Hacking risk never stops

Connecting critical systems opens up an ever-increasing set of risks

  • E-Mail
Hacking risk never stops Organisations must have robust security before connecting systems. (ITP Images)
By  Mark Sutton Published  April 4, 2018

The revelation last month that a potentially catastrophic cyber-attack against a Saudi oil refinery only failed due to an error by the hacker creates a striking reminder of how serious the stakes are becoming in the cyber security game.

The Triton attack, which happened in August, used highly crafted malware to attack the safety system of the unnamed refinery, with the explicit intention, researchers believe, of causing an overload that would have resulted in an explosion. It was only by chance - an apparent mistake in the malware - that allowed safety systems to function as intended and shut down the plant.

This attack, which did not gain much attention at the time, is slowly giving up its secrets as researchers pick apart the malware. It is not clear who wrote the code, or their motives for attempting to blow up an industrial plant, but it is clear that the malware was very well researched, highly targeted and deadly in intent.

The malware was also able to reach what should have been a closed system, proving that given the money and the resources, cyber criminals can do pretty much anything.

 Meanwhile, the lower end of the hacking world has shifted its intentions from ransomware last year to illicit crypto-mining this year, which shows that criminals are still predictable in following the money, but are also still innovative and adaptable to the most lucrative targets.

At the same time, digital transformation efforts are ramping up more than ever before, and systems across almost every area of activity are getting transformed and connected. This is resulting in a massive potential attack surface, and more ways for ill-intentioned actors to harm critical infrastructure.

Many security vendors are promoting machine learning as the next great weapon against hackers, and while it is certainly becoming apparent that humans cannot hope to manage the complexity of the security environment on their own, these AI security solutions are not in widespread deployment just yet. Until there are better means of protecting systems, any digital transformation program should ensure that the risks, and not just the rewards, are properly considered before critical systems get connected.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code