Opinion | American companies resemble a bunch of preschoolers running with pointy scissors when it comes to cybersecurity. By Michael Abboud of TetherView.
"solarwinds123". The hackers didn't have to do any"hacking" to execute their breach. They just walked in the metaphorical front door and sat in the living room for 18 months without anybody knowing they were there., which abruptly stoppered the flow of fuel through one of the country's most important arteries, didn't happen because the hackers got access to the systems that actually control the pipeline.
In fact, walk into almost any municipal power authority, water authority, or sewage authority, and the fact that a 10-year-old could likely paralyze half of the systems across the country using very unsophisticated and untrained techniques will probably be greeted with a shrug. The weakest link in any network is the users. It doesn't matter how smart they are, how cybersecurity-aware they are, or how well-trained they are. People are still the weakest link and represent the biggest threat to the organization.
The only way to fully prevent"the weak link" from causing serious self-harm is to turn off the internet entirely and not allow people to use tools like email — but that's not exactly a practical approach for the 21st century.For starters, operational technologies, such as the software that controls a fuel pipeline, and business systems, such as email or marketing software, should be segregated or"siloed.