Airbus systems breached by cyber attack
Airbus SE reported it had detected a cyber incident that breached its Airbus commercial aircraft business information systems yesterday, resulting in unauthorised access to data but not affecting its commercial operations.
Above:
Airbus HQ at Toulouse.
Courtsey Airbus
It is believed that employee contact information was accessed in the security breach suffered by Airbus, which has said it is taking measures to improve its security defences.
In a statement Airbus said: 'This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins.
'Investigations are ongoing to understand if any specific data was targeted, however we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe.
'The company is in contact with the relevant regulatory authorities and the data protection authorities pursuant to the GDPR (General Data Protection Regulation). Airbus employees are being advised to take all necessary precautions going forward.'
Irra Ariella Khi, CEO of City-based VChain said: “The security breach against Airbus is another example that current processes for storing sensitive data are not fit for purpose. Holding data on centralised, vulnerabile systems is making it easy for hackers. We urgently need to move to systems built using privacy by design principles – where data security and obscurity are built into the system – and data is not in a box that is inevitably breached.
“Personal data of employees, operatives, or passengers held by those operating in the aviation industry is highly sensitive. The industry is highly regulated for a reason: data security is vital for ensuring safety. Whatever the motivation of the attack is, we should not be making it so easy to access data.
“Cyber defence is of course vital but breaches would be better prevented by not storing the data in an insecure way in the first place. Technology to better avoid such risks is increasingly available.”
Dan Turner, CEO of Malvern-based Deep Secure said: “The Airbus breach is likely to become just another fleeting reference in the constant stream of data breaches we’ll witness this year. Incidents like this show that, no matter how robust the company’s security defences, traditional cybersecurity solutions are unable to detect the growing number of zero-day and undetectable threats that cybercriminals are creating.
We must assume that hackers are better at attacking than we are at defending and that’s why we must go beyond the detect and protect approach to cybersecurity and focus on preventing attacks. Only this way can we – the cybersecurity industry – empower organisations to truly secure their data.”