The leading crane and lifting manufacturer Palfinger has been targeted in an ongoing cyberattack that disrupted IT systems and business operations. Palfinger is a leading maker of crane and lifting solutions with headoffice in Austria with over employees in over 35 locations generating €1.75 billion in revenue for 2019. At this time, the extent and consequence of the cyberattack are not known.
Experts Comments
In the manufacturing business, time is money, so the disruption of Palfinger’s IT services as well as order processing and shipment delays, translates to lost revenue. The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of a company’s cyber and physical systems. Attackers are going after higher value targets and that includes operational networks. The remediation costs and efforts to repair the operational, financial and
.....Read MoreIn the manufacturing business, time is money, so the disruption of Palfinger’s IT services as well as order processing and shipment delays, translates to lost revenue. The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of a company’s cyber and physical systems. Attackers are going after higher value targets and that includes operational networks. The remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams.
IT and OT systems are converging and security teams need to take a new, holistic approach to cybersecurity. Businesses should deploy artificial intelligence and machine learning tools across their IT/OT networks to gain real-time visibility and identify cyber threats and resolve issues before harm is done. We know from working with thousands of industrial installations, that with the right technology and a focus on best practices, it’s possible to monitor and mitigate these risks and achieve operational resiliency. A robust cyber defense strategy is the best line of defense against sophisticated attacks
Linkedin Message
@Andrea Carcano, Co-founder and CPO, provides expert commentary at @Information Security Buzz.
"Attackers are going after higher value targets and that includes operational networks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-palfinger-suffers-cyber-attack
Facebook Message
@Andrea Carcano, Co-founder and CPO, provides expert commentary at @Information Security Buzz.
"Attackers are going after higher value targets and that includes operational networks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-palfinger-suffers-cyber-attack
Be part of our growing Information Security Expert Community (1000+), please register here.
Manufacturing industries tend to have machinery that need to interact with hardware, firmware and software applications. The main form of this interaction is via non-interactive generic accounts and service type accounts that have high level of privileges associated with them. Due to the nature of the business, these accounts tend not to undergo access control best practices including changing passwords when operations staff/employees leave. I would recommend that a detailed risk assessment
.....Read MoreManufacturing industries tend to have machinery that need to interact with hardware, firmware and software applications. The main form of this interaction is via non-interactive generic accounts and service type accounts that have high level of privileges associated with them. Due to the nature of the business, these accounts tend not to undergo access control best practices including changing passwords when operations staff/employees leave. I would recommend that a detailed risk assessment be completed, taking into consideration access control, as part of the transformation program and moving to the cloud. This will support in identifying any risks and putting compensating controls in place to reduce risks to a level that the manufacturing business is willing to accept. An example of this could be making high privilege accounts and their execution subject to two-factor authentication or restricting high privilege execution to on-premise locations only (i.e in the factory/operation plant.)
Read LessLinkedin Message
@Niamh Muldoon, Senior Director of Trust and Security EMEA, provides expert commentary at @Information Security Buzz.
"Two-factor authentication or restricting high privilege execution to on-premise locations only...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-palfinger-suffers-cyber-attack
Facebook Message
@Niamh Muldoon, Senior Director of Trust and Security EMEA, provides expert commentary at @Information Security Buzz.
"Two-factor authentication or restricting high privilege execution to on-premise locations only...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-palfinger-suffers-cyber-attack