State-sponsored hackers will do ‘everything’ to get in, says CISO
ACSC 2016 Airbus chief security officer Stephane Lenco says the company is hit by successful state-sponsored and ransomware attacks a dozen times each year.
The attacks aren’t full breaches, instead representing penetration beyond simple scanning trigger a response from the aviation giant’s security and computer emergency response team.
Speaking at the Australian Cyber Security Centre Conference (ACSC 2016) in Canberra today, Lenco said state-sponsored hackers and terrorists as the company’s chief threat actors.
“We get thousands of attacks daily … we do get on average 10 to 12 really really serious [attacks] that we want to look at very carefully.
“We do get state attackers, they exist, and they do get in.
“State-sponsored attackers will try everything to [break in] and will go after everything.”
The internal security response teams are water-tight, he says, adding that terrorists – the second identified major threat group – would have better luck hurting Airbus with physical attacks rather than exploits.
Not all successful attacks are state-sponsored, however. Lenco says financially-motivated crimeware hackers are finding “tremendous success” across the technology industry.
Airbus chief security officer Stephane Lenco.
Image: Darren Pauli, The Register
He described how one ransomware attacker compromised a staffer’s machine which off site, and began encrypting files across the corporate network once the infected computer was connected to the office intranet.
Airbus’ threat landscape.
The attack could have impacted operational capacity and even research and development had it not been for the speed of the company’s well-oiled security response and data backups.
Lenco says security teams eliminated the threat in less than two hours.
“If it weren’t for backup and response it would have been tremendously damaging for research and development,” Lenco says.
Lenco oversees security at some 180 sites, for 145,000 employees and a portion of the company’s 160,000 suppliers.
He places much value in threat intelligence and says up to 38 percent of his intel comes from free peer-sourced information across the industry, up from 9 percent some years ago.
Actor attribution is not valued, however. “There is no good answer for attribution if we are really talking about state sponsored attacks; it requires a lot of diplomacy [so] attribution is something I will always steer away from.” ®
Sponsored: Digital document transmission and security for the modern business