Phishing: Targeted Attacks

The threat of phishing remains prevalent in all aspects of digital life. Both personal and professional. But a recent deep dive by Mandient into the details of a more specific kind of attack that is on the rise. This shines a light on the threat of industrial-themed email attacks and how they can affect operational technology.

What is Operational Technology?

Operational technology is the hardware or software that monitors and sometimes controls industrial equipment.  This technology will detect, as well as cause, changes to the processes that are physically happening through monitoring and direct control of the physical device.  Often found in factories, the oil and gas industry, mining, utilities, and transportation, it is all around us and controls things that we use every day.

Information technology (IT) attacks are more familiar, and those target electronic transactions. This type of attack might include email, databases, transactions, and more. Whereas a successful OT attack would have a huge impact on our infrastructure.

What to Look For

In phishing emails, these targeted messages will often use industry-specific language. It will be familiar to the individual working, but not commonly used outside of the job. The familiarity of the language used can cause an employee to place trust in the message and its sender. Their guard will go down as they assume it’s someone ‘within their professional circle’.

How to Offset the Risk

Human error remains the biggest risk to a business’s cybersecurity. An ongoing training program must be part of the plan to offset that risk. Creating awareness is only the start of the battle. That awareness must be cultivated to grow along with the increased sophistication to which cybercrime continues to grow. If you are within an industry that utilizes OT or you are an MSP supporting clients that have it, remind them that every email should be met with caution. The impact of a compromise may not be seen immediately, so if they mistakenly clicked on something they shouldn’t have, alerting the proper parties is critical.

Give your teams the tools and training they need to help protect your systems and data from cyber crime. Contact us today!

Sign Me Up for a  FREE 
Cybersecurity Risk Review

It Starts with a Brief 10 Minute Call.

Fill out my online form.

Knowledge is Power!

Sign Up to Receive Our FREE “Cyber Security Tip of the Week”

No Catch. No Obligation. Just week after week of timely tips to keep you one step ahead of hackers.

Article published with permission from Your Tech Updates.