There are, broadly, three levels of cyber threat: Statesponsored groups conducting cyber-attacks mostly for political reasons; cyber-crime organisations for financial reasons by for example stealing and reselling information, ransomware, impersonating aviation stakeholders to extract money from legitimate organisations through deception or blackmail, and “hacktivists”, activists wanting to disrupt the aviation industry for motivational reasons.
While state-sponsored actors are responsible for around 23% of overall cyber-attacks they so far did not tend to target ATM organisations which are recognised as essential safetyof-life services – according to the current shared records of incidents. Will this remain? But cyber criminals are another matter. Their methods are becoming more complex and difficult to detect. They have begun adapting their operations from directly stealing money to stealing data and finding multiple ways of exploiting its value. These range from bombarding contacts with emails and only stopping when a ransom has been paid to encrypting part of a network and threatening to keep it locked – or expose it – unless money is handed over.