上QQ阅读APP看书,第一时间看更新
Cyber risk gap summary
The WannaCry cyberattack went viral quickly and proved the notion of multipliers in force in a connected business world. The impact on the UK's NHS hospitals exposed two facts:
- The cyber risk gaps prevalent in OT environments: The lack of a security patch that exposed the NHS's network to the WannaCry cyberattack, which had been released by Microsoft two months prior to the attack. Threats such as WannaCry highlighted the gap in organizations' priorities and understanding to apply security patches in a timely manner. Newer operating system versions integrate many security fixes over their predecessors. WannaCry affected deprecated Windows operating systems, which meant that Windows 10 escaped unscathed. Lack of enterprise-wide software and hardware upgrades and the use of outdated legacy software is often seen in industrial enterprises. This extends the attack surface in OT environments.
- How a cyber incident can impact healthcare processes and patients: Although there has been no reports of fatal consequences, the attack reportedly locked out numerous devices in acute care facilities (trusts), blood testing and diagnostic equipment, and MRI scanners, leading to the cancellation of thousands of appointments and operations (DIG-HLT).
In this book many companies/vendors have been referenced as practical examples to illustrate the theoretical concepts. The author is unaffiliated and unbiased to any of these vendors. The references are only meant to provide the readers with a source to find more information on the practical implementation of the technology being discussed. The author fully acknowledges that there could be more than one vendor excelling in that technology space, but including all brands is not practically possible; nor the purpose of this book. We hope that the readers find these vendor examples as useful references to promote their understanding on the subject.