Just a few days ago, news began circulating on the internet of a strange problem with Cisco routers which was easy to identify as it caused complete failure. Shortly afterwards, Cisco issued a warning for specific products which may still be functioning normally but could fail after approximately 18 months of operation without warning. Meanwhile, a list of affected devices has now been published online. But that’s far from the full story.
Anti-virus companies have identified a new trend: Criminals are increasingly using open source software instead of developing or purchasing their own malware. Kaspersky Lab recently revealed several cyber espionage campaigns, which operate according to this model. Such free tools that were originally designed for security testing contain many tools that criminal hackers can also use for their own purposes. Even more conveniently for hackers, these tools are also developed and maintained by the open source community for free.
Not a day goes by without Industry 4.0 being touted as the future of the manufacturing industry. And it’s true, the digitization of production environments is already gaining traction, in some sectors more than others. And with all these developments, everyone is concerned with the security of the brave new interconnected world. Now standard hardware and software are in control of motors, switches and pumps, the security risks must be kept in mind by automation engineers. This requires a methodological approach, which is best adapted and linked to a central ISMS policy.
Over the last few years, gleaning useful information from massive amounts of data has also become more difficult for IT security and approaches to Big Data and information analysis are a critical topic in this sector. The number of users, end devices, applications and log files are constantly on the rise. At the same time, attackers are becoming more sophisticated and professional while constantly adapting their strategies. Companies are now facing a completely new level of risks and challenges to their IT security operations.
Frequently companies have more than enough data on security events, including successful penetrations and potential vulnerabilities. Enormous volumes of data are generated by network components, storage systems or applications. Security threats buried among this data must be taken seriously, however attacks often remain unnoticed or they are not discovered in time due to a lack of structured data. Analyzing and interpreting this data and deploying a rapid response is almost impossible without specialist software.