Article Title: “Nuclear operators urged to tackle growing threat from cyber attack emails.”

Author: Neil Ford

Valley Contributor: Scott Zimmerman, Cybersecurity Program Head

Nuclear plant operators should prioritize the training of staff against spearfishing emails which present a significant and evolving threat to data security, Scott Zimmerman, cyber security lead at non-profit research group Concurrent Technologies Corporation, told Nuclear Energy Insider. “Privileged access is alluring bait to attackers targeting critical infrastructure and can help bypass the time-consuming process of gaining external access”, Zimmerman said.

Spearfishing emails can originate from “compromised legitimate accounts or from seriously well-crafted phishing emails from what appear to be legitimate organizations such as shipping and delivery companies,” he said. Across all industries, some 66% of malware is installed via malicious email attachments, according to Verizon’s 2017 Data Breach Investigations Report. “The initial email is typically followed by tactics aimed at blending in, giving the attacker time to collect the data that they need,” Verizon noted.

According to US-CERT, recent cyber attacks used email attachments to leverage legitimate Microsoft Office functions to retrieve a document from a remote server. The hackers used a combination of authentication protocol and password cracking techniques, it said.

Nuclear operators should allocate appropriate resources to training staff against the latest cyber attack measures, Zimmerman said.

“I didn’t come up with the phrase, but I am always reminded: ‘people make bad firewalls, but they are trainable’,” he said.

Consistent user awareness training, updated and patched systems and tools, and awareness of the latest phishing trends are the most important anti-phishing measures, Zimmerman said.

The post Scott Zimmerman – Interview for Nuclear Energy Insider appeared first on Valley College.

Welcome to National Cyber Security Awareness Month. Every October is all about spreading awareness about cyber security, tips on how everyone can stay safe online, and the dangers that can arise from just one simple click.

At 91ɬ��, students and faculty have been participating in various activities to recognize hidden dangers and best practices for protecting ourselves, our identities, our businesses and our country. Activities focus on dissemination, review and analysis of major security breaches that occur on a daily basis. The intent is to create the proper, worldly mindset essential for proactive and reactive measures to prevent or battle compromises. Students have conducted research on various topics and look for lessons learned in the process.

Here’s some basic guidance that everyone can use. Since today’s world is so interconnected, having good online hygiene is a MUST! Cyber security affects everything that we do, including social media, our mobile phones, and our online presence here at work. Security will never be 100%, but there are many strategies that we can all learn to better protect and prepare ourselves.

Here are a few tips that we can all take to make our online presence more secure:

1. Think before you click: Analyze every email for suspicious links, unknown senders, and random attachments.
2. Protect your passphrases: Make each and every one of your passphrases different for every site. The longer the passphrase, the harder it is for a bad guy.
3. Keep software updated: This helps close potential security holes in systems that attackers can take advantage of. This also applies to all devices, not just desktops or laptops.
4. Browse and shop securely: Look for “https” in the website address. Never enter in any sensitive data to a site that is not “https.”

You can find out more information about being #CyberAware, the #LockDownURLogin campaign, and National Cyber Security Awareness Month at these 2 websites:

https://staysafeonline.org/ncsam/about/

https://www.stopthinkconnect.org/

The post National Cyber Security Awareness Month appeared first on Valley College.