When dealing with cyberattacks, consider an alternative approach - expert

When dealing with cyberattacks, consider an alternative approach - expert | Insurance Business New Zealand

When dealing with cyberattacks, consider an alternative approach - expert

New Zealand and Australian organisations seeking the ultimate defence against cyberattacks should consider alternative approaches to traditional “air gap” products, says one expert.

According to US-based critical infrastructure security expert Tom Mullen, a senior vice president at OPSWAT, the best practices in air-gapped network security are evolving in response to escalating cyberattacks and improvements in security technology.

CMO for cybersecurity software at emt Distribution Scott Hagenus, meanwhile, said the complications of these evolving security practices extend well beyond New Zealand and Australian organisations currently operating air-gapped networks.

“It’s not just operators of critical infrastructure, defence or secure government organisations that have a need for air-gapped or isolated networks,” Hagenus said. “We see manufacturing, healthcare, insurance and labour hire organisations that are looking to step up their security.

“Even political parties and news organisations are now setting up air-gapped or secure networks to protect their most sensitive information.”

Hagenus noted one organisation that had suffered repeated ransomware attacks through files submitted to their business.

“Data sanitisation solutions prevent those attacks by removing any active content, without destroying the integrity of the files,” he added.

Moreover, Mullen will be a presenter at the Australian Cyber Security Centre Conference (ACSC) 2018 on April 10-12. His presentation, will examine the experience of US nuclear power facilities, with over 90% of nuclear power plants using OPSWAT’s products to inspect portable media for cyber threats, as well as for auditing.

He will also examine the experience of other organisations using OPSWAT’s tools to show how air-gapped or isolated networks can be operated more cost effectively without compromising security.

“We have customers focused on using automation who are not processing all incoming data through physical kiosks,” he explained. “For example, you can use private subnetworks, where everything remains connected. There are markets that expect this approach.”


Related stories: