During the last CCI’s Knowledge Teams meeting, held early this month, a colleague, friend and member of “The CCI Ecosystem” suggested -prudently- that, despite not seeming fashion, training and awareness still conform, from his view, the angle stone of any cybersecurity strategy. From his view and from mine one. We could not agree more! So we said that day and so proof the articles that, as examples, we are bringing to you today.
Executives -this time, energy sector’s ones- seem to keep needing, as their cybersecurity experts say, a few layers of training that, no doubt, will help them to distinguish reliable e-mails from those that are not. Moreover, I would extend the training, not only to executives, but to their personal assistants and to anyone who helps them in the boring task of reviewing the e-messages they receive.
A majority of such messages, when attackers succeed, end by becoming ransomware infections. The regular practice of backing our most valuable information up can prevent us from such situations. Nonetheless, other 21 recommendations will contribute also, if they are adopted, to disturb the hijacker’s job.
But there is no better learning approach -for executives and for everyone- that the one based on one's practical experience. In that sense, the last exercises organized by NERC have served to detect weaknesses in the mechanism that NERC itself is providing to help the energy sector.
Finally, make yours, too, the recommendations on industrial network protection that Paul Studebaker brings to you today, if you will to enter the upcoming ‘smart OT’ universe with guarantee.
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading (particularly the brand new “Study on Colombia’s Industrial Cyber Security”, with which CCI keeps broadening its vision of the international industrial cybersecurity landscape)!