AI’s Growing Role in Controlling Devices:

As AI starts entering more workplaces, it is crucial to recognize that AI will become more interconnected with hardware devices in your organization. You might want AI to control room lighting and air conditioning to make it voice-controlled or adapt to the changing activities in the room. AI can also control massive machinery, including robots and high-powered lasers for cutting steel. We’ll all be surprised at how many real-world tangible controls AI can assist. For AI to control devices, computers must drive the machines. Threat actors could exploit weaknesses to disrupt companies, damage equipment, cause expensive delays, and worse.

Machines Driven by Computers, Including Those Running AI and Traditional Computer Control Systems, Introduce a Security Threat:

As AI becomes integral to your operations, remember: Everything from climate control and identity detection to robots and laser cutters hinges on computer systems. AI’s potential is vast, and its growing adoption means more devices linked to our networks.

However, this surge in AI adoption produces an often-overlooked danger that all organizations with industrial controls must consider. The computer systems hosting your AI and traditional solutions can become obsolete faster than the devices they control. Neglecting to update operating systems and using other security controls exposes your organization to cybersecurity threats. While devices might seem to run smoothly, the escalating sophistication of cyber attackers can’t be underestimated.

Executives: Unchain Your IT Pros from the Security Limitations:

Is your IT Team prohibited from applying critical cybersecurity updates to operating systems or upgrading to supported operating systems on workstations that control instruments, lasers, robots, and other machinery? If they are, those workstations pose a security threat to your organization.

Executives must understand that using workstations with old operating systems or without the most recent critical security updates is a significant security risk. In some cases, executives must ask the IT Team if they have encountered this situation. Sometimes, executives are inclined to delegate decision-making to the IT Pros. Instead, the IT team must alert the executives of the pros, cons, and expenses. The executives need to decide if it makes sense to pay to upgrade the applications that control robotics, manufacturing, or other equipment on a network.

Three Definitions:

In case nobody’s explained these terms, it is essential to differentiate between upgrades and updates:

1. Operating System Upgrades: An example is upgrading from Windows 10 to Windows 11. Newer operating systems often have more security features. Microsoft and Apple will naturally be tempted to assign their best and brightest people to develop and update the newest operating systems, so they eventually drop support for old operating systems. Unsupported operating systems are designated EOL (End of Life.) Using an operating system after it is no longer supported is a significant security risk.
2. Operating System Updates, a.k.a. Patches: Security updates are rated by the severity of the security risk and how likely an attacker will exploit the weakness. Critical security updates are the most important to apply. Staying up to date with patches can be a significant struggle in many situations.
3. Application Upgrades: Upgrades to new versions of the software that controls devices such as CNC machines, robotics, lasers, laboratory equipment, instruments, or any other hardware that connects to a computer.

The Shocking Reality:

Some applications that control devices may prohibit operating system upgrades and security patches. The applications might break if the IT team deploys the patches or upgrades the operating systems. Sadly, as reckless as it seems, some companies that create applications to control machinery will no longer provide technical support to your IT team if the operating system on the workstations is upgraded or has security patches. Their software developers may be too busy to create flexible, secure applications and are forced to focus strictly on functionality.

Depending on the application vendor, paying for an upgraded version of a controller application can be very expensive. Fortunately, sometimes, the upgrade charge is reasonable or free. Sometimes, no upgrade is available to permit operating system upgrades or critical security updates.

Another consideration is the risk that upgrading might interrupt manufacturing flow if the upgrading process requires extensive troubleshooting or potentially interrupt production. When equipment operates 24/7, the IT Team is under more pressure since there is no downtime for maintenance.

If the new application’s user interface significantly differs, shop floor personnel might require additional training. Inadequate training can lead to costly mistakes and safety issues. Scheduling training will affect the timing of deploying the new applications.

So, as you can see, when robotics, scientific instruments, lasers, manufacturing, or other equipment works just fine, upgrading the application offers no valuable benefits, and the IT team is busy, we find during audits and security assessments that many manufacturing organizations have outdated operating systems or need critical cybersecurity updates.

The organization’s executives might accept the risk, especially if compensating controls are in place.

Alternative Tactics Increase Security:

Using compensating controls in networks is essential because systems sometimes have significant vulnerabilities before updates are released or installed. Compensating controls are even more essential to help protect workstations if patches are missing.

Compensating controls include, and are not limited to, isolating the machines that control robotics, manufacturing equipment and scientific instruments on a separate network away from your network. That separate network must have limited connectivity to only allow traffic to and from the specific devices necessary and limit the kind of data and how it traverses the network to reduce the attack surface and make it more difficult for a malicious program or third party to access that instance or device. I sometimes refer to this tactic in keynote presentations as creating filtered subnets.

Another compensating control is to harden the unpatched or EOL machines by removing all applications except those essential for the equipment’s operation. Examples of applications that must be removed include browsers and email clients since they are common vectors for successful attacks. If the employees operating those devices require internet and email access, consider adding a separate workstation that is patchable for email and web access.

EDR/XDR (Endpoint Detection and Response / Extended Detection and Response) technology is another helpful control. It involves installing a small program called an agent on each computer. The EDR/XDR agent monitors the system’s software, services, and behavior for any signs that threat actors might have already compromised the computer. If the EDR/XDR tool detects an IoC (Indicator of Compromise), it can respond by interrupting the process. When tuned to avoid false alarms, the best response is to allow the agent to effectively quarantine the workstation from the rest of the network until the IT team can investigate. This helps prevent attackers from spreading to more hosts.

However, it is common for IT teams to succumb to the danger of relying too heavily on EDR/XDR to protect their organization and, therefore, neglect implementing other industry best practices to protect systems. Threat actors often set up EDR/XDR tools on their test networks to find ways to circumvent the protections. So, even if your EDR/XDR tool says everything is safe, it doesn’t necessarily mean threat actors aren’t active in your network.

To combat this, companies commonly conduct yearly red-team exercises, performed by exceptionally skilled IT teams that regularly perform these exercises and know the tricks and practices real-world threat actors use. These exercises are designed to test the effectiveness of the detection and response process. These exercises look for weaknesses in EDR/XDR and help keep the IT team in practice, ensuring they’re better prepared in the case of an attack.

Depending on your budget, if $20/user/month for EDR/XDR is not feasible, know that the other cybersecurity controls in this article, such as careful hardening and segmentation with very restrictive filtering, are much less expensive than EDR/XDR and have little if any ongoing expense. I don’t want to diminish the usefulness of EDR/XDR tools. If you are on a tight budget, unless your cybersecurity policy requires EDR/XDR, you might choose to focus on other compensating controls.

The IT Team must alert the executives about the expense of upgrading applications, isolating the shop floor instances on a separate network, deploying an additional network for web and email access, training users and operators, implementing EDR/XDR tools, and other expenses. Include time estimates along with financial estimates. Then, the executives can make an informed decision, and IT can follow their instructions and ask for support as necessary.

Step-by-Step Guidance for IT Teams:

Acknowledge that it can be a significant challenge and sometimes practically impossible to ensure that all workstations run with a current OS and that all critical security updates are applied. But keep applying updates if possible.

Inform your executives whether your team has time to make these changes. IT teams must alert executives of the time and expense involved. The executives will have options such as adding more IT professionals to augment the team, postponing other projects, or accepting the risk of continuing with unpatched systems or EOL OSs with the compensating controls listed below.

Explore all technical, training, and expense changes before upgrading applications.

Ask your supervisor to delegate the price checking to someone outside the IT department if feasible. Your IT team is very busy, so checking the prices might cause the upgrade to be delayed. It can be time-consuming to check with the robotic, manufacturing, and scientific equipment vendors to find the pricing for upgrades to their applications that control machinery.

Investigate more than the pricing. Ask about changes in the upgraded applications affecting the user interface and user experience. Ideally, the upgraded application software operates similarly and has the same interface. Unfortunately, some manufacturers significantly change the user experience when they upgrade their applications.

If users will need training, identify a trainer.

Determine how scheduling the training will affect the deployment timing.

Involve executives in decision-making and send them regular reports about the project’s progress.

Implement compensating controls on the workstations because of the high cybersecurity risk of missing critical patches or using EOL OSs. Compensating controls aren’t a replacement for missing patches, but the controls can help tremendously.

Remember that attackers can exploit security risks long before they are discovered. Only when the vulnerability is discovered will the operating system and application developers know to create or release patches to seal that security hole. Refrain from relying on patches as your sole security control for application software and operating systems.

Strongly consider isolating shop floor machines on a separate subnet, especially those you are prohibited from patching and those using EOL OSs. Isolate that subnet completely with an air gap or utilize aggressive filtering at the switch or router to limit traffic to only the required source, destination, ports, and protocols.

Additionally, hardening the workstations against attacks is strongly recommended.

Remove or restrict web and email access. This is one of the most effective ways to harden workstations, as web and email are two of the most common vectors for malware.

If the workers at those devices need access to the web and email, consider deploying a separate workstation to their station they can use for web and email. If feasible, that workstation should not be on the shop floor network. If you put those workstations on the equipment network, you would need to allow email and web traffic, and modifying access control lists to allow more sources, destinations, ports, and protocols can significantly reduce the security you would otherwise introduce to the equipment control network. Strive to exclude TCP ports 80 and 443 on the AI device network while allowing full functionality of the AI and other computer-controlled devices.

Be sure you limit the sources of inbound and destinations of outbound network traffic to the absolute minimum. If you need to run new cables to facilitate the additional workstations for web and email at the workers’ stations, then running new cables might be a significant investment. Deploying a WiFi network for email and web access might be more economical. Keep the key secret. If you share the WiFi password, workers might connect other devices to the equipment network and compromise security. Completely blocking email and web access and access to external IP addresses will hamper the workers on the manufacturing network from exposing the hosts to many threats.

Strongly consider using EDR/XDR tools, along with the Red Team Exercises, to help ensure the configurations’ effectiveness and allow your IT team to prepare for actual emergencies.

Summary:

Protect workstations that control hardware such as robotics, pharmaceuticals, lasers, and scientific instruments, regardless of whether they utilize AI. This helps ensure the safety and operability of your systems, protecting your organization and workers.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

(Image source: Bing. Learn more at [Bing.com].)

The post An Executive’s Handbook to Securing Modern Manufacturing Networks and Robots, AI or Not appeared first on Foster Institute.

It makes sense that malware uses strategies to infect and hide inside of networks undetected. Here is some fascinating insight into that self-preservation: The malware related to SolarWinds attack looks for specific security related software, including a free program named WireShark, before installing itself. If Wireshark is running in Windows, the virus installation terminates itself.

Should you run WireShark on your computers 24×7? Ordinarily, IT Professions remove WireShark in case attackers installed it. Paradoxically, running WireShark will stop the initial activation of the SolarWinds attack. WireShark is not the only choice. Open this Microsoft article and use CTRL-F search for the word WireShark to see the other security related tools that will horrify some malware: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

But, after SUNBURST installs itself, it is too late. It doesn’t look for security related tools after installation.

This message is not a recommendation to run these applications, nor is it intended to dissuade you. If organizations start adopting this strategy to thwart cautious attacks, it will be interesting to see how malware responds.

Forward this article to your friends so they receive this insight into how bad actors strive to avoid detection and discuss implementing this unconventional approach to stopping malware installations.

The post Tips and Tricks: An Unconventional way to Protect Yourself from SolarWinds and Future Hacks appeared first on Foster Institute.

Official channels report that some software giants, including at least one major cloud hosting platform, are compromised. Your suppliers and vendors might be compromised and that affects you, too, even if your systems are safe.

Some steps to take:

1. Remind all of your users that they will likely receive fraudulent email messages that look more realistic than ever. Never enter usernames, passwords, or sensitive data into any forms without checking with your IT Pros first. Never transfer money based on email messages alone.

2. If you receive an email that appears fraudulent, then phone or text the sender to discuss the authenticity. If you email the sender to ask if they sent the first message, a bad actor who compromised their email system will reply to you and say that the original message is safe. Email is less trustworthy than ever, even when you start the conversation.

3. Contact your vendors, suppliers, customers, and anyone you rely upon to ask if they are following this emergency and actively looking for breaches. Ask if they check with their suppliers to require their vigilance too. Assess your risk of one of those entities failing. Have a business continuity plan in place.

4. Many organizations are temporarily disabling SolarWinds. Nobody is sure of the extent of infiltration.

5. Ask your IT pros to implement a two-step login process wherever possible. Reset passwords. Install critical security updates. Restrict account privileges as much as possible. Uninstall all non-essential software. Be hyper-vigilant of anything that appears to be an attack. Our audits and security reviews will help your IT teams secure your systems too.

Rest assured that software giants are working round-the-clock to fight the attackers. The problem is that the attackers had a head start, so they are one step ahead. And, if an organization you rely upon is compromised, it might be too late to stop. The infected organization will need to resolve the problems. They might not realize they are compromised.

The post The SolarWinds Breach Affects You Too. Ask your IT Team to Take these Steps. appeared first on Foster Institute.

More often than ever before, bad actors infiltrate organizations in a slow, methodical way. They can remain undetected for weeks, months, even years. The FBI uses the term dwell time to designate the period from when attackers infiltrate systems until you discover them. The FBI warns businesses that attackers can cause significant damage during dwell time. Bad actors quickly establish backdoors to ensure access, even if you block their first point of entry. They deploy keyloggers on systems to record keystrokes. If your cyber assets are compromised, the bad actors can potentially monitor your messages to find out when you discover their presence in your network, computers, applications, cloud resources, websites, or anywhere else.

Once attackers know you’ve discovered their infiltration, that triggers them to move forward with their next phase, often contacting you to demand a ransom. Sometimes they threaten severe consequences if you attempt to recover your system in any other way than paying them. Since they are in your systems, you must take the threats seriously.

Establish a protocol for workers to communicate suspicions in some method other than email.

Even your IT department must avoid emailing each other questions such as, “I received an alert that someone is resetting an administrator password. That’s odd. Is that you?” Instead, they must communicate by mobile phone or radio.

If you suspect a breach and contact us, consider phoning. If you must email, use a personal account outside of your company account, and use a phone or some device other than a company computer’s keyboard to send the message.

I’m not talking about when users receive a phishing message. I’m talking about if they receive a phishing message that includes customer account information, if an important file is missing or won’t open, or if they receive an unexpected login request on a website or to open a file. IT needs to investigate these early-warning signs.

Please forward this to other executives who you care about to establish a mobile hotline number for users to reach the IT team to report suspicious activity. Help avoid triggering attackers’ responses before your IT team has time to react and, hopefully, mitigate a potential cybersecurity disaster.

The post If You Get Hacked, Do Not Email Anyone About It appeared first on Foster Institute.

When another family member shares a work-from-home computer, it magnifies your risk exponentially. If users already work from home using personal home computers, there are potentially cost-free steps to help protect your organization. Consider allowing them to take their work computer home. If their work computer doesn’t have wireless access, you can provide an inexpensive USB wireless adapter.

Allow your IT professionals, or IT consultants, to monitor and maintain the security of those computers. Many protection tools support remote users, so you might already have what you need.

Dedicated work computers must remain off-limits to other family members. Set a firm boundary that your workers are not authorized to use the computers for any purpose other than working.

Please forward this to your friends, so they know this cost-free way to help protect work-from-home users.

The post One Nine-Year-Old Checking her Email can Breach Your Entire Organization, and How to Protect Yourself appeared first on Foster Institute.

This video walks you through setting up the two step login feature of Zoom.

To help protect your Zoom meetings, watch other videos that cover concerns about using Zoom:

Zoom Security Settings – The Concise Details

Zoom Security Issues – Protect Yourself

Zoom Security – Follow Along to Set Settings

The post Zoom Security – Set Up Two-Step Login appeared first on Foster Institute.

I’m in San Francisco right now at the RSA cybersecurity conference. Hand sanitizer is everywhere, and people are using it.

Italy shut down some towns. There is a possibility, however remote, and perhaps not for months, that US cities might shut down too. Prepare for the potential impact on your organization. For example, if schools shut down, will some of your workers, including IT team members, be unable to come into work because they need to stay at home to watch their youngsters?

Make sure all of your network users can work from home concurrently. Your IT team might need to increase the capacity of your servers to handle the additional workload. Can your workers use their phones to conduct business remotely? Does your IT team need to set up remote VoIP phone clients? Are IT team members cross-trained to be able to cover other workers’ duties? Does everyone know who to contact at your company for the most current information?

Even if your workers can work, they will put the safety of their families first. When Italy shut down some towns, the grocery stores ran out of food and supplies quickly. Encourage workers to stock up on food and products they usually buy, including non-perishables. They need to have enough medications. Once their family is taken care of first, then your workers can devote attention to work.

Prepare for loss of, or delays in, sales and income. Develop contingency plans. Would the loss of one of your primary suppliers devastate your business? Are you prepared if some essential piece of machinery, or network server, needs repair and you cannot get spare parts? Assign someone or develop a team at your company to focus on the risks and develop contingency plans. Remember IT.

Warn your workers that there will be an increase in spam and phishing as bad actors prey on their worries of the virus. They must be vigilant to spam and fake news.

For more information, Homeland Security offers suggestions at ready.gov/business/implementation/IT CDC provides a useful document at CDC.gov/flu/pandemic-resources/pdf/businesschecklist.pdf

Notice signs of things to come including a potential reaction to the virus. The falling stock market is a sign, Italy closing cities is a sign, and San Francisco declaring a state of emergency is a sign. Prepare now in case things start happening rapidly.

Please forward this to your friends so they can prepare their organizations for possible public panic and quarantines over Coronavirus.

The post Prepare Your Organization for a Reaction to Coronavirus appeared first on Foster Institute.

Any of your computers that you purchased six years ago came with Windows 7 installed. Unless you paid for new licenses and gave your team time to upgrade them, those computers run Windows 7 today.

Some of your options include:
– Buy new computers
– If the computer is strong enough, upgrade Windows 7 to Windows 8.1 or Windows 10
– You can ask your IT team if you use a technology called VDI. If so, they can uninstall Windows 7 completely. They can install Linux, or make a bootable thumb drive, or use a No Touch Desktop program. The computer can function as a screen and keyboard to a server where Windows runs

If, for any reason, you need to keep Windows 7 on some workstations, be sure to give your IT team time to implement compensating controls. For example, they can isolate the computers from the rest. Ask them to install Microsoft’s downloadable EMET security tool that works in Windows 7.

Support for Windows 8.0 ended in 2016.
Support for Windows 8.1 ends on January 10, 2023.

Please forward this to your friends and business associates, so they know January 14 is the when Windows 7 becomes a severe security risk to their networks.

The post Microsoft Will Stop Protecting Windows 7 on January 14, 2020 appeared first on Foster Institute.

Beware of additional fraud. Several sites are claiming to help you find out if you were part of the breach, but of course, the sites ask for personal information. Be safe: Use the contact information provided by Equifax. The Equifax FAQ says to visit: https://www.equifaxsecurity2017.com/

To find out if you are affected, that site points you to: https://www.equifaxbreachsettlement.com/

For identity theft, credit monitoring is helpful, so you know you are a victim, but by then, it is too late.

Placing credit freezes are a critical step in preventing your identity from being stolen.”

Freeze your credit, everyone in your family’s, at all major credit bureaus. To save you time, here are four and how to reach them:

Experian (888) 397-3742
https://www.experian.com/freeze/center.html

TransUnion LLC – To Freeze: (888) 909-8872
https://www.transunion.com/credit-freeze

Equifax Information Services, LLC (800) 685-1111
https://www.equifax.com/personal/credit-report-services/

Innovis – To Freeze: (800) 540-2505
https://www.innovis.com/personal/securityFreeze

Please forward this to your friends. If they don’t understand the importance of a credit freeze, The FTC provides more information at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

The post Find Out if You Can Collect a Bundle from the Equifax Breach appeared first on Foster Institute.

The tech support representative at the bank pressed, “I cannot help you if you do not let me into your computer.”

The team member said, “Yes, you can. I can read you anything displayed on the screen, and I can type or click where you say. But we cannot permit anyone to connect remotely. What do you need me to read to you?”

The technician said, “Uh… Ok. What does the error message say?”

The team member replied, “The routing number field is not long enough.”

The technician said, “Ok, that is easy to fix.” And continued to help resolve the problem and all was fine.

Never, ever, permit anyone to remote into your computer.

Once you permit any third party to access your computer, your company’s security is only as good as their security. And you have no idea how good their security is.

Your internal IT team, or outsourced managed service provider, can already take control of your systems without asking you. They will not need to ask your permission. So, if you ever receive a call saying, “This is tech support, you don’t recognize me because I’m the new guy. I need your help to fix your computer. Please go to this website so I can take control of your system to resolve a technical glitch before it crashes your system,” then blow a whistle into the phone as loud as you can. That’s a bad guy using a social engineering ploy in an attempt to trick you into allowing them access into your system.

When in doubt, go back to the only reasonable answer: “No. You will not get access to this computer or any other computer at our organization.” Report this immediately and warn everyone else.

Please forward this to everyone you know or care about, so they know: Never permit anyone, even third party technical support, to access your computer remotely.

The post Never Permit Tech Support to Access your Computer appeared first on Foster Institute.