Cyber Security News Update 6/15/2018

Beam Suntory, the company behind the well-known Jim Beam whiskey, has been busy working to upgrade their cyber security systems. This push towards more modern and adaptable security systems comes with the realization that their systems are vulnerable, and that it’s possible to create an explosion on the production line. Previously the entire system was set up so that it could only be accessed physically, but this meant that if something went wrong it might take too long for IT professionals to respond and reach the affected site before something damaging occurred. Jim Beam still keeps its most important systems air-gapped and off the web, but it has set up Virtual Private Network (VPN) access that it provides to select IT professionals so they can monitor the health of the Beam Suntory systems and respond as necessary. Beam Suntory has also invested in upgrading their production line with recent technologies such as drones and robotic forklifts. These changes allow for a safer workplace environment and easier tracking of the entire production process. Automation has allowed Beam Suntory to more effectively pursue its business practices and they are continuing to work with Cisco to increase the amount of automated work done at their sites.
Source: Cisco Live 2018: Avoiding distillery explosions with cybersecurity

In a survey by OpenVPN that asked 500 US employees about their online habits, it was found that many employees did not practice good cyber discipline despite increased awareness of the risks. The study showed that a quarter of those surveyed (125) reused the same password for all of their logins, and 23% (115) didn’t check whether links they had been sent were malicious or not. Cyber security is only as strong as the weakest link in the chain, and employees represent the largest amount of links in the corporate chain. Employees, especially those with access to critical data, have to practice their best online behavior. Companies can try to create better behavior by changing their security policies and compelling employees to follow them but safe cyber practices are a cultural issue as well as a regulatory one. Companies must foster an environment where employees understand the best way to keep important data safe through everyday practices and behaviors. Multiple layers of security can help, as well as bio-metric passwords and multi-factor authentication. Employees should be cautioned to always investigate who sent an email and where any links inside go. Phishing and Spear Phishing attacks are still popular with today’s hackers, and they can be easy to fall prey to if you aren’t prepared to deal with them. Several of the largest hacks and attacks in 2017 started with a malicious email that seemed harmless but contained malware, malicious files, or dangerous links. These emails can appear to come from legitimate senders, and they may send the recipient to mock-ups of normal websites so that the target enters security or personal information that allows the attackers to create a foothold in the corporation’s system. The email may send itself from the infected computer using the victim’s email address, which makes it harder to spot the attack since it’s now coming from what’s supposed to be a safe email address.
Source: Despite advancements training and fears of breaches, employees still practice bad cyber hygiene, study