Security

WannaCry Attack

July 4, 2017

Graham Speake quoted in WannaCry article

“This kind of attack is easy to mitigate against because there were patches already in existence and available,” said Graham Speake, chief information security officer at Berkana Resources. “Obviously, companies to have to deploy them. For the IT side of the house, there is usually some delay even if there are important/critical patches released by a vendor as they have to be tested against the company’s base build (or perhaps multiple builds if it is a large multinational). There is still a lot of older or obsolete operating systems around, particularly in some hospitals where cost to upgrade play a big concern, especially like in the UK where it is a nationalized service. Within the ICS/SCADA world, the overall goal of segregated IT and OT systems would alleviate a lot of these attack vectors, but business drivers often outweigh the segregation issue. Having separate systems with a firewall with a strong rule set dividing the two and not allowing Internet access or email from the OT side of house would go a long way to protect the critical infrastructure.”

While this was a huge general attack against multiple industries, Speake said focused attacks are much harder to defend against.

“The more we have IIOT and devices connecting directly to the Internet, the less secure we likely are and more likely to see incidents affect our ICS/SCADA systems.”
— Graham Speake

“Often users will use similar techniques as their competitors to set-up and run their OT operations and knowing that a particular port is likely to be open or a specific application is running can allow attackers to craft the right attack,” Speake said. “Segregating the OT and IT sides of the house with few interconnections between them and flow always going from the OT to IT networks is necessary, and making sure we do not put things in to make it easier/cheaper at the expense of security. The more we have IIOT and devices connecting directly to the Internet, the less secure we likely are and more likely to see incidents affect our ICS/SCADA systems.”

read the full story at www.issssource.com

Graham Speake

See All Posts
Share
Tweet

Posts

Industry
William Giles

William Giles joins growing Denver based Berkana Resources Corporation as VP of Strategy and Solutions.

September 5, 2018
Integration
BRC Design-In-Partner

Berkana Resources Selected by Cisco as a Design-In Partner

September 5, 2018

We are often asked "Where did the name Berkana Resources come from?" Berkana is an ancient Rune letter that stands for the Birch tree which is on our logo. It also stands for new growth and opportunity.

Useful Links
Advisory BoardPrivacy Policy
Contact Us
501 S. Cherry St., Suite 1100, Denver, CO 80246
1075 Kingwood Drive, Suite 206, Houston, TX 77339
10 Floor Bankers Hall West, 888 3rd St. South West, Suite 1000, Calgary, Alberta T2P 5C5
US (303) 293-2193
Canada (403) 444-6400
info@berkanaresources.com
Copyright 2020