Jun 15, 2016

"Social engineering seen as rising cyber threat to nuclear industry" via @nuclearenergy1

​Nuclear Energy Insider:
Social engineering seen as rising cyber threat to nuclear industry UK told to protect supply chain skills as new build delays bite Sweden to allow new nuclear plants; US utility fixes AP1000 build cost

 The growth of digital communications to improve collaboration and productivity in the workplace has seen a rising number of unauthorized incursions linked to employees, according to the U.K. Government's 2015 Information Security Breaches Survey, conducted by PWC.

Some 90% of large businesses, which included respondents from the energy sector, reported at least one attack last year and 75% reported a staff-related incident, up from 58% in 2014, the survey said.

Last year 15% of large U.K. organisations had a security or data breach involving smartphones or tablets, up from 7% in 2014. Some 13% of large organisations identified a data or security breach relating to social network sites, compared with 12% in 2014.

Source: U.K. Government's 2015 Information Security Breaches Survey

Modern attackers are turning to social engineering techniques that target personnel, which is quicker and easier than identifying and hacking software vulnerabilities, according to experts. Infected emails, social media platforms and online chat sites can all be used to track the whereabouts of personnel and elicit login and password information.

A password breach into the business area leaves personnel and customer data vulnerable to mining and infection with malware. This could present some risk to critical control areas as, although recommendations urge nuclear facilities to separate business systems from critical systems, personnel still need to transfer information and access different areas of the plant.

Emily Taylor, Associate Fellow International Security at Chatham House, said social engineering correlates personal digital footprints to other associated data to rapidly pinpoint individuals using just a handful of data points.

"By using Facebook "likes" alone, searches can predict gender, race, sexual orientation, as well as political and religious beliefs. Maybe there is a growing awareness that posting private and personal statements is not a good idea, but not about things like 'likes'. The metadata around this is tagged with a location by many applications," Taylor told Nuclear Energy Insider.​