Skip to content

Share

  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page
PA IN THE MEDIA

Cybersecurity made simple

Read the full article in Business Airport International

PA Consulting’s Justin Lowe, a digital trust and cybersecurity expert, discusses the cyber risks to businesses and what they can do to ensure that their systems and customers are kept secure. PA’s report ‘Overcoming the silent threat – business cyber resilience in airports’ is also mentioned in the article and key examples of ransomware attacks highlighted.

The article explains that cyber criminals are using a variety of tactics including Denial of Service attacks and ransomware attacks to cause problems for companies. Justin explains: “Additionally, there are safety-related risks if attackers focus on targeting systems that support physical security and aviation safety.”

The article goes on to address the recent change in the aviation regulatory world – the introduction of the EU Network and Information Systems Directive. Justin comments: “Unlike GDPR, where there is a similar approach for all countries, each nation is likely to introduce cyber resilience differently which might produce implementation challenges for operators who operate in multiple countries. It seems likely that the scope of these regulations may soon increase as additional operators are classified as operators of essential services.”

Commenting on integrating cybersecurity into day-to-day procedures and processes Justin says: “There are many standard tools and measures that can be used. Most of these involve getting the basics right – robust managing of IT systems and ensuring that they are correctly configured.”

He continues: “That includes strong passwords with multifactor authentication where appropriate. Access to information and systems should be locked down so that only the appropriately authorised users can access them.

“Anti-malware solutions should be deployed to prevent malware infections and all operating systems and applications should always have the latest security pitches.”

Justin goes on to share six tips to help business aviation companies protect themselves from hackers and data breaches:

  1. Appoint a cybersecurity executive. A person with overall responsibility for cybersecurity risks for the organisation will ensure appropriate board and leadership support.
  2. Ensure there are defined responsibilities for security management that cover IT systems and the operational technology systems that underpin aviation operations. These are often not the responsibility of the IT department and can be overlooked.
  3. Assess your cybersecurity management system against an established standard or framework to identify gaps. Appropriate standards and frameworks include ISO27001, National Institute of Standards and Technology Cyber Security Framework, UN Network and Information Systems Regulations and UL Government Cyber Essentials Plus.
  4. Conduct a penetration test of external systems to ensure there are no vulnerabilities exposed that can be exploited. That’s particularly important for customer-facing websites where loss of data is a particularly high risk.
  5. Ensure that operating systems and application have up to date patches to remove any known vulnerabilities.
  6. Organisation need to have effective incident response and business continuity plans in place and make sure they are regularly rehearsed and updated. They should also explore additional measures such as security incident and monitoring systems and advanced malware protection.

Overcome the silent threat

Download the report

Contact the digital trust team

×

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.