Nettitude Blog

Cybersecurity and the Cloud Series – 4 key considerations to take when adopting cloud technology | Nettitude

Posted by Nettitude on Feb 12, 2020 4:48:59 PM

By Nettitude 

In the nearly fifteen years since Amazon launched its initial cloud computing offering, the ways we develop, deploy and manage applications have been changing at pace. More businesses are finding that the transition away from traditional data centre technology is offering advantages such as increased flexibility, more rapid time-to-market, and allowing them to scale to meet customer demand.

 Of course, many of the security considerations of using cloud infrastructure mirror those for more traditional infrastructure, and organisations should draw on existing expertise to manage them. However, different ways of working in the cloud mean that there are new aspects to consider to ensure that you are secured against the latest threats. It’s also worth remembering that these new ways of working can also offer an opportunity to adopt more secure ways of working at a lower cost – but only if deployed effectively.

Below, we’ll take a look at the main advantages of adopting cloud technology, as well as four key considerations your business should take.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Modern Ships – 6 Common Security Issues | Nettitude

Posted by Nettitude on Jan 30, 2020 9:55:03 AM

By Graham Sutherland, Senior Researcher & Consultant at Nettitude

Modern ships utilise networked technologies in order to provide faster, more accurate, and more convenient operations of the vessel. This connectivity unfortunately brings with it new threats to the security of the vessel, its crew, and its cargo, while additionally bringing unique challenges in terms of systems maintenance.

Whilst the benefits of these technologies bring huge value to day to day operations, there are certain precautions which should be taken to offset any risks associated with integrating such technologies. Below are some of the most common security issues faced on today’s ships that you should be aware of.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation, Marine and Offshore

NotPetya Ransomware Attack on Maersk – Key Learnings | Nettitude

Posted by Nettitude on Jan 16, 2020 3:22:59 PM

The shipping sector has traditionally stood apart from the developments in cybersecurity over the past decade. With the majority of critical functions and assets physically isolated by miles of ocean, the need to secure these resources against cyber threats has seemed similarly remote.

However, in recent years, this hands-off approach to cybersecurity and assurance has become riskier and ultimately, costlier. In the modern cyber threat landscape, less capable adversaries such as hacktivists and teenage virus writers take a back seat to organised criminals and even nation state-sponsored threat actors. The cyber-crime economy is now mature, well-established, and well-developed.

Below we will take a look at the key learnings for ship owners and operators which can be taken from previous research and attacks, and most notably the NotPetya attack in 2017 which caused major implications for global shipping giant Maersk.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation, Marine and Offshore

Remote Access Solutions | Part 1  - An overview of remote solutions at sea | Nettitude

Posted by Nettitude on Jan 10, 2020 11:13:20 AM

By Graham Sutherland, Senior Vulnerability Researcher

The traditional online attack surface for ships is changing. Gone are the years where vessels were put to sea for months at a time with little or no contact made with the shore, with letters awaiting them at their next arrival port and unpredictable journey times and locations.

Even with the advent of satellite phones, GPS tracking and computer-based navigation, a typical ship will still have a much more limited online presence compared to shore-based organisations. However, this is changing rapidly. As the availability and reliability of internet connections aboard ships improves, it is natural that organisations will seek to leverage this connectivity for the purposes of remote monitoring and diagnostics.

Below, we take a look at the new and enhanced risks posed by remote access communication on board ships and how we can approach a safer way of operating to protect the ship, its assets and the people on board.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation, Marine and Offshore

Cyber Risks in Communication Systems Series:  Integration risks to communications technology for the M+O sector| Nettitude

Posted by Nettitude on Jan 8, 2020 2:43:43 PM

The explosive growth in communications services over the last two decades has dramatically changed the way that businesses operate in all sectors, improving efficiency and providing new opportunities. In the maritime sector, we can see this from the original adoption of VHF a hundred years ago for ship communication through to more recent safety technologies such as AIS and satellite communication. However, the limited bandwidth and high cost of these technologies has historically limited the sector’s ability to leverage them in many of the ways seen in other industries.

Notably, when adding new technologies or capabilities into existing systems, it’s important to consider any additional risk that may be presented; this can be both from vulnerabilities in the underlying technologies themselves, or from the way in which they can interact with or expose other capabilities. Where risks are identified, mitigations should be put in place to reduce them to an acceptable level. Below we explore some of the ways in which this can be done, and some examples for widely used maritime technologies.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation, Marine and Offshore

Implementing the IMO Cybersecurity Requirements for Ships | Nettitude

Posted by Nettitude on Dec 19, 2019 9:13:58 PM

By Duncan Duffy, Head of Electrotechnical Systems, Lloyd’s Register Marine & Offshore

Increasingly interconnected computer-based systems on ships open the potential for attacks to affect human safety, the safety of the ship and to threaten the marine environment. Attackers may target any combination of people and technology to achieve their aim. To safeguard shipping from current and emerging threats, a range of measures can be adopted.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

The 5 Steps to an Effective Cybersecurity Strategy | Nettitude

Posted by Nettitude on Dec 13, 2019 11:31:13 AM

By Ben Densham, CTO at Nettitude

By 2021, Forbes estimates that there will be $6 trillion in damages caused by cyberattacks, a figure that exceeds the cost of all natural disasters in an entire year. However, cyberattacks and the impact they can have on organisations are now becoming much better understood, and more businesses are putting protocols and cybersecurity strategies in place to become proactive rather than reactive to cyber threats.

Creating a cybersecurity strategy involves working out what ‘good’ looks like for your business in terms of maintaining digital security, keeping cyber threats at bay and having a plan of action in place for the possibility of a breach. Your cybersecurity strategy should be a clear vision that’s well articulated, has board level engagement and is relevant to your industry. Whilst many businesses have a cybersecurity policy, this is no longer enough. It’s crucial to have a full strategy in place which instigates cultural change within your business ecosystem, and isn’t just reactive to threats but proactively ensures your business is doing everything possible to protect itself from cyberattacks.

Here are 5 steps to consider when creating your effective cybersecurity strategy: 

.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Q&A With Our New Security and Network Solutions Account Manager | Nettitude

Posted by Nettitude on Dec 10, 2019 2:25:45 PM

We are pleased to announce the addition of Sarah Beresford, our new Security and Network Solutions Account Manager, within the Security and Network Solutions team. This new team delivers network consultancy, enterprise network solutions and network security solutions. Throughout the forthcoming months, Sarah will be working closely with our clients to assess the effectiveness of their current environments and advise on any appropriate action to ensure their business infrastructure is as safe as possible. Below is a further insight into how Sarah will be working within this new team.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

How Cyber Secure is Equipment used within the Marine and Offshore Industry?

Posted by Nettitude on Dec 5, 2019 11:41:01 AM

By Joel Snape, Senior Security Researcher at Nettitude

Across most branches of industry, it is common to find security companies doing pro-active vulnerability research on equipment used in that industry and publishing details of the issue found after liaising with the vendor to ensure they are fixed. For example, in the wake of several large-scale internet attacks in 2016, researchers focused their attention on IoT devices with many reports surfacing of issues with devices such as CCTV cameras, home routers and network-connected storage devices.

In the maritime space however, much less research has been publicly shared, predominantly because of the comparative cost and lack of accessibility of standard maritime equipment, although research has been carried out for several years, and some of the results have been publicly presented. Nettitude have pulled together highlights of the most relevant research in the public domain from a few key systems and highlighted the impact these vulnerabilities have within the marine and offshore sector, full details of which can be found in this report. So, what did the researchers find? Is the equipment currently used secure?

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

How AWS EC2 Backups Can Be Exfiltrated

Posted by Nettitude on Oct 24, 2019 6:44:49 PM

By Iraklis Mathiopoulos, Managing Principal Security Consultant at Nettitude

October is Cyber Security Awareness Month, which is a great opportunity for companies and individuals to review and improve their cyber security processes and knowledge. At Nettitude, we will be releasing a new blog post every week of Cyber Security Awareness Month on our latest cyber security research, as well as our insights on the latest industry news and trends. We hope you’ll find them helpful, and as always please contact us with any questions.

+++

As cloud infrastructure has become common, it has also become common for penetration testers to find themselves attacking clients that rely on AWS or Azure environments, for example, for handling, storing, and processing critical data.

There are many new and interesting attack paths an adversary can take once they have obtained some sort of access to the environment.

Read More

Topics: Cyber Security Blog, Research & Innovation

About Nettitude

Nettitude is the trusted cybersecurity provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

In 2018, Nettitude became part of The Lloyd's Register Group, an 8,000 person strong professional services organisation, with 300 years of heritage in safety and risk management. Nettitude now provides true global coverage, through a network of over 180 offices strategically placed around the globe.

Subscribe Here!

Recent Posts