ZDNet reported that the Israeli government says that hackers have targeted its water supply and treatment facilities last week.
In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems.
With most industrial control systems now connected in some way to the internet, they are more vulnerable to targeted cyber attacks and cyber espionage campaigns. However, because many of the older systems were not designed with security in mind, they are largely unequipped to deal with these attacks. For any business that has an industrial control system footprint, take a proactive stance, and evaluate how the environment is being secured. Failure to do so could result in a devastating attack that causes serious damage or even endangers public safety.
To have the best chance possible to mitigate the chance of a cyber attack, firstly train employees on how to recognise a scam. Much of cyber security is about human nature and social engineering. Furthermore, training must be ongoing due to the ever-changing tactics deployed by today’s attackers. Then begin understanding the types of risks you have. By conducting regular, preferably continuous, assessments of configuration and vulnerability risks across your IT systems will give a more holistic view of your infrastructure. Remember, attackers will be trying to do the same, so it pays to be one, two or even three steps ahead. Lastly, don’t ignore the simple, best practices. Keep software up to date, apply security patches, change passwords, and make sure terminated employees and contractors don’t have access. This security hygiene goes a long way to making the attackers’ job more difficult and keeps systems better protected.