How to Keep Cyberattacks From Taking Off

COMMENTARY. Over the last three years, the global aviation industry has been left reeling by a post-pandemic sucker punch that hit the sector with over $185 billion in losses. Once a bastion of American prosperity, airlines were forced into survival mode, cutting staff from their workforce and flights from their schedules. The North Star of success in aviation continues to be the safety of passengers, systems, and the data they house. The cybersecurity of airlines and manufacturers has opened a new domain of safety crucial for the continuity of flight systems, servers, and communication equipment. Security has become an integral component of an economic powerhouse that has contributed to American transportation, trade, and commerce for over 100 years. To ensure the security of the industry for the next century, protecting critical infrastructure from increasingly complex and frequent cyberattacks should be the No. 1 priority for large organizations across the US. The new litmus test for investors and insurers will be how prepared airlines and manufacturers are for the potentially debilitating consequences of a cyberattack. The Rising Tide of Accountability Of all cyberattacks against the aviation industry in 2021, 55% resulted in financial loss, and over one-third resulted in the leaking or theft of personal data. Ransomware responses continue to evolve as regulations tighten. In light of this, regulatory bodies and lawmakers have sounded the alarm, placing a spotlight on securing systems and networks against rising threats. In March 2023, the Transportation Security Administration issued an "Emergency amendment" to airports and aircraft operators' security programs. The amendment mandates TSA-regulated entities develop implementation plans to improve their cybersecurity resilience, aiming to prevent disruption and degradation to their infrastructure. At the same time, the US government's new National Cybersecurity Strategy this year has reinforced the necessity of defending critical infrastructure by shifting responsibility from individuals to large organizations. This coordinated governmental strategy has, in part, been a response to the abundance of attacks against targets in the aviation sector. Canadian low-cost airline SunWing faced four days of flight delays last year after third-party software systems breached the check-in process. Indian carrier SpiceJet was also hit by a ransomware attack that left hundreds stranded at airports nationwide, showing that these events are occurring in all corners of the world. The International Air Transportation Association is the foremost authority of global aviation best practice. They made the responsibility of civil aviation cybersecurity clear, stating that "People, processes, and technology" are the three main components dependent upon each other to create a unified cyber strategy. Traditional General Data Protection Regulation approaches to assessing and reducing cyber-risk have simply become obsolete. If pilots navigated planes only using their knowledge of flight controls, this would not prepare them for the demands of neutralizing an engine failure at 30,000 feet. The next generation of cybersecurity is now taking this concept and applying it to the defense of critical assets in the aviation industry. One Small Step for Tech, One Giant Leap for Cybersecurity Cyber-ranges are the government-grade flight simulators of cybersecurity. By battle-testing defenses in real-world conditions, airlines' IT and OT environments can experience the equivalent of three years' worth of attacks in just 24 hours. Many airlines use data collection and storage software seen in most industries, making lateral movement through networks relatively straightforward. Decision-makers in the halls of aviation titans around the country are now deciding how to implement precautions to secure these systems and bolster their company's investment strategy for the next stage of growth. Prioritizing government-grade cybersecurity can help them refine their incident response plans, train employees, and comply with the latest groundswell of regulation. By implementing a "Train to failure" mindset, companies can test their defenses against phishing, DDoS attacks and data-breach techniques that contribute to around two-thirds of all cyber threats in the industry today. If an aviation organization loses less than 1% of its customers as a result of a data breach, millions of dollars in revenue could be lost. Carriers and manufacturers need the data and insight into their IT and OT environments to see what is working, and what isn't. By implementing a proactive approach to cybersecurity, effective mitigation of threats can be achieved, reducing the dwell time of attackers. By removing the "Unknown unknowns" of cyber threats, businesses can achieve the maximum levels of protection needed to keep their company safe.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 20:25:01 +0000


Cyber News related to How to Keep Cyberattacks From Taking Off

Understanding Each Link of the Cyberattack Impact Chain - It's often difficult to fully appreciate the impact of a successful cyberattack. Other consequences aren't so obvious - from a loss of customer trust and potential business to stolen data that may surface as part of another cyberattack years later. ...
11 months ago Securityboulevard.com
Latest Information Security and Hacking Incidents - The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. Cloud services are popular because ...
8 months ago Cysecurity.news
How to Keep Cyberattacks From Taking Off - COMMENTARY. Over the last three years, the global aviation industry has been left reeling by a post-pandemic sucker punch that hit the sector with over $185 billion in losses. Once a bastion of American prosperity, airlines were forced into survival ...
11 months ago Darkreading.com
Top 10 Endpoint Security Best Practices That Help Prevent Cyberattacks - Endpoints are one of the hackers` favorite gates to attacking organizations` networks. Setting foot into only one of the connected devices can open the way for threat actors to deploy malware, launch phishing attacks, and steal data. Antiviruses are ...
1 year ago Heimdalsecurity.com
CVE-2024-45013 - In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into ...
2 months ago Tenable.com
North Korean Hackers Behind Major Cyberattacks, Confirmed by FBI - The FBI released a statement confirming that North Korea was behind a series of major cyberattacks in the past year. It is the first time that the FBI has attributed such activity to North Korea. The attacks included intrusions into networks, ...
1 year ago Thehackernews.com
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions - Middle East oil and gas operators will need to be vigilant about the risk of cyberattacks as the Israel-Gaza conflict continues, security experts warn, or else risk energy supply disruption globally. A recent report by S&P Global Ratings found that ...
11 months ago Darkreading.com
Should You Shut Down Your Computer Every Night? - Although PCs benefit from an occasional reboot, it's not necessary to turn off your computer every night. The decision to let your computer sleep vs. shut down depends on considerations such as the device's age, your usage habits, and whether you ...
9 months ago Pandasecurity.com
How to turn off location tracking on Android - Some apps need access to location services to function properly. There may be reasons why you don't want your device to be located, often because you don't want to be found and the device is always with you. Depending on who you are trying to hide ...
5 months ago Malwarebytes.com
How to turn off location tracking on iOS and iPadOS - On iOS and iPadOS, location services are typically turned on when you first set up your device. There may be reasons why you don't want your device to be located, perhaps because you don't want to be found but need to keep the device with you. There ...
5 months ago Malwarebytes.com
Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
11 months ago Darkreading.com
Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks - For Israel, 2023 will be remembered as the beginning of the war in Gaza after the devastating Hamas terror attacks on Oct. 7. The conflict spread to the cyber realm, with hacktivists on both sides declaring their intentions to conduct cyberattacks. ...
10 months ago Darkreading.com
CyberCrime & Doing Time: Classic Baggie: Part Three - He claimed he was selected as an independent contractor to rebuild a fleet of airplanes for KLM Royal Dutch Airlines, who had wired him $3.5 Million Euros into his Swiss bank account at Neue Privat Bank. His attorney, Phillip Richardson, said that he ...
9 months ago Garwarner.blogspot.com
Hyperloop One To Close Down - Futuristic travel experiment Hyperloop One to cease operations, as assets sold off and remaining staff made redundant. The futuristic transportation company, Hyperloop One is preparing to shut down for good at the end of 2023. Bloomberg reported that ...
10 months ago Silicon.co.uk
Google Begins To Switch Off Ad-Tracker Cookies - Google starts switch-off of third-party ad tracking cookies under privacy initiative, as advertisers say company gaining too much control. Google has given tens of millions of its Chrome browser users the option of switching off third-party cookies, ...
10 months ago Silicon.co.uk
Save up to $315 on data privacy tools with AdGuard VPN - A virtual private network is a foundational data privacy tool for both professional life and your day-to-day browsing. AdGuard VPN offers one-year, three-year, and five-year subscriptions to cover all of your devices, anywhere in the world. AdGuard ...
10 months ago Bleepingcomputer.com
Riot Games Pauses Updates After Social Engineering Attack - Riot Games, the creators of the popular game League of Legends, recently announced that they will be pausing their updates after suffering from a social engineering attack. According to their statement, the company was targeted by an adversary who ...
1 year ago Therecord.media
Multiple colleges, K-12 schools facing outages after cyberattacks - Several K-12 schools, colleges and universities are dealing with significant technology outages due to cyberattacks this week. A spokesperson for North Carolina Central University told Recorded Future News that the school was alerted to a cyberattack ...
11 months ago Therecord.media
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
1 year ago Thehackernews.com
Detained Russian student allegedly helped Ukrainian hackers with cyberattacks - A Russian tech student could face treason charges for helping Ukrainian hackers carry out cyberattacks against Russia. A resident of the Siberian city of Tomsk, Seymour Israfilov was detained by Russian security services in October, but little ...
10 months ago Therecord.media
Cyberattacks Intensify on Israeli and Palestinian Human Rights Groups - Hackers have stepped up efforts to take down the websites of Israeli and Palestinian humanitarian groups since Hamas attacked Israel on Oct. 7.The spike in cyberattacks on Israeli human rights organization B'Tselem has reached levels similar to ...
11 months ago Wsj.com
Microsoft Exchange Servers Vulnerable to Cyberattacks - Microsoft Exchange Servers are becoming increasingly vulnerable to cyberattacks due to unpatched security vulnerabilities. Microsoft has recently released several critical patches for Exchange Servers, but it is still not enough to prevent possible ...
1 year ago Hackread.com
Stellar & Blackberry Join to Deliver Open XDR to MSSPs and Enterprise - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR, has entered into a new partnership with BlackBerry to deliver a comprehensive threat detection and response solution ...
11 months ago Americansecuritytoday.com
What Lurks in the Dark: Taking Aim at Shadow AI - Security teams are confronting a new nightmare this Halloween season: the rise of generative artificial intelligence. Generative AI tools have unleashed a new era of terror for chief information security officers, from powering deepfakes that are ...
11 months ago Darkreading.com
3 Ways to Close the Cybersecurity Skills Gap - Cybersecurity jobs continue to be the most in demand, as the industry cannot keep up with the number of openings, which currently sit at more than 700,000. 66% of professionals in cybersecurity roles report feeling significantly stressed at work, due ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)