This Appendix looks at the threat landscape today. It looks at the new attacks as well as looking at new targets. In the context of Railways and Thameslink in particular, the following slide has been borrowed from a presentation given by Johannes Emmelheinz of Siemens in Amsterdam this February.
A look at the different types of threats propagating today, combined with the sheer volume of attacks, can paint a discouraging picture. Even more alarming, however, is the fact that today’s threats seldom occur in isolation. A DDoS threat in one segment can divert attention from malware in another. Ransomware can be used to hasten data exfiltration. IPv6 attacks can be used to access parallel IPv4 constructs. Another consideration is that, with individual components available for sale, attackers no longer need overall computer or network expertise.
Botnets can be rented from vendors and application exploits simply purchased. This allows perpetrators to concentrate on results that they desire without having to create the means to commit the crime. This is obvious from the results of Verizon’s 2018 Data Breach Incident Report, which shows that 50% of breaches were carried out by organized criminal groups, and 12% involved nation-state or state-affiliated actors. The bottom line is that for today’s enterprise, the question is not whether you will be attacked. It’s when, by what, and how badly your company’s reputation or finances will be damaged. And one thing is sure in the uncertain world of cybersecurity — the wrong time to consider defence is after the attack has occurred.
For a review of DDOS protection solutions look at the excellent Forester Report embedded below.:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.