For most the idea of a cyberattack against your company is something that does not concern you other than when you are determining if the email in front of you is a phishing test from the IT Group or an authentic phishing attack from a foreign land.
Cybersecurity professionals sometimes wear T-shirts that exclaim,” Stop clicking on everything!” or provide cute acronyms that ask users to know the sender and validate authenticity before clicking.
The basis of the corporate focus on email and phishing attacks are the most successful threat vector used by cyber attackers. The reason this approach is successful is because the attacker does reconnaissance of a company, understand the points of contact as well as hierarchical relationship within the company. This information forms the basis of emails that create urgency to the receiver as they forgo the validation of the authenticity of the email and just click on the link that then installs malware into the corporate environment or in the case of oil and gas could also infect the ICS environment.
At this point it is a race between the cyber attacker and the Security Operations Centre (SOC). The attacker can be seen as the offence, attempting to understand the network environment, valuable data locations and administration accounts that provide greater ability to operate within the network – they are just trying to move down the football field. The defence is trying to stop the offence by punting the ball. The SOC as the defense is looking for indicators of compromise, large data transfers to a third-party location or data that becomes inaccessible. This leads to identify the location of the attacker or the location of malicious software with both needing to be remediated. For most corporate SOC’s it is hoped that though the preparation of the runbooks they have prepared for this type of attack and can remediate with no loss of data or loss of reputation to the company.
Galaxy understands these challenges and in response Galaxy is improving it’s SMARTSite service offering. Galaxy believes the best approach to your cybersecurity defense is preparation. Preparation is having a current inventory of all devices and understanding normal operations. Monitoring these devices is required to receive real-time alerts of unusual activity that could be an indicator of compromise. Is there an attempt to access an EOL device within a remote site by an account that should have been disabled?
Through SMARTSite, Service clients can select and have configured by Galaxy Network Operations Centre (NOC) technicians reporting on Security Analysis with focus on Bandwidth and Applications or Web Usage or Threats. In the area of threats there are reports on Malware Detected, Botnets Detect as well as Intrusion Detection. This is really the first layer of the onion that could be explored and implemented with the support of NOC technicians. In addition, Galaxy will schedule meeting to review the efficacy of the monitoring and reporting. As Galaxy expands its ability for reporting new reports or approach to monitoring can be added to provide a more detailed and vigilant reporting to support the race to determine indicators of compromise and the proper remediation to the attack.
Galaxy, in partnership develops specific runbooks for incident management and be the first stage of incident remediation on behalf of the client. With proper device inventory management and monitoring Galaxy could, for example, limit the exposure of malware or ransomware by shutting down or air-gap parts of the network that have been attack and so limit the propagation of the malware to other areas or functional areas of a corporate environment.
In response to a successful cyber attack on an oil and gas pipeline the Federal Department of Homeland Security Transportation Security Administration have implemented additional cybersecurity requirements for companies operating oil and gas pipelines across the United States. Galaxy is committed to implement segregated networks with airgap to limit the spread of malware, implement increased monitoring as well as anti-malware protection on all identified endpoints. Galaxy understands that cybersecurity protection is paramount to the operations of oil and gas infrastructure and will work with our clients to implement all Federal Government requirements.
Malware attacks to SCADA networks whether they operate oil and gas infrastructure or control the processing environment within an operating mining location can be devastating. Galaxy is offering our ability to monitor, report and remediate in partnership with our clients to mitigate the negative outcomes from these types of attacks.
The first step to begin the journey of cyber protection is to reach out to Galaxy to define your operational requirements and allow Galaxy to provide a well-thought-out plan and approach to provide the required solution to protect your corporate and confidential information.