• Unauthorized access of Internet facing Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) devices
• Exploitation of zero-day vulnerabilities in control system devices and software
• Malware infections within air-gapped control system networks
• SQL injection via exploitation of web application vulnerabilities
• Network scanning and probing
• Lateral movement between network zones
• Targeted spear-phishing campaigns
• Strategic web site compromises (a.k.a. watering hole attacks).

1. Air-Gap Networks

In a recent cyber attack on a South Korean nuclear facility, the nuclear plant remained safe because the control system was separated from the external network. It is important that Industrial Control Systems are air-gapped (i.e. separated from the network) so that even if attackers gain access to the network, they will not be able to reach the Industrial Control System and the damage can remain limited.

2. Identify and Encrypt

Identify the most important information and intellectual property that needs to be protected and make sure that it is encrypted and only accessible by a highly restricted group.

3. Use Multiple Anti-Malware Engines

By using multiple anti-malware engines to scan files, web traffic, and email attachments, you can significantly increase the malware detection rates and thwart any attempts to bypass a specific engine’s limitations. Since not every engine addresses the same threats in the same time frame, by using multiple anti-malware engines you can also ensure faster protection against new threats.

4. Implement USB Security 

Files still need to be transferred to high security, air-gapped networks to perform system upgrades, maintenance, etc. To ensure safety but still enable file transfer, portable USB devices should first thoroughly be scanned with multiple anti-malware engines before being allowed to connect to the air-gapped network.

5. Improve Email Security

A common entry point for cyber attacks is spear phishing attacks. Most email security systems can detect and stop phishing attacks, but spear phishing attacks are harder to detect since they are only sent to a small number of people, and significant effort has been put into making them look legitimate. To detect more malware and counter threats that are targeted towards specific antivirus engines, companies need to strengthen their existing email security systems by using multiple anti-malware engines for scanning email attachments. Since spear phishing attacks often make use of malicious email attachments that exploit zero-day vulnerabilities that may not yet be known, it is also important to sanitize email attachments by converting files to another format to diffuse any possible embedded threats.

6. Defend Against Advanced Persistent Threats

Since Advanced Persistent Threats can lie in wait for a considerable time, it is important to continually monitor and scan networks and devices for threats and irregular activity. What may have previously gone undetected by anti-malware engines could suddenly appear on the radar after an engine update. By centrally monitoring the company’s devices, you can ensure that anti-malware and other programs are updated and that malware scans are run regularly.

7. Train Employees

Train employees on USB security, how to detect spear phishing attacks, and to immediately report any devices that are stolen or lost. Make sure that employees update their anti-malware programs frequently and regularly perform full system scans.

8.Third Party Company Security

It is important to ensure that even if security is breached at one of the company’s suppliers or contractors, only limited access can be gained to the company’s central system. Also, when exchanging confidential files with external contacts is important to use a secure file transfer system that ensures that files are encrypted and can only be opened by the intended recipient.