The World Economic Forum’s 2020 Global Risk Report ranked cyberattacks causing disruption to operations and critical infrastructure among the top five increasing global risks. Accenture estimates that the number of cyberattacks has gone up by 67% in the last five years.
The increasing digital connectivity of...
To reduce risk, security and risk management leaders should eliminate IT and OT silos by creating a single digital security and risk management function. This function should report into IT but should have responsibility for all IT and OT security.
Integrating operational technology (OT) threat monitoring into...
Ransomware threats are now a board-level topic of conversation. All organizations with OT systems need to understand how these attacks are conducted and how to defend against them.
A key industry trend is that vulnerabilities solely affecting the Critical Manufacturing sector rose by 148%. This poses an additional...
The OT security world continues to change to meet new challenges and threats. The 2021 SANS OT/ICS Cybersecurity survey explores how OT defenders across all industries are meeting these challenges and looks to areas where new emphasis can be placed to defend our critical infrastructure as we move forward.
U.S. federal agencies issued a joint advisory around potential cyber threats to the nation's water facilities. They cite "ongoing malicious cyber activity - by both known and unknown actors - targeting the IT and OT technology networks, systems and devices" of U.S. water and wastewater systems.
The Central Electricity Authority has released a new set of cybersecurity guidelines for the power sector, aimed at securing OT systems and building a resilient security framework. It mandates, among other things, that all power sector companies appoint a dedicated CISO to secure systems.
Researchers at Ben-Gurion University of the Negev, Israel, have uncovered a new type of electromagnetic attack, dubbed LANtenna, that exfiltrates sensitive data from an isolated, air-gapped computer using Ethernet cables as transmitting antennas.
The world is experiencing a cybercrime pandemic, which is a direct consequence of COVID-19, according to Amit Basu, CISO and CIO at International Seaways. He offers proactive prevention measures, based on his own experience, for how organizations can stay safe and secure.
As the risks to IT and OT converge, organizations must use "zero trust" to verify user identities and build effective monitoring capabilities to track the behavior of privileged users, say Kartik Shahani of Tenable and Rohan Vaidya of CyberArk.
Dragos is currently tracking 3000+ Common Vulnerabilities and Exposures (CVEs) that affect ICS/OT networks. Of those, more than 400 CVEs have at least one publicly available exploit. Public exploits affect every level of an industrial environment, providing adversaries pre-packaged tools capable of infiltrating an...
Like his peer CISOs, Amit Basu of International Seaways is concerned about complexity and the shifting landscape. But not just the threat landscape – he also is challenged by the shifting dynamics of business priorities and processes, as well as what "protection" in this new environment now entails.
As DNS remains a favorite target for attack vectors, organizations need to build unified security by establishing harmonized DNS traffic and communication to prevent data exfiltration, say Alvin Rodrigues and Pankaj Chawla from Infoblox.
In addition to doing asset inventory, it is important to profile the risks of each asset to ensure OT security, says Mel Migriño, vice president and group CISO at Meralco, the largest power distribution unit in the Philippines.
2021 has more than confirmed the need to protect critical infrastructure from cyber threats. The Colonial Pipeline incident illustrated that an IT compromise of an organization that also has OT can have a disruptive impact on its industrial operations, even if the attackers fail to move laterally into the more...
This edition of the ISMG Security Report features an analysis initiatives unveiled by the Biden administration to enhance supply chain and critical infrastructure security and address the cybersecurity skills gap. Also featured: LockBit 2.0 ransomware rep 'tells all'; misconfigured Microsoft Power Apps.