After conducting it’s weekly scan of open-source media, the Gate 15 Threat and Risk Analysis Cell (TRAC) drilled down into three main themes that security-conscious organizations should be aware of. First is German authorities’ increased responsiveness against terrorism, demonstrated this week with the shutdown of a German shopping mall due to a credible terrorism threat and the Department of State issuing warnings on terror for travelers to Europe. Second is a succession of Internet of Things vulnerabilities being disclosed this week, continuing proof that criminal use of IoT will continue to increase both number and level of creativity. Finally, an energy sector poll found that a minority of those surveyed planned to implement security upgrades in the near term, a potential signpost of continued underinvestment in preparedness efforts in critical infrastructure.
“According to the 2017 BRIDGE Index Grid Operations survey, which polled over 20,000 utility employees across North America, only 28% of utility companies expect to implement a major security project, and less than half (48%) expected to complete a minor security project, within the next two years,” Wednesday’s Threat Dashboard reveals in it’s discussion of security preparedness, “The study also showed that over 70% of companies felt confident in their ability to collect the data needed to detect a cyberattack even though only 52% of the companies said their automated systems didn’t identify all the necessary information to know if an attack was ongoing. These statistics signal a possible feeling of overconfidence and is alarming considering previous attacks (Ukraine) and the seemingly persistent threat to utilities.”
Dave Pounder elaborates more on the topic in Thursday’s Torpedo Report, “Just recently the Environmental Protection Agency has been collaborating with the Department of Homeland Security to develop training material for water utilities due to the increased cyber threat to that sector. As noted in the 01 March 2017 Gate 15 Threat Dashboard, a recent Ponemon Institute study showed the US oil and gas industry isn’t keeping pace with cybersecurity threats and an Accenture survey from late last year highlighted a general overconfidence by organizations regarding their security preparedness.”
The Torpedo Report also covers Internet of Things vulnerabilities, stating “IoT is here to stay; security and business elements need to recognize the risk to customers and to the brand name and reputation, as well as the devastating ways these devices can be used in larger, more sophisticated attacks. Attackers will keep experimenting with new ways to cash in on open vulnerabilities and the threat of combining the popularity of ransomware attacks with IoT vulnerabilities, the results could be dangerous. A10 Networks has recently shared the results of research showing that DDoS attacks leveraging IoT devices (DoT) are on the rise, with costs to businesses ranging anywhere from $14K to millions of dollars.”
The complete Torpedo Report includes additional background and analysis as well as some preparedness and operational ideas for leaders to consider. This week’s reports and previous releases can be linked to from the “Reports” tab of this website.
To help leaders maintain active threat situational awareness, we distribute our (free!) daily paper and the above mentioned weekly products. Our team hopes they can help you achieve a sound background as you assess your organizational risks and then apply a threat-informed, risk-based and prioritized approach to preparedness and operations. If you’re not already signed-up, subscribe to our free products and receive them directly! Free reports include our daily paper, the Gate 15 SUN, with additional detail, focus and analysis in the weekly Threat Dashboard and Torpedo Report.