13

Assessment and Threats: Protecting Your Company from Cyber Attacks

Embed Size (px)

DESCRIPTION

In the second of six presentations in this series on cyber security, we explore the different types of malware and explain the first steps your company can take to avoid the threat of cyberattacks.

Citation preview

Page 1: Assessment and Threats: Protecting Your Company from Cyber Attacks
Page 2: Assessment and Threats: Protecting Your Company from Cyber Attacks

Now, it’s time to start protecting your company.

The first step? ASSESSMENT

In our first presentation, you learned about the history of cyber attacks and how recent escalation shows that businesses in industrial control infrastructure must take action.

Page 3: Assessment and Threats: Protecting Your Company from Cyber Attacks

Before you can close security gaps in your control systems, you must develop a baseline of operations.

You have to find problems before you can fix them.

Page 4: Assessment and Threats: Protecting Your Company from Cyber Attacks

Any good assessment begins with an inventory.

A physical walk-down of your networks and devices should be the first step of any assessment.

Page 5: Assessment and Threats: Protecting Your Company from Cyber Attacks

Look at your network platforms and ask yourself:• What versions are being used?• Are they up to date?• Are they patched?• Are they still supported by the operating system vendors or the actual control

systems vendor?

Inventory:

Page 6: Assessment and Threats: Protecting Your Company from Cyber Attacks

Look at your devices and controls and ask yourself:• What do I have, and are they updated• If they are not updated, are they protected?• What are they protected by?• Is someone paying attention to and analyzing the logs the security system

generates?

Inventory:

Page 7: Assessment and Threats: Protecting Your Company from Cyber Attacks

Beyond physical examination, you can also use analytical techniques to evaluate how vulnerable your systems are.

By PENETRATION TESTING, you can simulate an attack from internal or external sources in order to evaluate your network.

Through a VULNERABILITIES ASSESSMENT, you can find, evaluate, and in some cases, rank the risks in a system.

Page 8: Assessment and Threats: Protecting Your Company from Cyber Attacks

After inventory comes monitoring.

You must be cognizant of device interconnectivity when installing securing devices, such as HMIs, PLCs and all SCADA-driven devices. And they need to be consistently monitored to protect against the many different types of threats that exist in today’s world.

Page 9: Assessment and Threats: Protecting Your Company from Cyber Attacks

Typically, when someone thinks about malicious

software, they think of viruses. But in

cyber space, malicious software takes many forms…

Page 10: Assessment and Threats: Protecting Your Company from Cyber Attacks

TYPES OF MALWARE:

Viruses: Any malware spread through computer networks through human action or self-replications.

Worms: A subset of viruses, worms are designed to spread autonomously throughout a network, and their goal is to maximize proliferation without detection. They can be used to gain information and relay it to some point outside of the corporate network.

Trojan viruses and backdoors: These grant external access to control systems. Using these pieces of software, individuals can code remotely, gain access to, and in some cases, even assume control of assets.

Spyware and rootkits: These are pieces of software that hide their presence on infected systems. They could open a window into confidential data, change a computer’s reporting capabilities, or even provide remote administration capabilities.

Blended Threats: These combine two or more types of malicious software.

Page 11: Assessment and Threats: Protecting Your Company from Cyber Attacks

While professional and cyber criminals can use malware to execute attacks, not all attacks are targeted. Accidents happen, and these types of malware are just as dangerous in the hands of unsuspecting civilians and employees.

Page 12: Assessment and Threats: Protecting Your Company from Cyber Attacks

Individuals are randomly targeted every day, receiving malware in personal emails or downloading it unintentionally from infected websites. It’s when these personal emails find their way into corporate systems that problems occur.

Page 13: Assessment and Threats: Protecting Your Company from Cyber Attacks

Download our brief on cyber security! Learn more about Industrial Cyber Security at

CIMATION.COM/CONTACT-US