Containing the cyber threat
Action stations at the NRGIE corporate IT department! Since the early hours of the morning, the phones have been ringing off the hook at the helpdesk. Employees can't log on. They can't connect to the Internet. Applications won'tload, everything's incredibly slow and weird pop-up windows are a ppearing everywhere. Yes, we have a virus. Jane, IT security manager for this major energy supplier, is on the case…
She's already talking on the phone with Thales's Rapid Reaction Force. A team of cyber experts is on the way to find out more about the attack and where it started. They start by drawing up a complete map of theinformation system to see how the attacker might have infected the system, determine how much of it has been compromised, then detect and disable the malicious code. A few hours later, the attack is under control and users can gradually get back to business as usual.
Jane can heave a sigh of relief — for now. But the attack has brought to light some major flaws and vulnerabilities in the company's information system. She thought she had everything covered, but in fact the whole system architecture needs to be audited and redesigned to make it more resilient.
It's a major undertaking. Jane organises an initial meeting with Thales to scope the requirements. Data in transit, data at rest, servers, networks, early threat detection… everything has to be examined indetail by Thales's cybersecurity specialists. A few days later, they come back with a set of recommendations that will provide the all-round protection the information system needs.
Sensitive information of all sorts — technical, commercial, financial, strategic and organisational — needs to be reliably protected. To secure all this essential data, the Thales cyber specialists propose an encryption solution with a hardware security module (HSM) to manage the cryptographic keys. With this type of security appliance, plain data goes in at one end, and encrypted data comes out of the other.
Next they tackle the email system. Risks like Trojan horses and phishing attacks make email one of the weakest links in the IT security chain today. Thales has teamed with Microsoft to develop Cyris for Outlook, an encryption solution for file attachments, and this is what the specialists recommend for NRGIE.
Above and beyond these specific solutions, Thales could operate the customer's information system with its HySIO hybrid outsourcing solution managing selected applications in a secure cloud environment. Transitioning to this solution would be part of an in-depth transformation of the information system to a new architecture with different layers of security for different requirements.
Even with all these protections in place, NRGIE's information system is still exposed to cyber threats — cyber criminals are remarkably adaptable and they can really wreak havoc when they put their minds to it! With close to 200,000 cyber attacks reported every day around the world, nobody is ever completely safe. For NRGIE, a permanent surveillance solution, with Thales engineers working at the company's 24/7 Security Operations Centres, is highly recommended. The specialists monitor security data and events around the clock so they can spot attacks early, react in a timely manner and limit the consequences of a potential attack.
The Thales cyber specialists present all these recommendations in a detailed security audit report. They set up a meeting in a week's time to plan the project and prioritise operations based on input from Jane and her team. There's no time to lose…