Fonte: GDPR Report
Cyber-criminals are seeking out new prey. Industries that previously had a lower threat profile – such as oil-and-gas, manufacturing, and shipping – are now falling victim to cyber-attacks at an increasing rate. In some cases, the cyber criminals are using the supply chains of companies in these industries as entry points for the attacks. In other cases, the criminals target these companies directly. In either case, the organizations these companies are third parties to – their clients – are often impacted.
As a result of this new trend, governments are stepping up with new efforts – laws, regulations, and guidance – to help create national supplier ecosystems that are more resilient to cyberattack. Industries are also creating their own working groups and other types of infrastructure to help increase communication about cyber risk – to share experiences as well as information on prevention and resilience. The evolution of cybercrime is rapid – governments, industries and individual companies are working hard to stay ahead of the threat.
Expanding their horizons
While most industries have had some level of cyber-criminal activity over the past decade – no one is really immune – some industries have seen an uptick in both frequency and severity over the past 12 months. Impacts have included disruption of operations and theft of proprietary information. Industries are finding themselves under increasing threat include:
- Oil and gas – Five natural gas pipeline operators in the US had their operations disrupted when a third party supplier of electronic data and communications services, Energy Services Group, was hacked in the spring of this year. While customer data was not compromised, Bloomberg reported that Duke Energy left Energy Services as a customer shortly after the hacking incident, over concerns that its client data could be compromised.
- Manufacturing – The hacking of a third party vendor to more than 100 manufacturing companies was discovered in July 2018. According to UpGuard Cyber-Risk, a cybersecurity consultancy, some 157 gigabytes of data that Level One Robotics was holding was exposed via rsync, a common file transfer protocol used to mirror or backup large data sets. Sensitive documents included more than 10 years of assembly line schematics, factory floor plans and layouts, robotic configurations and documentation, ID badge request forms, and VPN access request forms. Corporates who had data exposed included VW, Chrysler, Ford, Toyota, GM, Tesla and ThyssenKrupp.
- Shipping and transport – Major cyberattacks at shipping and trucking companies have hit the headlines in recent months. In late July 2018, a ransomware attack at the China Ocean Shipping Company (COSCO) crippled the company’s internal communications. This follows on from the 2017 NotPetya malware outbreak, which forced shipping giant Maersk to replace 4,000 new servers, 45,000 new PCs, and 2,500 applications over a period of 10 days. Cyberattacks are also up within the trucking industry, although these companies are keeping these attacks private. Trucking companies are vulnerable to third parties, and of course they are also essential third parties to their clients.
Clique aqui e leia a matéria completa.
