Much has been made about the risks to our nation’s critical infrastructure by hackers and state-sponsored actors, but the likelihood of a major attack is still slim and for one important reason: the hackers, by and large, are in it for the money.
Apart from terrorists who are out to harm and devastate, hacking a state’s transportation system isn't going to be a top target if it's not going to yield much in the way of financial gain.
“Over the last few decades we moved to world where digital and electronic systems are connected resulting in a network of systems that provide services and solutions to consumers and businesses and opportunities for would-be attackers,” said Colin McKinty, Vice President Cyber Security Strategy at BAE Systems Applied Intelligence in a recent interview with The SaaS Report. That has prompted “the sky is falling” type news reports and some to focus on what’s possible and less about the reality, driving, fear uncertainty and doubt when it comes to how safe the country’s infrastructure is from hackers. After all the idea of your electric car being hacked while you are driving on a parkway is scary but the likelihood of it happening isn’t that high. “Attackers have to have motivations for it, and a key motivation of a lot of cyber crimes is to make money,” said McKinty.
When it comes to securing infrastructure, McKinty said artificial intelligence and machine learning are playing a role but it's also the jobs of the professionals safeguarding those systems to make sure they are patching networks and are up to date in terms of closing vulnerabilities in the software they use. After all last year’s WannaCry virus that swept across the globe exploited a bug in unpatched Microsoft operating systems. Beyond patching, he said companies need to think about how their employees interact on the network. “One popular way to get into sector including transport is through phishing and email,” said the cybersecurity expert. “ Hackers have gotten good at creating very believable email,” McKinty said blocking and tackling of email through technology and the education of employees as to what emails they should open and links they should click on can go a long way in protecting critical systems.
While protection should be a focus of security departments, it shouldn't be the only area companies are concentrated on. BAE Systems expects someone wants to get in and advocates having a strong monitoring and response strategy in place in addition to protection solutions. That is where advanced technology such as machine learning and artificial intelligence comes in to play hand-in-hand with cybersecurity experts. “If you don't have the people and processes in place the technology will fall short,” said McKinty.