Industrial Insights
Industrial Insights
- Details
- Kestell Duxbury
- Security
- Topic: Security
- Date: 10 September, 2017
- Year: 2017
The global malware attack that affected more than 200,000 organisations in 150 countries has brought cyber crime to the top of the risk news agenda
Wanna Decryptor, also known as WannaCry, started taking over people’s computers on 12 May 2017, demanding payments of US$300 to restore access to the files it encrypted. It threatened to delete files within seven days if no payment was made, and threw the UKs National Health Service into chaos.
While it is difficult to prevent determined, well-resourced hackers from launching a technical attack on a network, the truth is that most ransomware attacks generally rely on an interaction with our own users, says Mike Gillespie, IIRSMs Cyber Security Expert and Director of security consultancy Advent IM.
“Cyber attackers usually need to download the malicious software onto a computer, phone or other connected device, including – in the case of the NHS – such things as medical imaging devices and laboratory analysers to name a few, combined with many organisations failing to apply appropriate system and security patches. This combination effectively presents a much more vulnerable environment to the potential attackers, yet without organisations fully understanding the inherent risk.”
The most common ways of installing malware – malicious software – which includes the ever growing family of ransomwares, are through compromised emails and websites. For example, hackers could send an employee a phishing email that looks like it comes from their boss asking them to open a link – but it actually links to a malicious website that surreptitiously downloads the malware onto their computer.
The WannaCry ransomware appears to have used a flaw in Microsofts software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files. While the exact means of delivering the payload is not yet known, WannnaCry is especially interesting for the manner in which it spread, acting more like a worm than most other ransomware does.
A security expert managed to stop the attack by triggering a kill switch about 24 hours later but it continued to wreak havoc, with a second variant being released hot on the heels of the original one.
“All organisations need to become much more familiar with threat and vulnerability, two key components of risk,” adds Mike. “There is a growing need to fully understand the increased connectivity of everything, the convergence of physical and cyber threat and the significant vulnerability that under-aware staff can introduce. Cyber security is no longer in its own silo, but rather it is all-pervasive and affects almost everything we touch and interact with.”
It is time for organisations to realise that the threat is holistic, and so too must be the defence, Mike concludes.
Risk Reducing tips from IIRSMs cyber security expert:
- Educate all staff ... this includes senior management. Education should be targeted, pertinent, interesting, ongoing and effective.
- Make information asset ownership an integral part of all senior management roles.
- Protect especially sensitive information assets as identified by Information Asset Officers more rigorously, using a range of blended technical defences including network access controls, protective monmitoring and regularly updated anti-malware software.
- Implement an effective and risk based backup strategy to ensure that all vital information assets can be recovered in the event of a compromise. This should be an integral part of your business continuity, resilience and forensic readiness planning.
- Never, ever pay a ransom.
- Details
- Kestell Duxbury
- News
- Topic: Events
- Date: 10 September, 2017
- Year: 2017
Here is a brief overview of the week’s news on Health Safety Security Review Middle East, from 2nd - 7th September 2017
- Details
- Kestell Duxbury
- News
- Topic: Events
- Date: 7 September, 2017
- Year: 2017
The Global Marine Group (GMG), a market leader in offshore engineering services to the renewables, telecommunications and oil and gas industries, has achieved the Order of Distinction Award (18 consecutive Golds) in the prestigious annual scheme run by the Royal Society for the Prevention of Accidents (RoSPA)
- Details
- Kestell Duxbury
- Industrial
- Topic: Industrial
- Date: 6 September, 2017
- Year: 2017
The Telecommunications Regulatory Authority (TRA) of the UAE announced in August its achievement of three certificates from the International Standardization Organization ‘ISO’, in the areas of business continuity, quality management system and environmental management system
- Details
- Kestell Duxbury
- Industrial
- Topic: Industrial
- Date: 4 September, 2017
- Year: 2017
Flynas Airlines has taken the lead in Kingdom of Saudi Arabia to be the only airline which ensures in-flight safety for its crew and passengers, from all known in-flight environments
- Details
- Kestell Duxbury
- Fire Safety
- Topic: Fire Safety
- Date: 3 September, 2017
- Year: 2017
“The Grenfell Tower tragedy must prompt a considerable step change in how fire risk in tower blocks is managed,” urged leading safety bodies in Britain
- Details
- Kestell Duxbury
- News
- Topic: Events
- Date: 3 September, 2017
- Year: 2017
Here is a brief overview of the week’s news on Health, Safety, Security Review Middle East, from 27th August - 31st August 2017
- Details
- Kestell Duxbury
- News
- Topic: Events
- Date: 1 September, 2017
- Year: 2017
A raft of infrastructure and construction developments are underway in the UAE in the bid to make Dubai Expo 2020 one of the greatest shows on earth, with safety and sustainability at its heart
- Details
- Kestell Duxbury
- Security
- Topic: Security
- Date: 31 August, 2017
- Year: 2017
As threats to automation equipment are always changing and evolving, so too is the protection concepts for industrial plants. To address this challenging landscape, Siemens and the International Society of Automation (ISA) have entered a global partnership to foster the awareness for industrial security needs and global standards
- Details
- Kestell Duxbury
- Industrial
- Topic: Industrial
- Date: 30 August, 2017
- Year: 2017
Make your workplace compliant, safer and more efficient with durable pipe markers, safety signs, CLP-labels and area marking from Brady. Discover practical examples in our 16 visuals guide
- Details
- Kestell Duxbury
- Industrial
- Topic: Industrial
- Date: 30 August, 2017
- Year: 2017
In a ceremony held on 26 July 2017, Byrne was awarded the CPChem President’s Contractor Safety Award and 2016 CPChem Contractor Safety Excellence Award at the Chevron Phillips Chemicals office in Jubail, Kingdom of Saudi Arabia
- Details
- Deblina Roy
- Industrial
- Topic: Industrial
- Date: 29 August, 2017
- Year: 2017
The Department of Economic Development in Ras Al Khaimah (RAK DED) has signed a MoU with the Anti-Smoking International Alliance, for encouraging community involvement and cooperation to achieve common interests with the government and eliminate society’s harmful behaviours like smoking