by Dawn Dunkerley
Contributing Editor

Cyber security is not just an IT or a CIO problem; it’s a senior leader problem. With so much information on cyber security out there, we’ve curated our list of the most interesting articles to come out this month to give senior leaders the information and perspective they need to approach cyber security.

I can vouch for this myself; some of the most talented cyber security professionals I know have “non-traditional” backgrounds such as music and language that make them more thoughtful and well-rounded. In my experience, the most important tenets for an analyst are insatiable curiosity and a desire to problem solve. You can teach the technical fundamentals, but it’s much harder to teach the burning desire to solve a complex, multifaceted issue that can often include cultural and psychological components.

Vulnerabilities are released every day (and even more are held for the future), and there are thousands just sitting out there (117,997 as of this writing, according to the Common Vulnerabilities and Exposures database). You can’t (and often shouldn’t) try to run down the line and patch them all. As this article notes, prioritizing based on the criticality to your business and your protective measures already in place is key.

Further analysis:

“What is known is that an event large enough to require full shutdown of all manufacturing capabilities is taking place. Elisa Costante, senior director of industrial and operational technology (OT) research for Forescout, explains, OT devices ranging from PLCs to sensors that were previously air-gapped are becoming connected to networks by the minute. This convergence of IT with OT networks offers substantial benefits but is also providing cyberattackers a greater opportunity to affect the physical world and impact the bottom line of the business and safety of operations and employees.”

Another case of a cyber event negatively impacting a critical supply chain, with the OT network that powers operations taking the hit. The rise in interconnectivity between the traditional IT networks and their previously air-gapped OT counterparts is exposing operations to cyber risk like never before. Many underlying assumptions that have been made must be re-evaluated, as old investments of time and money may no longer protect your business.

One particular bit to chew on from this story: a quick search on the ASCO site revealed that “ASCO’s products are incorporated in most of the world’s most modern commercial aircraft, including commercial jets, regional and larger business aircraft.” 

A growing number of companies are implementing a combination of training and phishing tests to counteract phishing across their enterprise, but it’s very rare to see an employee be punished when they fail, and almost never has an employee been fired. Should this be the method of accountability for an organization that takes cyber security seriously? Food for thought.

A classic anecdote for why you should think twice before allowing any app access to your camera and microphone (and prune your unused apps!) Cheers to La Liga for such a “novel” idea to combat pirated streaming, though it cost them a $283k USD fine and goodwill in the end. 

Leave a Reply

Your email address will not be published. Required fields are marked *