Over 320 bugs in industrial control system components were discovered by security researchers in the second half of 2017, says a survey by Kaspersky. These systems run everything from electricity and water plants to manufacturing factories. More than half of the vulnerabilities were ranked as having a high or critical level of risk.
Hackers could exploit these vulnerabilities to take control of industrial equipment. Most bugs, the report says, can be exploited remotely without authentication. And exploiting them does not require the attacker to have any specialized knowledge or superior skills.
What should companies be doing? Isolate industrial systems that connect to the Internet, make sure software on systems is patched and make sure password access to these systems is tightly controlled.
The average website is attacked 44 times a day, according to a global survey of customers by website security vendor SiteLock. And if successful, attackers steal customer data, plant malware or deface the site. Big and small companies are just as likely to be victims, the survey found.
Vulnerabilities come from coding mistakes or corrupted plug-ins.
What can you do? Passwords are your first line of defense against any cyber threats. In this case we’re talking passwords that give staff access to the website. Passwords should be a minimum of 12 characters, avoid dictionary phrases, contain at least one capital letter, one lowercase letter, and one number. Whenever possible, use randomly generated passwords and store them in a secure password manager.
Have a backup strategy. Keeping accurate and clean backups of your website is key to mitigating the damaging effects of a potential malware attack. It is recommended to backup your site daily. Use a malware scanner and a Web gateway or firewall. And make sure all website-related software is patched and updated.
Finally, with the city of Atlanta still recovering from last week’s crippling ransomware attack, it’s time to remind listeners about what they need to do to protect themselves. Ransomware gets loaded on a system when a user either goes to an insecure website – like one hosting porn – or downloading an infected document from their email. So watch where you go on the Internet and be careful who is sending you attached documents or pictures in your mail.
Just in case, regularly back up your data so you can restore your data without paying a ransom. Attackers have asked Atlanta for the equivalent of $51,000 in Bitcoin to unlock infected systems.
Cyber Security Today is produced by IT World Canada. Subscribe on Apple Podcasts, Google Play, or wherever else you listen to podcasts. Thanks for listening.