Story image

FireEye says industrial cybersecurity is far too vulnerable - and the stakes are high

16 Aug 2016

FireEye has released a report that shines light on how industrial and utilities providers manage the security of their own industrial control systems (ICS) assets, and the effects can put an entire country at stake.

ICS assets encompass everything from electricity grids, water supplies and powerlines. The industry hires about 137,000 people across Australia, and has millions of customers.

FireEye examined security staff in utilities and other industries worldwide. The report showed that most are unaware of their assets and their vulnerabilities over the past fifteen years, as documented by company research.

The vulnerabilities can affect everything from sensor operation, controller programming, software and networking equipment used for automation.

The report also found that there were 1552 vulnerabilities in April 2016, compared to just 149 between January 2000 and December 2010.

Of these 1552 vulnerabilities found this year, 516 of them didn't even have a vendor fix, either because they are unpatched or the technology is so old that they are unpatchable.

What's more, at least five of these vulnerabilities have been exploited by nation-state cyberattackers since 2009. FireEye states that ignoring the warning signs leaves industrial environments exposed to threats.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.