While the energy industry may fear the appearance of another Stuxnet on the systems they use to keep oil and gas flowing and the electric grid powered, an equally devastating attack could come from a much more mundane source: phishing.
Rather than worry about exotic cyber weapons like Stuxnet and its big brother, Flame, companies that have Supervisory Control and Data Acquisition (SCADA) systems — computer systems that monitor and control industrial processes — should make sure that their anti-phishing programs are in order, say security experts.
“The way malware is getting into these internal networks is by social engineering people via email,” Rohyt Belani, CEO and co-founder of the anti-phishing training firm PhishMe, said in an interview.
“You send them something that’s targeted, that contains a believable story, not high-volume spam, and people will act on it by clicking a link or opening a file attached to it,” he said. “Then, boom, the attackers get that initial foothold they’re looking for.”