November 13, 2018
Cybercrime Poses Severe Risk to Nation’s Critical Infrastructure
Posted October 29, 2013
Continuing its Alignment to National Cyber Security Awareness Month, ThreatMetrix Outlines Preventative Measures to Protect Critical Infrastructure
San Jose, Calif. – October 29, 2013 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime solutions, continues its commitment to National Cyber Security Awareness Month by aligning to the week five theme, “Critical Infrastructure and Cybercrime.” As the nation’s critical infrastructure operations – including water and power utilities – increasingly move online, they are at risk of cyber attacks every day.
According to the Department of Homeland Security, American water and power utilities are under daily cyber attacks. Since critical infrastructure systems have only recently transitioned online, advanced cybercrime prevention measures have not yet been fully developed to stay ahead of these sophisticated cyber attacks.
“Anywhere critical infrastructure is linked to the Internet, there is inevitably a high risk for cybercrime and businesses and government agencies need to step up their game to protect against such risks,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Based on the number of attacks occurring on a daily basis, it appears those responsible for protecting critical infrastructure are already behind on developing preventative strategies and this needs to change immediately.”
Steps to Mitigate Critical Infrastructure Risks
The cybercrime threat to critical infrastructure has recently become so severe that President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity. Through the Executive Order, the Obama Administration urges critical infrastructure to meet the standards and procedures necessary to address cyber risks, including updating the cybersecurity framework to defeat sophisticated cybercriminals. An initial draft of the framework was just released this month and complements October’s designation as National Cyber Security Awareness Month.
While the framework outlined in President Obama’s Executive Order is valid, one should not forget that there are some straightforward technologies that can be put into place, many of which have been proven in other areas for years.
• Avoid relying entirely on the Internet – Connecting all critical infrastructure to the Internet can be detrimental in terms of cybercrime risk. Rather, those responsible for infrastructure must implement careful network segmentation and controls to determine the level of power, water and other utilities that should be housed online.
• Add contextual authentication – Critical infrastructure should have a higher level of authentication than other online identities each time an authorized user logs into the system – including added passwords, security questions and more. This decreases the chances of cybercriminals developing strategies to infiltrate critical infrastructure systems.
• Examine each and every transactions for signs of risk– Using a network of prior transactions, logins and personas such as the ThreatMetrix™ Global Trust Intelligence Network (The Network), businesses and government agencies can determine the level of risk for each transaction accessing critical infrastructure. Risky behavior may include a user connecting from a disguised location using a virtual private network (VPN), accessing information via a compromised device or logging into one account from several devices.
Following the release of The Network earlier this year, ThreatMetrix has added additional features that address the challenge of determining risk and suspicious behavior. One of the updates, PersonaID, provides insight into interconnections between devices and entities such as the devices from which an account login has been access. The other update, TrustTags, enables businesses to either positively or negatively mark transactions, personas and logins for risk so the next time a user returns, the business knows whether it has been identified yet.
“Trust Tags offer the only solution that enables businesses to effectively ‘tag’ bad actors while reducing friction and additional authentication for authentic returning users and devices,” said Baumhof. “Having a repository of bad actors can help government agencies assure those transactions are rejected from accessing critical government infrastructure.”
As businesses and government agencies continue to develop and implement a broad framework protecting critical infrastructure, putting cybercrime prevention measures in place can protect infrastructure from cyber attacks that compromise water, power and other critical facilities. Aligning with the week five theme of National Cyber Security Awareness Month – “Critical Infrastructure and Cybercrime” – ThreatMetrix continues its commitment to developing advanced technology that protects against cybercrime.
For more information on National Cyber Security Awareness Month, visit: https://www.dhs.gov/national-cyber-security-awareness-month or http://staysafeonline.org/ncsam/.
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.