US nuclear plants have been breached by phishing attacks via malware-infested CVs. Fraser Kyne, EMEA CTO at Bromium commented below on this news.
Fraser Kyne, EMEA CTO at Bromium:
“Whether this creates a disaster such as a hazardous spillage or power outages for millions, or something less dramatic like a heap of business disruption for the plants that have been attacked, its clear security has to change. Once again, it is the end user that has been targeted with infected email attachments. This is a common theme in recent breaches. If you are a busy engineer, who is recruiting at the moment and get sent a CV why wouldn’t you open it? Regardless of whether you work in a nuclear facility or in an office you can’t question every action you take on a PC. Yet that’s what the current status quo in security expect.
“We know that users are the weakest point in a company’s defence against cyber-attacks, and yet we still see successful breaches on a weekly basis. This highlights the need for a new way of thinking about cybersecurity on the whole as current defences are not up to the task. We can’t continue to expect users to be the last line of defence. By isolating tasks with virtualisation-based security you can effectively nip such attacks in the bud and take the onus and responsibility for security away from the user.”