Infiltration of malware via removable media and external hardware
Viruses and malware have a lot in common with the Trojan horse in Greek mythology.
“The Greeks constructed a huge wooden horse and hid a select force of men inside. The Greeks pretended to sail away, and the Trojans pulled the horse into their city as a victory trophy. That night the Greek force crept out of the horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greeks entered and destroyed the city of Troy, ending the war.” (Wikipedia)
In my blog the Trojan horse stands for removable media and external hardware. An USB stick, for instance, which can often be inserted into a PC or – far more serious – an engineering station at the heart of the automation technology at any time, rashly and without thinking. No-one checks whether only the data which is supposed to be copied the PC really does get copied. In the worst case, the USB stick could be infected with malware – the soldiers hidden inside the Trojan horse – and we all know what the outcome of that story was….
What I’m getting at here is that every user who claims they “just want to import the presentation or load that little file” needs to be fully aware of the consequences which “just” doing something can have. That four-letter word “just” doesn’t automatically have to spell disaster, of course. But what if your USB stick has already been hit by a virus? Without you knowing? Or – an even more intimidating scenario – what if an attacker is attempting to introduce malware into your systems maliciously?
Be alert
According to the BSI, the German Federal Office for Information Security, the infiltration of malware ranks number 2 among the Top 10 threats.
It comes second only to social engineering and phishing (BSI); click here to read my blog post on this subject.
It is vital for all employees to develop an awareness of, and an alertness to, the do’s and don’ts of removable media and external hardware. These rules should be embedded in the corporate culture and actively practised. One seemingly innocuous act of carelessness can have devastating effects. Once a malware has found its way onto your PC (and especially if your virus scanner fails to sound the alarm – in that case, you’re facing an even bigger problem!), it will spread quickly throughout your enterprise network and you’ll be forced to call in an expert to isolate and remove it.
Take stock of the situation
Yokogawa offers various security services and preventive measures to pre-empt this kind of “Trojan war” scenario.
- USB padlocks as an effective visible deterrent,
- Virus scan PCs and reports for all removable media,
- Hardware locks,
- Whitelists and antivirus software,
… and much more besides.
Picture: Security services
However, the first step is always a security assessment! We get together with you in order to understand your networks and structures, take stock of the present situation by evaluating the measures already in place, and form an overall picture of meaningful and possible actions. We follow this assessment up with an action plan which is tailored to fit your business. We show you ways to prevent malware from infiltrating your company via external hardware.
It all has to click
Security is important. For each individual enterprise and each individual person. In the end, it’s up to individual businesses to decide just how much security they want for their plants. Yokogawa can provide suitable measures and experts to support your decision and implement the action plan that best fits you and your plant. However, it’s putting those security measures into practice in your day-to-day work (as well as in your private life, of course) and getting your employees on board that’s the real challenge – and no-one else can do that job for you, though we’d naturally be delighted to help.
If you have any questions on this subject, please don’t hesitate to ask. We’d welcome the opportunity to discuss any particularly burning issues with you. Feel free to write a comment. I look forward to reading your opinion.
