A Framework for Aviation Cybersecurity

166 views

As a key foundation of international trade, tourism, and investment, aviation is crucial to the global economy. This reliable, safe, and efficient transportation network carries over 2.6 billion passengers a year and 48 million tons of freight. Aviation’s global economic impact (direct, indirect, induced, and tourism catalytic) is estimated at $2.2 trillion or 3.5% of global gross domestic product (GDP). Disruption to this flow can result in significant economic and social disruption that would ripple across the globe, as demonstrated in the aftermath to the attacks of September 11, 2001. We now remain vigilant to adversaries who seek to disrupt the global economy by attacking aviation’s critical infrastructure.

Spotlight

Aspiring Minds

"Aspiring Minds, a job-credentialing leader, delivers the world’s most widely-used employability test and the only standardized test designed for job matching. AMCAT™ is a proven, scientific, comprehensive solution that uses patent-pending technology to help companies dramatically improve their hiring while enabling job seekers to evaluate and certify their skills and find appropriate career opportunities. More than 2 million candidates have taken the cloud-based, data-driven test, resulting in more than 200,000 job matches and awarding of millions of credentials."

OTHER ARTICLES
ENTERPRISE SECURITY

Addressing Digital Supply Chain Risks

Article | August 2, 2022

Technology is a constantly evolving landscape in which we adapt and progress year after year, much like the Moore's Law theory of processing speeds. On the other hand, cybersecurity gets more complicated and distinctive as software and hardware vulnerabilities start changing. This makes the digital environment for security professionals bigger and more complex. Digital Supply Chain Risk is one of the top seven cyber security trends for 2022, according to Gartner. Given the recent track record of successful supply chain hacks, CISOs and CIOs should not be surprised. The issue is, how can you successfully prepare your business to defend against a supply chain attack? What Are the Digital Supply Chain's Risks? Whatever definition you choose, there are a lot of threats in the digital supply chain. Physical supply chains that employ IoT, for example, are vulnerable to hacking. According to Ponemon research, although encryption is rising in areas such as freight and manufacturing, 60% of the organizations surveyed revealed partial encryption of their IoT and 61% revealed partial encryption of their IoT platforms. Threats to a company's extended digital ecosystem, on the other hand, are even more concerning. Third-party businesses in your supply chain are not your employees; they are frequently not on-site, and you cannot demand compliance as you do with employees. This is the reason for alarm; according to the Ponemon Institute's latest Cost of a Data Breach study, data breaches committed by third parties increase the cost of a data breach by an average of $207,411. Vendor information security measures are harder to verify, take longer to detect, and may take much longer to fix. Regardless of the fact that third-party information risk is a very serious concern, many companies are unprepared for a supply-side data breach. According to Protiviti's 2019 Vendor Risk Management Benchmark Study, only 40% of businesses have a fully developed vendor risk management process in place. A third of those surveyed said they had no risk management program or used an ad hoc risk management method. How Can You Keep the Digital Supply Chain Secure from Risks? Knowing your extended environment isn't as simple as it seems. While you may be aware of your suppliers, you may not be aware of theirs. You can feel helpless to check your suppliers' security procedures. If so, review your vendor management system. Traditional static third-party monitoring, like surveys, isn't adequate to safeguard your data and networks from supply chain bad actors. Static monitoring produces a snapshot of your suppliers' controls at a certain time-what if all their software is patched today, but what about tomorrow? Constant monitoring is the best method to manage third-party partnerships and secure data.

Read More
PLATFORM SECURITY

Why Should Businesses Care About Identity Security?

Article | July 4, 2022

In recent years, several of the world's most technology-savvy businesses have experienced identity-related breaches. These occurrences have emphasized how digital identities have evolved to be both today's largest cybersecurity issue and the foundation of current organizational security. It has become evident that a comprehensive, all-hands-on-deck strategy is essential to keep ahead of attackers and make their success more difficult. Why Should Businesses Care About Identity Security? According to CrowdStrike Overwatch team analysis, eight out of ten (80%) breaches are identity-driven. These contemporary attacks often skip the conventional cyber kill chain by utilizing stolen credentials to perform lateral moves and launch larger, more devastating attacks. Identity-driven attacks, however, are particularly difficult to detect. When a genuine user's credentials have been hacked, and an adversary is posing as that user, traditional security processes and tools might make it impossible to distinguish between the user's regular activity and that of the hacker. Identity security is often seen as an organization's final line of defense. These technologies are designed to combat attackers who have escaped existing security measures like endpoint detection and response tools. Identity Security and Zero Trust: How Are They Related? Zero Trust is a security architecture that needs every user, both within and outside of an organization's network, to be verified, approved, and constantly checked for security configuration and posture before allowing or maintaining access to applications and data. Zero Trust implies that there is no conventional network edge; networks can be local, in the cloud, or a mix or hybrid of the two, with resources and employees located everywhere. Businesses that wish to implement the most robust security defenses should combine an identity security solution with a zero-trust security architecture. They must also make sure that their chosen solution complies with industry standards, such as those specified by NIST. Closing Lines Many changes are in store for 2022. Indeed, we cannot forecast all the critical challenges and subjects that will arise this year. Could you fill in some of the gaps? A robust identity security solution will provide the business with several benefits and expanded capabilities.

Read More
PLATFORM SECURITY

The Reasons Why Cyberattack Surfaces Are Rising

Article | July 11, 2022

Increased cyber assets result in growing attack surfaces. So much so that, according to a recent Gartner analysis, the number one security and risk management trend today is attack surface growth. Businesses and security executives must update security policies and processes to prevent growing dangers when new technologies and cyber environments are adopted. Let's discuss the reasons for attack surface growth and how to rethink cyber asset protection in light of them. Reasons Behind Attack Surface Expansion The Multi-Cloud Trend Is Rapidly Expanding Modern businesses are using the cloud to stay up with digital innovation and meet market expectations. For organizations in many locations, a single public cloud provider is no longer appropriate. Choosing one that satisfies organizational demands is difficult. This simple problem-solution gave many organizations the multi-cloud trend. Gartner found that 81% of respondents use two or more cloud services. Multi-cloud is also used to maintain a vendor-agnostic approach and prevent vendor lock-in. To remain ahead of the competition, numerous vendors provide best-of-breed solutions. This is a huge benefit for multi-cloud adopters. For Ever-Growing SaaS Toolchains, Visibility Is an Issue More than 150 SaaS apps are used by companies with 1,000+ employees. Modern businesses embrace more SaaS apps to speed up their workflows. However, as SaaS adoption expands, so do businesses' attack surfaces. The following are the key reasons for SaaS security: Misconfigurations The absence of robust identity and access management system Inadequate disaster recovery planning Problems with data retention Breach of privacy and data security Inability to satisfy regulatory compliance To keep up with SaaS platforms, businesses must have scalable security and compliance policies. CAASM Automates Security Gap Identification According to Gartner, Cyber Asset Attack Surface Management (CAASM), Digital Risk Protection Services (DRPS), and External Attack Surface Management (EASM) will enable CISOs to safeguard environments against expanding attack surfaces. CAASM will help security teams in particular to: Gain insight over the cloud and SaaS cyber assets Automatically fill security loopholes. Accelerate incident reaction and clean-up Closing Lines As the attack surface rises, so does the amount of cybercrime that occurs. According to the FBI, cyberattacks have risen 400% since the pandemic began, making it essential to detect and minimize cyberthreats for business's health and future. To defend your company from rising dangers, you must detect gaps in time and adapt to the digital world. There are more targets for attackers to strike since organizational attack surfaces are constantly growing.

Read More
SOFTWARE SECURITY

Cloud Security Threats: 2022 Edition

Article | July 6, 2022

The worldwide cloud services industry is expanding as enterprises around the world continue to embrace cloud technologies. Cloud computing is estimated to reach 947.3 billion by 2026 (Yahoo), growing at a CAGR of 16.3%. But, for all of the advantages the cloud brings, there is a catch: cloud security risks. According to a survey by ISC2, 93% of businesses are concerned about the risks connected to cloud computing. Is this to say that the danger outweighs the reward? No, not at all. Let's look at some cloud security threats to watch out for in 2022, as well as how to develop a cybersecurity policy to safeguard your data while reaping the benefits of cloud computing safely. What Security Issues Can Organizations Deal in 2022? Cloud Strategy One of the most crucial security threats for companies is their ability to design and maintain a cloud strategy plan efficiently. Your business is likely to face fragmentation if cloud and security environments are not aligned with business strategy, which can have a detrimental impact on overall operations and business management. How to Mitigate This Risk: Create a cohesive strategy Concentrate on organizational outcomes Update your cloud security strategy periodically Unauthorized Access Access management is a major challenge to cloud security since it includes private data. Businesses of all sizes are concerned about employees openly sharing data with unauthorized personnel or external third parties, deliberately or accidentally. Additionally, some users with weak passwords or no authentication are more prone to having their data compromised. Ineffective passwords cause almost 80% of data breaches, according to Verizon. How to Mitigate This Risk: Create reasonable policies and processes Implementing multi-factor authentication (MFA) Developing a security model based on zero trust Making use of real-time access data Insecure APIs Many cyberattacks, particularly denial of service (DoS) cyberattacks, are done using application program interfaces (APIs). According to Gartner, API assaults will become the most common attack vector in 2022. How to Mitigate This Risk: Develop an API-specific security strategy Protect your API data using encryption Maintain consistent control over your APIs

Read More

Spotlight

Aspiring Minds

"Aspiring Minds, a job-credentialing leader, delivers the world’s most widely-used employability test and the only standardized test designed for job matching. AMCAT™ is a proven, scientific, comprehensive solution that uses patent-pending technology to help companies dramatically improve their hiring while enabling job seekers to evaluate and certify their skills and find appropriate career opportunities. More than 2 million candidates have taken the cloud-based, data-driven test, resulting in more than 200,000 job matches and awarding of millions of credentials."

Related News

Cyber Threats debut on the flightline at Nellis Air Force Base’s Red Flag

February 17, 2014

For the first time, the recent Red Flag 14-1 at Nellis Air Force Base featured a “contested, degraded or operationally limited” environment, or CDO, for maintainers, who were trained to cope with cyber vulnerabilities in the systems they use on the flightline.

Read More

U.S. and EU struggling to reach aviation cybersecurity agreement: report

December 23, 2015

As the aviation industry struggles to adopt cybersecurity measures in an effort to keep airspace safe from hackers, authorities in the U.S. and European Union are reportedly failing to see eye to eye. While keeping safe the computer systems relied upon by airlines is certainly nothing new, a “trans-Atlantic tiff” has emerged following a meeting in Washington, D.C., last week where American aviation experts discussed the future of international airspace cybersecurity, the Wall Street Journal reported on Tuesday.

Read More

United Airlines Pays Man a Million Miles for Reporting Bug

wired | July 14, 2015

Two months after United Airlines launched a bug-bounty program to reward researchers who report flaws in the company’s web site and apps, a researcher has received 1 million air miles in the first reward given.

Read More

Cyber Threats debut on the flightline at Nellis Air Force Base’s Red Flag

February 17, 2014

For the first time, the recent Red Flag 14-1 at Nellis Air Force Base featured a “contested, degraded or operationally limited” environment, or CDO, for maintainers, who were trained to cope with cyber vulnerabilities in the systems they use on the flightline.

Read More

U.S. and EU struggling to reach aviation cybersecurity agreement: report

December 23, 2015

As the aviation industry struggles to adopt cybersecurity measures in an effort to keep airspace safe from hackers, authorities in the U.S. and European Union are reportedly failing to see eye to eye. While keeping safe the computer systems relied upon by airlines is certainly nothing new, a “trans-Atlantic tiff” has emerged following a meeting in Washington, D.C., last week where American aviation experts discussed the future of international airspace cybersecurity, the Wall Street Journal reported on Tuesday.

Read More

United Airlines Pays Man a Million Miles for Reporting Bug

wired | July 14, 2015

Two months after United Airlines launched a bug-bounty program to reward researchers who report flaws in the company’s web site and apps, a researcher has received 1 million air miles in the first reward given.

Read More

Events