Hackers can be inside corporate computer networks in 90 seconds and can sit and wait before stealing data or causing damage months later according to cybercrime experts.
Data about a company or its customers’ information can be of value for criminal organisations, or they may wish to divert shipments, which have great worth. The hackers will take weeks and months to learn about a corporate network and its information. Detecting criminal activity on a network can take six or nine months.
A variety of scenarios were described last week by the cyber security panel at the International Air Transport Association’s (IATA) Cargo Network Services (CNS) conference in Orlando (US). One scenario envisages an electronic air waybill being altered to send a high value shipment to a different destination so the criminals can obtain it.
The panel included individuals specialising in cybercrime from US Customs and Border Protection, U.S. Chamber of Commerce, Boeing and Hewlett-Packard.
Faye Francy is the executive director of the Aviation Information Sharing & Analysis Center (A-ISAC). He says: “Advanced persistent threats, APT, they get into your network and stay in your network. They may take down your operations. Most companies don’t detect these for six to nine months.”
The panel advised firms should see security as a business objective, like keeping customer data safe. Following best practice and the US government’s cybersecurity framework were also recommendations.
According to the US government’s Department of Commerce’s National Institute of Standards and Technology, the framework, “consists of standards, guidelines, and practices to promote the protection of critical infrastructure”. The framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.”
Aviation is deemed a critical national infrastructure.