A solar energy company learns of several recent cyber-attacks targeting other companies in their industry and realizes they could be next. the company initiates an analysis to weigh the measures needed to counter the potential threat and to minimize the impact to business. which security principle is illustrated in this example?

2022 Text with binary code getty Last year I wrote two FORBES articles* that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem. In retrospect, 2021 was a very trying year for cybersecurity in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact. Ransomware came on with a vengeance targeting many small and medium businesses. Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past. Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022. By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cybersecurity throughout the coming year. Cyber risks top worldwide business concerns in 2022 “Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).y affected firms in the past year. “ Cybercrimi...

Indeck recently signed a $3 million deal with the U.S. Air Force to supply Q-Boxes for various devices, and he’s inked agreements with half a dozen utilities, including “Software systems are not secure. Full stop,” Indeck said. Though he admits there’s still room in the market for malware detection software, he said his technology obviates the need for firewall protection and virtual private networks which can cost an organization millions of dollars a year. “This technology provides protection without requiring changes or additions to an endpoint’s legacy code and with no modifications to existing equipment,” according to a Q-Net Security press release. The company is feeling the momentum. Its factory in Carbondale, Illinois, is building 500 Q-Box devices with another 500 expected to be delivered by year’s end. The National Academies of Science has endorsed the security of the Q-Box. In a 2018 NAS report, “Quantum Computing: Progress and Prospects,” authors found that encrypted data from the Q-Net box would take an assumed quantum computer running the most efficient algorithm known to crack encryption. Indeck said it would take “over 200 billion-billion-trillion years to decipher the data…longer than the age of the universe.” The box has two outlets—one connects to a company’s network, the other plugs into the device that requires protection. Devices are typically part of the Distribution Energy Resource System. A Q-Box can connect to up to 2,000 devices. “We have thousan...

The SolarWinds hack was a major event not because a single company was breached, but because it triggered a much larger supply chain incident that affected thousands of organizations, including the U.S. government. What is SolarWinds? SolarWinds is a major software company based in Tulsa, Okla., which As an IT monitoring system, SolarWinds Orion has privileged access to IT systems to obtain log and system performance data. It is that privileged position and its wide deployment that made SolarWinds a lucrative and attractive target. What is the SolarWinds hack? The SolarWinds hack is the commonly used term to refer to the supply chain breach that involved the SolarWinds Orion system. In this hack, suspected nation-state hackers that have been identified as a group known as Nobelium by Microsoft -- and often simply referred to as the SolarWinds Hackers by other researchers -- gained access to the networks, systems and data of thousands of SolarWinds customers. The breadth of the hack is unprecedented and one of the largest, if not the largest, of its kind ever recorded. More than 30,000 public and private organizations -- including local, state and federal agencies -- use the Orion network management system to manage their IT resources. As a result, the hack compromised the data, networks and systems of thousands when SolarWinds inadvertently delivered the SolarWinds customers weren't the only ones affected. Because the hack exposed the inner workings of Orion users, the hac...

Newer types of cyber attacks are harder to identify and protect against than previous types because they can bypass traditional cybersecurity defenses. It’s certainly no secret that for many years, the power industry has been a top target for hackers around the world. However, whereas in the past, many of these attacks were relatively easy to block using standard security tools like malware detection software, firewalls, and intrusion detection systems, recent advances by state-sponsored hacking teams and criminal groups have made these attacks considerably more sophisticated and harder to prevent. That’s likely a key reason why 68% of energy companies and others in the critical infrastructure sector admit they’ve been breached by hackers, resulting in either data loss or disruption of operations, according to a 2014 estimate by Unisys and Ponemon Institute. The reality today is that these attacks are far stealthier than anything the industry has seen before. And the increasingly complex nature of these cyber attacks corresponds directly with the growing level of danger they pose to the power sector. In 2013 the Department of Homeland Security (DHS) issued an industry-wide alert about the growing threat of cyber sabotage attacks to the power sector after its incident response teams noticed an alarming trend of hackers, possibly from the Middle East, systematically breaching U.S. energy companies in an effort to probe their networks and determine how to take control of key ...