The aviation industry vulnerable in this time of pandemic
Coronavirus has not only affected global hygiene.
It also dealt a significant blow to corporate IT security. The most vulnerable sectors during this period of crisis are none other than the aviation sector. The aviation industry, which is highly computerized, has to deal with the ever-increasing cyberattacks. "This risk is all the greater because the very structure of the aviation industry makes it vulnerable: a very large number of companies and subcontractors are involved in the manufacture of an aircraft, up to the Tier 5 supplier. Each link in the chain therefore offers a potential gateway for hackers. The aviation industry is a collaborative industry, made up of highly connected players. It involves many small suppliers for whom investing in protective means and recruiting an IT security director can be costly. ». David Luponis, Cybersecurity Partner at Mazars, explained.
This article will also interest you: Cathay Pacific airline and airline to pay 500,000 pounds for data leak
In practical terms, it only takes a simple attack on a single partner in a chain, so that the effects can extend to the other links in the chain.An entire supply chain may be impacting for a single mistake made by a minor partner. And that is a very big problem. In the sense that when such an industry is attacked, it endangers current production, but also industrial secrets and patents. However, the current situation clearly favours all-day cyberattacks. What was already the case before the coronavirus has gained in potency. The shift to remote work, which was done in rather difficult conditions, should not really make things easier. Whether in the aviation industry or elsewhere, i.e. in the field of finance or medicine, allowing their employees to have access to the information system from the outside has put the ability of companies to protect their internal information at great difficulty. "In an aeronautical market where know-how and innovation are key to the company's success, the impact of a cyber attack, for example with access to patent information, could lead to or amplify economic disasters. Explains the expert.
Companies that already had some set-up to facilitate telework because it was already in their habits, the crisis can pass quite easily without having to suffer the large-scale damage. The risk was limited from the beginning. In this kind of context, there are employees working with special terminals, approved for the type of work to which they are assigned, with secure connection solutions such as VPNs for remote access. A practice that is highly recommended to all companies that have decided to do the same at this time. Unfortunately this was not the case for the majority. As mentioned above, adapting to remote work was a solution that was adopted a little hastily. And unfortunately the consequences are not being asked. "For other companies that have hastily equipped their employees with backup and rarely secure solutions, the second wave of cyber problems could appear when employees and their IT equipment return to companies. Points out David Luponis. This is correct because employees since telework continue to receive emails from various correspondences. Among these correspondences of course, we can count the cyber-prisoners. It is clear that some employees will become infected sooner or later. If, after the crisis, things were to get back to normal, security officials should ensure that the terminals that were used could not have a direct relationship with the company's information systems. Because this is very likely to cause a backwards problem. In short, employees' computers must be checked to see clean of any impurities before they can be used again in the company's computer fleet. For this reason, David Luponis insisted: "Users who are not subject to strict security rules or who do not have professional and secure equipment are going to be a gateway to the information system. ».
As a result, companies must continue to develop methods of securing their systems. However, they should not forget the post-pandemic, because the risk will not disappear immediately by ending telework, but by the way the tools used outside the company will be included in the computer park.
Now access an unlimited number of passwords: