Aerospace and defense companies are particularly vulnerable to cyberthreats given the sensitive nature of the industry. Hackers in this space are often more sophisticated than those in other industries, and breaches in this sector can have significant security consequences on a national level.
However, a strong cyber defense plan can help companies stay ahead of threats. Here’s what aerospace and defense companies need to know.
Hackers in the sector are often foreign nations, targeting intellectual property to advance their own defense technology. They’re typically part of advanced persistent threat (APT) groups, which are highly sophisticated, well-funded, and strategic in their pursuit of sensitive information.
They’re able to carry out attacks that are larger in scope and more devastating than those of the average corporate hacker, who is usually just looking for personal information to resell on the dark web.
APTs seek to:
Breaches in the clandestine aerospace and defense sector don’t receive as much news coverage as attacks on commercial businesses. Nevertheless, there have been major breaches in the defense industry and US government. Here are a few organizations that have suffered a breach of their classified information due to an attack.
APT groups continue to explore different ways to breach their targets. Here are four of the most common attacks.
Phishing is a common and easily perpetrated type of attack whereby an attacker poses as a trustworthy individual or group to as deceive a target. Phishing typically takes the form of an email or phone attack and aims to lure a target to click a link in an email that leads them to malware or divulge sensitive information. Although less common, phishing can also take the form of a physical attack, such as an attacker posing as an employee to sneak past security and gain access to a facility.
Thanks to social media and other publicly available information such as websites, it’s often easy to find the personal information, company information, and logos needed to make an email look authentic.
Once an employee clicks a link within an email or divulges sensitive information, such as a password, invisible malware can be downloaded onto his or her machine or legitimate passwords could be used by the hacker to log into sensitive systems. The hacker can then defeat or bypass the company’s security and controls to gain access to their system’s classified information.
Password guessing is another common technique for attackers, who can easily uncover simple and weak ones using automated tools. Companies can increase their protection by enforcing the use of complex passwords that are less likely to be guessed by an automated program.
Regardless of a company’s level of cybersecurity, its interactions and connections with third parties can expose it to major risks. To combat this, companies should evaluate all third-party suppliers and vendors before they’re granted access to company information or backend websites.
Employees themselves can pose a threat in the aerospace and defense industries. Sophisticated threat actors recruit agents to steal data—both before and after they join a company with sensitive data. Monitoring and alerting on anomalies in employee activity can help reduce the likelihood or severity of a breach.
Here are steps a company can take to help enhance its security and controls.
Companies should use complex passwords. A complex password is one that includes the following:
Other steps companies should consider include the following:
Cybersecurity requires careful planning and motivated staff to succeed. Hiring an experienced director or C-suite executive to manage and drive security initiatives can be help lead and direct participation across all aspects of the organization.
Employee awareness training is also critical. For most security frameworks, such as National Institute of Standards and Technology (NIST) 800-53, annual training on detecting and handling suspicious emails is required to reduce the likelihood of a compromise.
Combined with careful planning and organizational awareness, there are many technology safeguards that can help with cybersecurity. To list a few common ones:
Two-factor authentication adds complexity to the authentication process by requiring an additional code or token from a smartphone application or key fob.
Companies that need more stringent security requirements may require three-factor authentication. This method goes beyond the traditional two-factor authentication by requiring a biological verification, such as a thumbprint or retinal scan.
To strengthen these measures further, companies should also require users to change their passwords at least every 90 days.
As developers introduce software updates, they often introduce unintended bugs that can lead to system vulnerabilities. In many cases, these vulnerabilities are well known, so threat actors will try to exploit them. It’s therefore critical that companies find and fix these vulnerabilities quickly.
In addition to staying abreast of technical bulletins, teams can leverage scanners and other tools can be leveraged to help companies identify vulnerabilities. After a vulnerability is identified, patches should be assessed and deployed from a centralized patch management system and team to ensure a systematic and automated program is in place to patch any exploitable vulnerabilities in a timely manner.
Even highly trained employees can be deceived by the convincing tactics used in email phishing scams. Antiphishing software can help identify malicious emails through algorithms that scan emails and attachments. When a suspicious email is identified, the program can remove it from the recipient’s mailbox, and flag it for IT to investigate.
Aerospace and defense businesses have complex cybersecurity needs and risks. For more information on strengthening your company’s cybersecurity, contact your Moss Adams professional.