This nightmare scenario could play out millions of times unless people take steps to protect their IoT devices. The situation is even worse in industrial settings. Smart manufacturing, that is, Industry 4.0, relies on tight integration between IT systems and OT systems. Enterprise resource planning (ERP) software has evolved into supply chain management (SCM) systems, reaching across organizational and national boundaries to gather all forms of inputs, parting out subcomponent development and production, and delivering finished products, payments, and capabilities across a global canvas.
Each of these synergies fulfills a rational business goal: optimize scarce resources across diverse sources; minimize manufacturing, shipping, and warehousing expense across regions; preserve continuity of operations by diversifying suppliers; maximize sales among multiple delivery channels. The supply chain includes not only raw materials for manufacturing, but also third party suppliers of components, outsourced staff for non-core business functions, open source software to optimize development costs, and subcontractors to fulfill specialized design, assembly, testing, and distribution tasks. Each element of the supply chain is an attack surface.
Business Process Compromise (BPC) cyber-attacks are not often covered in the media. Their distant relative — the similarly sounding Business Email Compromise (BEC) — tends to get most of the billing, especially after the FBI branded it the most costly threat of 2018. But the truth is that this broad category of attacks is a major threat to organisations. Last year we revealed that 43% of US and European firms had been impacted by BPC.
CISOs across the globe are worried about cybersecurity industry skills shortages. These concerns have been around for years, of course, as have recruitment challenges. But new research from Trend Micro reveals that organisations are looking to mitigate some of the worst effects of these shortages: through greater use of automated machine learning tools.
Let’s be clear, ML is not a silver bullet. But it could be effective as part of a more holistic approach to security focused around reducing unnecessary threat alerts. Continue reading →
It’s that time of the year again when we look to the future to arm cybersecurity professionals with a few predictions of what might head their way in 2019. But the truth is that there’s little in store that they’ve not seen already. In fact, the defining threat trends of the coming year may well be those that have plagued organisations for the past decade: vulnerabilities, stolen credentials and social engineering.
The best way to equip your organisation against these going forward is to follow best practices, layer up defences across the IT infrastructure and improve user awareness programmes. Continue reading →