intelligent
security intelligence that transcends borders
A
PUBLICATION
Leveraging autom
ation tools
Why CISOs
must consid
er automation
for robust securit
tools
y and busine
ss benefits.
Cybersecurity
and
aviation
How CISOs
in the aviation
sector
can bolster defenc
es.
Mobile phishi
ng protec
tion
The steps that
must be taken
to secure mobile
devices.
issue 20 | www.int
elligentciso.com
IDENT Y
PROTECT IT
IO
N
ENTERPRISE
FIREWALL PARTNER
Tesco deployed
a multi factor authen
visibility and has
tication solutio
helped ensure
n which has provid
sensitive data
ed
employees is secure belonging to its 450,000
d.
INTELLIGENT
DATA
PROTECTION
PARTNER
GLOBAL CISO
KNOWLEDGE
PARTNER
INTELLIGENT
THREAT
MANAGEMENT
PARTNER
DATA SECURITY
PARTNER
INTELLIGENT
NETWORK
SECURITY PARTNER
INTELLIGENT
BANKING
& FINANCE
PARTNER
GLOBAL
INNOVATION
PARTNER
INTELLIGENT
ACCESS
MANAGEMENT
PARTNER
33. predictive intelligence
How automated defence tools are helping
to protect the endpoint
33
36. feature
Looking ahead: Reviewing the latest
threats and exploring what’s to come
Joe Carson, Chief Security Scientist
and Advisory CISO, Thycotic
industry unlocked
industry unlocked
The aviation sector is being increasingly digitised
which, while providing numerous benefits for
consumers and passengers, also introduces new
risks and makes the industry a hot target for
cybercriminals. Industry experts from Thycotic
and Attivo Networks tell us about some of the
key threats, how the industry is rising to the
challenge and offer best practice advice for
CISOs on how to bolster their defences.
A
Airlines and airports spent a record US$50 billion
in 2018 on IT to support improvements to the
passenger journey and are now beginning to
enjoy the benefit of that investment.
Figures published by SITA for the first time show
that this investment has resulted in a significant
improvement in both the satisfaction levels for
passengers and average processing time.
The SITA 2019 Air Transport IT Insights shows
that 60% of airline CIOs recorded up to a
20% year-on-year improvement in passenger
satisfaction. During the same period, 45% of
them recorded up to 20% improvement in the
rate of passengers processed.
The benefits of digitisation are clear to see
– improved customer satisfaction and overall
efficiencies. But it also introduces new risks
and, like every other vertical, CISOs in the
aviation industry are having to step up their
cybersecurity measures.
Joe Carson, Chief Security Scientist and
Advisory CISO at Thycotic, and Chris Roberts,
Chief Security Strategist, Attivo Networks, have
provided insight about some of the key threats
and how they are being combatted.
What are some of the unique
cyberthreats to the aviation sector
and why?
JOE CARSON, CHIEF SECURITY SCIENTIST AND
ADVISORY CISO, THYCOTIC
The aviation industry is at risk to many unique
cyberattacks that can put human lives and
even global stability at serious risk. Our society
44
41. expert opinion
is largely dependent on the aviation
industry to keep us connected and the
world moving and any threat to that
industry puts our way of life at serious
risk. The modern aviation industry is
heavily dependent on technology and
software that is at risk to cyberattacks,
which could disrupt flight systems
making aircrafts fall from the sky or
force pilots to make premature landings.
We have seen recent events on what
could happen when software bugs
combined with sensors that have no
backups can result in pilots fighting with
flight controls such as the recent issues
with Boeing 737 Max. Other risks which
I see as the major threats are those that
could impact airports such as disrupting
safety systems, baggage handling or
logistics and schedules. Since airports
are more open and connected, they are
exposed to more threats.
Most attacks to date on the aviation
industry have been financial fraud related
such as business email compromise
and invoice fraud or cyberattacks that
impacted booking systems and loyalty
rewards programmes stealing millions of
airmiles from customers.
CHRIS ROBERTS, CHIEF SECURITY
STRATEGIST, ATTIVO NETWORKS
Unlike many other industries the airline
sector still depends on everyday use
of decades-old bespoke proprietary
systems. Air-ground communications
Issue 20
|
www.intelligentciso.com
Chris Roberts, Chief Security Strategist,
Attivo Networks
systems – such as the Aircraft
Communications Addressing and
Reporting System (ACARS) – are
gradually being interconnected to allow
them to be controlled remotely via
the Internet. As they do this air traffic
operators are keenly aware that doing so
increases the risk that outsiders could
access onboard systems.
How is the aviation sector rising
to the challenge of combatting
these threats?
JOE CARSON: The aviation industry has
always risen to the challenges since the
www.intelligentciso.com
|
industry heavily relies on safety as its
primary priority. When systems become
more connected online, cybersecurity
is no longer just an IT security issue –
it then becomes a safety issue – and
that is why aviation organisations treat
cyberattacks as such a high priority.
However sometimes shortcuts do occur
such as using critical communication
equipment onboard aircraft for
payments and this increases the threats
and risks.
CHRIS ROBERTS: The introduction of
increased Internet connectivity brings
opportunities for elevated revenue
streams and operation savings to
the aviation sector. At the same time
passengers and industry regulators will
expect ever more robust cybersecurity
measures to protect the information
they exchange and access through
aircraft in the sky. The answer to the
rising challenges for providers of
in-flight communication services –
some of which are constrained by the
architecture and physical limitations of
their networks – is to build increased
security layers around these more
capable networks.
Can you outline any use cases of
how technology is being used to
mitigate threats?
JOE CARSON: One main area of
technology being continuously improved
is that of ADS-B (Automatic Dependent
Surveillance – Broadcast) which is
used for safety. However, in the past,
since it was using radio frequency, it
was not encrypted and could have been
monitored or, worse, the data could be
poisoned. However recent improvements
have focused around securing and
better protecting critical safety systems
by decreasing risks such as spoofing,
data poisoning and hacking.
44
CHRIS ROBERTS: In-flight communication
services, both for the entertainment
of the general passenger and the
efficiency of the business traveller,
face steady growth in demand that is
certain to increase as passengers insist
45
Issue 20
CISO-Issue20-Dec2019.indd 44-45
27/11/2019 15:32
HIDING IN PLAIN SIGHT
– WHAT ARE THE KEY
INDICATORS OF AN
INSIDER THREAT?
36
normal job role. For example, if they’re
searching for and accessing data that
they shouldn’t be or making repeated
requests to access sensitive data. It
could be that they are looking through, or
downloading, vast amounts of sensitive
information not related to their job role.
There could be perfectly innocent
explanations for each of these. It may
be that, unknown to the IT security
team, the user’s job role has changed.
Another digital sign that could have a
reasonable explanation is that the user is
copying large amounts of data on to an
unauthorised storage device or emailing
it outside the network. They could
simply need to work on these files at
home, however an organisation cannot
be too careful and these all need to be
investigated. Also, while these actions
might not be malicious, they could, in
themselves, cause a security breach.
Behavioural warning signs
How the user behaves in real life can
also be a clear sign that they are
O
Mitigating this threat is notoriously
difficult, but it can be achieved by
understanding the tell-tale warning
74
signs and using multiple data points
to determine unusual behaviour.
CISOs need to be aware that insider
threats are caused not only by existing
employees, but also consultants,
partners or former employees.
The perpetrators fall into two distinct
camps: those who maliciously seek to
steal data – the ‘turncloaks’ – and those
who unknowingly enable a data breach
by accident or negligence – the ‘pawns’.
Whether a turncloak or pawn, there are
both behavioural and digital warning
signs that someone at the organisation
has become a threat.
Digital warning signs
The digital clues that someone might
pose a threat are connected to that
person’s use of data, especially if they
are doing anything that is not part of their
Signs could also include attempts to
bypass security and corporate policies
and social elements such as bad
CISOs need to be
aware that insider
threats are caused
not only by existing
employees, but
also consultants,
partners or
former employees.
Issue 20
|
www.intelligentciso.com
Cybersecurity and aviation: Combatting
the key threats
55. intelligent technologies
62. business surveillance
Matt Lock, Technical Director at Varonis
CISO-Issue20-Dec2019.indd 74-75
44. industry unlocked
leaking information to the outside
world. Red flags are usually linked to
unusual working patterns or noticeable
changes in an employee’s conduct.
For example, although it’s now
commonplace for employees to log on
at the weekend or late at night, if work
patterns suddenly begin to change,
it could point to covert activity when
linked with other information.
How do you identify an attacker who is not supposed
to be accessing sensitive data as part of their job role?
Although they are notoriously difficult to identify there are,
nonetheless, tell-tale signs that indicate the presence of a
stealthy inside attacker. Matt Lock, Technical Director at
Varonis, explores the top warning signs – both digital and
behavioural – that should serve as a red flag.
rganisations
spend vast
amounts of money
each year on
cybersecurity
measures and
solutions to
prevent external threat actors breaking
into their networks. But what about the
threats from within the business? The
2019 Verizon Data Breach Investigation
Report found that around one third
(34%) of data breaches involved an
insider, whether through malice or
negligence. The report is a reminder that
organisations can’t ignore what may be
hiding in plain sight; the insiders who
have access to their most important and
sensitive data assets.
Leveraging automation for modern
security. Katell Thielemann, VP Analyst
at Gartner
www.intelligentciso.com
|
Issue 20
74
Why CISOs must focus on employee
development as a key security strategy
75
27/11/2019 15:33
67. decrypting myths
48. feature
48
4
The rapidly rising reliance on mobile
phones in the workplace has facilitated
an increased cybersecurity threat from
malicious phone hackers that many
manufacturers are not equipped to
handle. Tom Davison, EMEA Technical
Director at Lookout, outlines the steps
that both individuals and businesses
must take to ensure the security of their
most valuable assets, with particular
focus on the manufacturing sector.
The configuration mistakes that provide
field days for hackers
71. go phish
Mustafa Gangardiwala, Head of
Information Security Unit, Industrial Bank
of Kuwait
74. end-point analysis
Hiding in plain sight – what are the key
indicators of an insider threat?
Issue 20
|
www.intelligentciso.com