Cisco released its 2016 Midyear Cybersecurity Report in late July as a compilation to its 2016 Annual Security Report from earlier this year. The company looks at the state of cybersecurity based on the research it obtains from customers, outside security analysts, and its networking devices connected to the internet. These reports and analyses are increasingly important as actors find new ways each day to exploit vulnerabilities on networks and devices to create cyber threats and operate on a global level. The report is very applicable to the maritime industry. This is particularly true because of the increased amount of networked systems throughout a ship and maritime facilities, the proliferation of mobile devices in performing seagoing and shore-based facilities operations, and an ever increasing need to collect large volumes of data to perform big data analysis.
The report highlighted the aspect of time with regards to cybersecurity. Defenders must reduce attackers’ time to operate and that it is the key to undermining their success. The more attack vectors that go unnoticed and the longer we allow attackers’ time to exploit our systems and infrastructure, the greater their chance for success. Researchers provided the following ways organizations can and should take action to improve their defenses:
- Instituting and testing an incident response plan that will enable a swift return to normal business operations following a ransomware attack;
- Not blindly trusting HTTPS connections and SSL certificates;
- Moving quickly to patch published vulnerabilities in software and systems, including routers and switches that are the components of critical Internet infrastructure;
- Educating users about the threat of malicious browser infections; and
- Understanding what actionable threat intelligence really is.
You will notice patching as a recommendation. Even though patches are available from major software vendors almost at the same time vulnerabilities are announced, these patches are not downloaded and installed in a timely manner, according to Cisco research. Ideally, the maritime industry should identify operating system agnostic automated patch management tools to remediate system vulnerabilities including industrial control systems. If defenders improve the tools at their disposal, by reducing the time needed to patch vulnerabilities and upgrade their infrastructure, attackers become known. Defenders can also obtain the full picture of the security landscape: whether adversaries are present, how they gained entry, and which systems succeeded or failed in identifying the malicious activity. The reported also mentioned that the current industry estimates to detect attacks is between 100 and 200 days.
Organizations and end users all have a hand in reducing the time it takes to detect a security risk, knowing what tools or software patches are at their disposal, and closing those loopholes for an actor to hone in on.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.