PwC Exec: Companies Aren’t Aware of Their Vulnerability to Cyber Threats
Being hacked and the victim of a cyber attack is now a business’ worst nightmare. But even though everybody is aware of the cyber threat, companies, including those in the aerospace and satellite sector, still need to do more to prepare.
“As more and more of the world around us becomes increasingly hyper-connected, the opportunities for fraud, data compromise and physical disruption of critical safety systems also increases,” said James Hunt, cybersecurity specialist at PricewaterhouseCoopers (PwC). “Many organizations still don’t realize how vulnerable they are, and as a result haven’t got the right crisis planning, readiness and response in place for when the inevitable does happen. Cybersecurity is about changing an organization to be securable, not just implementing the latest technology. This requires engagement from all aspects of a business and embedding consideration of cybersecurity risk in all decision-making processes.”
PwC recently published its Global State of Information Security Survey, which takes an in-depth look at cybersecurity issues facing major enterprises. Hunt said PwC is beginning to see a shift in thinking, with the majority of organizations no longer viewing cybersecurity as a barrier to change or as purely an IT cost. He says many companies are adopting new technologies to gain competitive advantage, but as their digital horizons expand, so does their cyber risk.
“In the United Kingdom, cybersecurity budgets doubled in the last year, but despite this nearly a fifth (18 percent) don’t know how many cyber attacks they experienced last year and 17 percent didn’t know the likely source of their security incidents. The top insider risk for U.K. organizations is still current employees, followed by former employees; but current third party service providers or contractors are increasingly likely to be the cause of a cyber threat to a business now too,” he added.
Hunt highlighted four key findings from the report. Firstly, he said digital businesses are adopting new technologies and approaches to cybersecurity. Secondly, Hunt said that threat intelligence and information sharing have become business-critical. He also mentioned that organizations are addressing risks associated with the Internet of Things (IOT). Finally, he said that geopolitical threats are rising.
When asked if he thought space-based assets were particularly vulnerable, Hunt said, “Space-based assets already play a vital role in critical national infrastructure. The space industry must ensure both safety and security risks are included when considering potential attack scenarios. Considerable effort has been made, for example, to ensure Global Navigation Satellite Systems (GNSS) meet stringent safety requirements for accuracy, integrity and availability.”
With aircraft becoming increasingly connected, and becoming in essence “networks in the sky,” they could become a particular target for hackers and malicious enterprises. “Airlines need to ensure that as their fleet updates, so too should their approach to managing cyber risk. In particular, thought should be taken around connectivity to non-governmental services including the internet, the use of portable electronic devices and introducing commercial off-the-shelf technologies which are not certified or accredited by a government authority for secure operations,” Hunt said. “All of these factors can introduce cybersecurity vulnerabilities outside of current airworthiness regulations.”