The Department of Homeland Security is stepping up the fight against cybercrime by establishing a new central hub defending industries such as banks and energy companies against attacks, according to NBC News.
DHS said that The National Risk Management Center will be a joint effort between government and private businesses with the purpose of devising methods to recognize potential threats and ultimately defend against them.
The centre was formed as a response to more advanced cyberattacks, along with worries over their potential to cause significant damage to critical infrastructure, impacting millions of customers in the process.
Concerns over Russia continue
Officials from Homeland Security recently said that Russian cybercriminals had hacked control rooms of major utilities in 2017. Concerns also exist over potential interference by Russia in the midterm elections.
While organizations and businesses have long been the targets of cyberattacks, recent technological advancements combined with geopolitical shifts have seen nation states forced to pay closer attention to cyberspace than ever.
Any time we see new technological advancements, there are a whole host of new risks, and we can expect attacks to be more frequent, more cost-effective, and more efficient. As such, we’ve seen attacks on critical infrastructure become more frequent in 2018. Further targets are likely to be in a wide array of areas, such as cutting-edge scientific data, financial services, and utility infrastructure. We’ve only recently seen the indictments of those tied to the Islamic Revolutionary Guard Corps for cyberattacks that resulted in the theft of 31 terabytes of intellectual property and academic data.
What can organizations do?
The first thing to do is ensure that basic cybersecurity is being implemented. There are also a number of resources online that provide information on how to improve cybersecurity, such as the OWASP Top 10. The Open Web Application Security Project reports on the main security issues related to applications. It educates organisations so that they can lower security risks by employing effective practices and programs.
Evidently, organizations and businesses need to devote a greater number of resources in order to become more cyber-vigilant, which require more resources to anticipate and defend against attacks. They also need to get more involved in more private-public partnerships in order to adequately deal with the issue of critical infrastructure.
One problem that they have is that they’re chasing elusive threats. The solution is to take out the guesswork and stop attacks in real-time. Another method that they should be implementing is data masking- a way of creating a copy of an organization’s data that is similar in structure. It’s typically used in user training or software testing, but can also be effective in defending against critical infrastructure attacks.
Essentially, organizations need to improve cybersecurity in 2018, controlling and segregating network access, testing and reviewing both new and old software and hardware, and carrying out the necessary due diligence with regards to suppliers. They also need to look out for, and be prepared to deal with, the kind of network probing and surveillance that could presage a full-scale cyber attack.