ENISA – the EU Network and Information Security Agency – examined cybersecurity incidents associated with Industrial Control Systems (ICS) and System Control and Data Acquisition (SCADA) systems. The findings were published in a white paper: Can We Learn from Industrial Control System Security Incidents?, ENISA web site, October 2013. The link references a press release that provides the background and a summary of the paper, as well as access to the white paper itself.
ENISA’s key findings apply to many high-value information systems:
All of these practices should be addressed in your incident response plan if you are dealing with a high-value system.
Let us help you with a response plan review that (1) includes physical security as an extension of your incident response team; (2) addresses evidence collection and control; (3) identifies ex post analysis expertise for more effective incident review; and (4) recognizes inter-organizational communications requirements and opportunities.
The Verizon 2013 Data Breach Investigations Report provides insight into the role of insiders when data is breached.
Attackers targeted mostly finance, retail, and food service industries. Attackers profit from selling payment data or personal information. Almost all states and the District of Columbia have data breach laws governing this type of incident.
Here the attackers were seeking intellectual property – trade secrets, sensitive internal data, or systems information. The targeted industries were Manufacturing, Professional Services and Transportation. This raises issues of liability or economic loss.
There are two important statistics associated with cyber-espionage campaigns.
But, Verizon also states that External Actors are involved in over 90% of all data breaches. So, often an external actor recruits or coerces an insider.
Include insider threats and the potential impact of a data breach in your risk assessment.
When dealing with insider threats, consider the legal and human resource issues. Managing employees or contractors involves legal and regulatory issues. When dealing with a data breach, appropriate legal steps need to be followed.
Coordinated Response can help you develop a plan that anticipates the unique actions needed to address a data breach or an insider threat.