper bei United Kiosk online kaufen.
Managing Russia’s war economy
Titelbild der Ausgabe 7/2022 von Is China turning away from English?. Zeitschriften als Abo oder epaper bei United Kiosk online kaufen.
Is China turning away from English?
Mehr Lesetipps
Blättern im Magazin
Design thinking –
Vorheriger Artikel
Design thinking –
Castles in the sand
Nächster Artikel
Castles in the sand
Mehr Lesetipps

... shut down after being hit by ransomware.

Today, there are fears that similar cyberattacks could take place following Russia’s invasion of Ukraine. In fact, as the West implemented sanctions, US President Joe Biden explicitly warned companies and organizations to be alert to the danger of Russian hackers.

TAKEAWAYS

CYBERSECURITY TIPS

Focus on passwords: Use unique passwords for each account and enable multifactor authentication.

Don’t forget to update: Update apps and operating systems when available. This protects you from known weaknesses.

Stay security aware: Look at every email critically, especially emails that ask you to open or click on something. Also, think carefully about data you share on social media.

Keep up to date: Know what threats may be relevant to your organization. Have a plan ready, including backups to help if ransomware hits.

Monitor connected devices:

Consider every connected device in your business or home and be sure to change default passwords and keep security up to date.

If you think you’ve been hacked:

Disconnect your LAN cable or Wi-Fi.

If you’re at work, inform IT and wait for instructions.

Cyberattacks aren’t new, but the stakes are higher today because of what’s called the IT/OT convergence — more and more devices (operational technology) in the physical world are connected to the internet and become potential targets. What are the biggest risks today? Who has the best cyber-capabilities?

And how can businesses and individuals protect themselves?

Who’s who in cyberwarfare?

Cybersecurity is complex. Various players have different methods and aims, such as spreading disinformation, slowing or shutting down systems through so-called distributed denial of service (DDoS) attacks, stealing business or government secrets (cyberespionage), or cutting off access to systems and demanding payment for unlocking them (ransomware).

For businesses, adversaries include “hacktivists”, such as the infamous Anonymous group, cybercriminals and even state-sponsored actors. The most serious state-sponsored threats to Western businesses are thought to come from China, Russia, Iran and North Korea (CRINK).

One state-sponsored actor is known as Fancy Bear, a group with links to Russian military intelligence, who are accused of trying to influence the 2016 US presidential election. Another group is the China-linked APT41, known for cyberespionage.

“Their main aim is to obtain sensitive information on other state actors and use this to benefit their national security and political goals,” says Monika Rihma, director of Audere International, commercial intelligence and investigations specialists based in London. “They are equally interested in obtaining commercially sensitive information,” she adds. It is not unusual to see this data sold on the underground criminal internet known as the Dark Web.

“State-sponsored adversaries are usually aligned with the policy aims of their governments,” says Ian Thornton-Trump, chief information security officer at Cyjax, a British threat-intelligence company. “Aims can include disinformation or espionage targeting the military-industrial complex, regional and federal governments and any organization critical of the regime.”

Historically, state-backed groups have focused on stealing information, hacktivists on disrupting services and cybercriminals on monetary gain, says Etay Maor, senior director of security strategy at Cato Networks, specialists in security solutions.

“But recently, the picture has been much more complicated. Today, you can find government groups engaging in money theft, hacktivists stealing data and cybercriminals being hired for just about any cause.”

Why cyberattacks are everybody’s business

Successful cyberattacks can be extremely damaging, and preventing them is a high priority for all businesses and governments. Along with the US, Germany is among the most targeted countries. According to the German Mechanical Engineering

Industry Association (VDMA), 46 per cent of the companies surveyed in Germany were victims of a cyberattack at least once in 2021.

The current geopolitical climate with the war in Ukraine has increased the risks further for some industries.

For example, says Thornton-Trump, some organizations are at risk through outsourced functions, offices or supply-chain partners in Russia or Belarus.

Private individuals aren’t safe either.

Anyone can have their Facebook account hacked, and personal data is often found for sale on Dark Web forums. Facebook accounts have frequently been used to trick friends and relatives into sending money. And hacks can be much more damaging if people use the same password for different accounts.

In many households, lots of devices are connected to the Wi-Fi network — including smart TVs, security cameras and voice assistants like Amazon’s Alexa. Many of these devices don’t have the best security and use default passwords that aren’t safe. And as 5G mobile networks expand, the number of connected devices is growing fast. All of them need security to reduce the risk of a cyberattack.

“Today, you can find cybercriminals being hired for just about any cause”

Keeping the hackers out

While the threat is growing, businesses and individuals are showing more awareness of the need to protect themselves. In any organization, the people themselves are usually the weakest security link. This means training is essential to avoid such things as email phishing, in which attackers use extremely realistic-looking emails to trick employees into clicking on links or opening attachments.

“Identity-based attacks have become a favourite tactic, which makes protecting your identity more important than ever,” says Morgan Wright, chief security adviser at SentinelOne cybersecurity platform. “Always use strong passwords, using a password manager to create complex and secure credentials for every site.”

Wright advises using a combination of tactics to increase the cost to the attacker — especially multifactor authentication, which creates an extra layer of protection in addition to a password.

Applying security updates when they’re available is important, as is understanding that older technology is often a security risk. “Some hardware and software reach a point when they’re no longer supported by the manufacturer or developer,” says Wright. Although replacing it involves cost, an upgrade can prevent more expensive problems in the future, he says.

At the same time, businesses should keep up to date with relevant threats and make sure they have a plan in place to be prepared for a cyberattack.

“Ultimately, proactive security awareness plans that are reviewed and tested regularly — as well as clear communications on why those plans are needed — provide the best response when calamity threatens,” Thornton-Trump says.

The same best practices should be followed at home, too.

“Don’t ignore those update notifications,” says Maor. “Change your default password and always use multifactor authentication for login if possible.”

Looking to the future, we know that, sooner or later, hackers will find ways to use AI. That is a sobering thought, but AI can also be used to defend networks. Ultimately, cybersecurity is a never-ending game of cat and mouse. The hackers are constantly looking for new vulnerabilities, while the security experts try to identify weaknesses before attackers can take advantage of them.

CLOSER LOOK

WHAT IS THE IT/OT CONVERGENCE?

“Operational technology” (OT) refers to machines and devices in the physical world. These include cars, escalators but also production lines and power plants. While “information technology” (IT) has always had to deal with the cyberthreat, OT has traditionally been protected because it was not connected to the internet.

Today, however, OT operators want to have preventive maintenance and other benefits of the Internet of Things (IoT), so they also need protection against cyberattacks. The challenge is with the large amount of legacy equipment and infrastructure. In the energy sector, for example, investments often have lifespans of 30 to 50 years, and much of the infrastructure was built long before anyone thought to connect it.