Networks

Categories of NIST CSF.

What is the NIST cybersecurity framework?

People may have heard “NIST CSF” thrown around by colleagues or leadership in relation to how security policies and procedures should be set up. The NIST CSF is one of several cybersecurity frameworks (along with […]

The value of penetration testing ICS/OT environments

The value of penetration testing ICS/OT environments

When establishing and testing a brand new cybersecurity program, it can be difficult to know exactly which steps are reasonable to take and when to take them. In this blog, we will talk about when […]

Cybersecurity awareness metrics: What to measure and how

Cybersecurity awareness metrics: What to measure and how

Defining Awareness First, what is a cybersecurity awareness program? It is a structured approach to managing an organization’s human risk. You can gauge and measure the maturity of an awareness program by using the Security […]

Image courtesy: Brett Sayles

Massive DDoS attack hits Israel

On March 14, 2022, a massive DDoS (Distributed Denial of Service) attack hit Israel, affecting many government websites. For those who may not know what a DDoS attack is, in a DoS cyberattack, “the perpetrator […]

Courtesy: Brett Sayles

Lessons learned from ICS cyberattacks and industry surveys

Major Trends in ICS Cybersecurity ICS cyberattacks involving cyber criminals, hacktivists, and nation states are on the rise Most organizations recognize risks to their ICS and are taking numerous initiatives to address these risks The […]

Image courtesy: Brett Sayles

White House urges private companies to strengthen cybersecurity

On Monday, March 21, 2022, the Biden White House released a statement advising U.S. private sector organizations to strengthen their cybersecurity practices, citing intelligence reports indicating that Russia is looking at options for cyberattacks against […]

Courtesy: Brett Sayles

ISASecure Certification benefits

The certification issued by an ISASecure Accredited Certification Body is the highest global recognition for cybersecurity-related products and demonstrates that the applicable ISA/IEC 62443 requirements have been met throughout the whole lifecycle. Why obtain the […]

Courtesy: Brett Sayles

What is ISASecure certification?

ISASecure certification is a third-party conformity assessment scheme based on the ISA/IEC 62443 series of standards aimed at cybersecurity certification of industrial automation and control systems (IACS), such as distributed control systems (DCS) and supervisory […]

As threat increases, college cybersecurity programs are more in demand

Structure of IEC 62443

IEC 62443 is the international reference standard for industrial cybersecurity of components and systems developed in conformity with ISA/IEC requirements.  IEC 62443 family of standards The most relevant parts of IEC 62443, for the development […]

Image courtesy: Brett Sayles

Enhance industrial network security by following IEC 62443-4-2

Amid continuing disruption to the global supply chain, industrial organizations are seeking ways to stabilize their operations in order to preserve their competitive advantage. One of the most efficient ways to achieve resilient industrial operations […]

Courtesy of CFE Media and Technology

Be an organization’s security champion

The Department of Homeland Security, via the National Cyber Awareness System (NACS), recently released a report on the extent that malicious actors are turning concern over the COVID-19 virus into opportunities to steal user data. The […]

Can engineering afford a world of false positives?

Can engineering afford a world of false positives?

As a very young kid, I would ask my dad, “Dad, what do engineers do?” And the response was always, “They solve problems.” And then I’d ask, “What do designers do?” And he’d say, “They […]

Cybersecurity Locks

How data diode TAPs improve security monitoring

Analyzing packet level data within a network has become a vital component in an organization’s security architecture. Packet level visibility provides essential information needed to protect against security breaches that affect business operations. When implementing […]

Image courtesy: Brett Sayles

How to create a CEO cybersecurity playbook using the CIA triad

As society continues to modernize and advance at an ever-quickening pace, it is getting harder for business owners and executives to not know and understand how information technology (IT) impacts their business. Regardless of the […]

Minimizing the REvil impact delivered via Kaseya servers

Minimizing the REvil impact delivered via Kaseya servers

As the USA prepared for a holiday weekend ahead of the Fourth of July, the ransomware group REvil was leveraging a vulnerability in Kaseya software to attack managed service providers (MSPs) and their downstream customers. […]

The key elements of cybersecurity management are strategy, operational excellence and organizational engagement. Courtesy: Meditechsafe

Three ways to ensure and optimize cybersecurity maturity

The closing months of 2020 saw a 45% increase in cyber-attacks targeted towards healthcare organizations. Healthcare providers of all types and sizes have been breached. A report by Black Book Market Research predicts that data […]

Egregor ransomware: Gone but not forgotten

Egregor ransomware: Gone but not forgotten

Ransomware groups are coming and going faster than ever. In June alone, we saw Avaddon release its decryption keys unprompted and disappear from sight, while members of CLOP were arrested in Ukraine. The move follows […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Three benefits of a 360-degree vulnerability assessment

Defending critical infrastructure environments requires 360-degree visibility into asset and network vulnerabilities, which is why a vulnerability assessment is so important. Vulnerability management teams often face difficulties in patching all of their systems on a […]

Image courtesy: Brett Sayles

How the remote workforce has changed data security

As we made an almost overnight move to a remote workforce as a result of the pandemic, we have increased data security risks and new risks for data exfiltration. The result of this is inevitable […]

Courtesy: CFE Media and Technology

Looking into the cybersecurity future through the past

Hackers, with the backing of a foreign power, infiltrated the Pickett Gap water treatment facility in Tennessee with a remote viral attack. Thankfully, plant managers were able to avert the crisis and prevent thousands of […]

Unlikely cybersecurity targets are a myth

Unlikely cybersecurity targets are a myth

The Colonial Pipeline, Iranian Centrifuges, large financial companies and large companies in general, big cities – these are the notable targets of cyber attackers. Seen within this context, it is easy to assume your company […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Control system cybersecurity tips and tactics released

The impact of cybersecurity breaches on infrastructure control system owners/operators is more visible than ever before. Whether you work for an infrastructure owner/operator or are a consumer of an infrastructure service, the events of the […]

Disconnected cybersecurity systems are a myth

Disconnected cybersecurity systems are a myth

In February of this year, I had COVID-19 symptoms and tested positive. I thought I was reasonably “disconnected.” Turns out, I was not. You may think your manufacturing systems or industrial control systems are similarly […]

Image courtesy: Brett Sayles

Six steps for preventing a cybersecurity attack

Let’s face facts: sooner or later the hackers will come for you. Don’t let yourself think that you don’t have anything that they want. Everyone has something of value. What can companies do to protect […]

Low-level risk assessment for cybersecurity

Low-level risk assessment for cybersecurity

The low-level risk assessment is a detailed analysis typically performed after a high-level risk assessment or, sometimes, conducted on specific plants in order to deeply assess the precise risk estimate of a cyber attack. In […]

High-level risk assessment for cybersecurity

High-level risk assessment for cybersecurity

Across a complete IEC 62443 risk assessment, the High Level Risk Assessment is performed to determine the potential consequences in the event that a plant/system is compromised by a cyber attack. High-level risk assessment helps […]

Eight remote work cybersecurity commitments for 2021

Eight remote work cybersecurity commitments for 2021

According to a Ponemon study, 82% of cybersecurity expenditures go toward post-hoc measures, such as detection, containment and recovery. Only 18% of budgets are invested in prevention – yet financial figures may not be the […]

Courtesy: NordVPN

Ten biggest data breaches in 2020

Hackers were as active as ever in 2020 by taking advantage of users’ vulnerabilities and the economic disruption amid the global COVID-19 pandemic. The number of cyberattacks is rising every year, and 2020 saw a […]

Test 2 Alt Text

Five remote work cybersecurity risks for the COVID-19 era

Many chief information security officers (CISOs) sacrificed cybersecurity as a major priority in an effort to enable employees to perform remote work when the COVID-19 pandemic hit. Much of the workforce plans on operating this […]

Categories of NIST CSF.

What is the NIST cybersecurity framework?

People may have heard “NIST CSF” thrown around by colleagues or leadership in relation to how security policies and procedures should be set up. The NIST CSF is one of several cybersecurity frameworks (along with […]

The value of penetration testing ICS/OT environments

The value of penetration testing ICS/OT environments

When establishing and testing a brand new cybersecurity program, it can be difficult to know exactly which steps are reasonable to take and when to take them. In this blog, we will talk about when […]

Cybersecurity awareness metrics: What to measure and how

Cybersecurity awareness metrics: What to measure and how

Defining Awareness First, what is a cybersecurity awareness program? It is a structured approach to managing an organization’s human risk. You can gauge and measure the maturity of an awareness program by using the Security […]

Image courtesy: Brett Sayles

Massive DDoS attack hits Israel

On March 14, 2022, a massive DDoS (Distributed Denial of Service) attack hit Israel, affecting many government websites. For those who may not know what a DDoS attack is, in a DoS cyberattack, “the perpetrator […]

Courtesy: Brett Sayles

Lessons learned from ICS cyberattacks and industry surveys

Major Trends in ICS Cybersecurity ICS cyberattacks involving cyber criminals, hacktivists, and nation states are on the rise Most organizations recognize risks to their ICS and are taking numerous initiatives to address these risks The […]

Image courtesy: Brett Sayles

White House urges private companies to strengthen cybersecurity

On Monday, March 21, 2022, the Biden White House released a statement advising U.S. private sector organizations to strengthen their cybersecurity practices, citing intelligence reports indicating that Russia is looking at options for cyberattacks against […]

Courtesy: Brett Sayles

ISASecure Certification benefits

The certification issued by an ISASecure Accredited Certification Body is the highest global recognition for cybersecurity-related products and demonstrates that the applicable ISA/IEC 62443 requirements have been met throughout the whole lifecycle. Why obtain the […]

Courtesy: Brett Sayles

What is ISASecure certification?

ISASecure certification is a third-party conformity assessment scheme based on the ISA/IEC 62443 series of standards aimed at cybersecurity certification of industrial automation and control systems (IACS), such as distributed control systems (DCS) and supervisory […]

As threat increases, college cybersecurity programs are more in demand

Structure of IEC 62443

IEC 62443 is the international reference standard for industrial cybersecurity of components and systems developed in conformity with ISA/IEC requirements.  IEC 62443 family of standards The most relevant parts of IEC 62443, for the development […]

Image courtesy: Brett Sayles

Enhance industrial network security by following IEC 62443-4-2

Amid continuing disruption to the global supply chain, industrial organizations are seeking ways to stabilize their operations in order to preserve their competitive advantage. One of the most efficient ways to achieve resilient industrial operations […]

Courtesy of CFE Media and Technology

Be an organization’s security champion

The Department of Homeland Security, via the National Cyber Awareness System (NACS), recently released a report on the extent that malicious actors are turning concern over the COVID-19 virus into opportunities to steal user data. The […]

Can engineering afford a world of false positives?

Can engineering afford a world of false positives?

As a very young kid, I would ask my dad, “Dad, what do engineers do?” And the response was always, “They solve problems.” And then I’d ask, “What do designers do?” And he’d say, “They […]

Cybersecurity Locks

How data diode TAPs improve security monitoring

Analyzing packet level data within a network has become a vital component in an organization’s security architecture. Packet level visibility provides essential information needed to protect against security breaches that affect business operations. When implementing […]

Image courtesy: Brett Sayles

How to create a CEO cybersecurity playbook using the CIA triad

As society continues to modernize and advance at an ever-quickening pace, it is getting harder for business owners and executives to not know and understand how information technology (IT) impacts their business. Regardless of the […]

Minimizing the REvil impact delivered via Kaseya servers

Minimizing the REvil impact delivered via Kaseya servers

As the USA prepared for a holiday weekend ahead of the Fourth of July, the ransomware group REvil was leveraging a vulnerability in Kaseya software to attack managed service providers (MSPs) and their downstream customers. […]

The key elements of cybersecurity management are strategy, operational excellence and organizational engagement. Courtesy: Meditechsafe

Three ways to ensure and optimize cybersecurity maturity

The closing months of 2020 saw a 45% increase in cyber-attacks targeted towards healthcare organizations. Healthcare providers of all types and sizes have been breached. A report by Black Book Market Research predicts that data […]

Egregor ransomware: Gone but not forgotten

Egregor ransomware: Gone but not forgotten

Ransomware groups are coming and going faster than ever. In June alone, we saw Avaddon release its decryption keys unprompted and disappear from sight, while members of CLOP were arrested in Ukraine. The move follows […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Three benefits of a 360-degree vulnerability assessment

Defending critical infrastructure environments requires 360-degree visibility into asset and network vulnerabilities, which is why a vulnerability assessment is so important. Vulnerability management teams often face difficulties in patching all of their systems on a […]

Image courtesy: Brett Sayles

How the remote workforce has changed data security

As we made an almost overnight move to a remote workforce as a result of the pandemic, we have increased data security risks and new risks for data exfiltration. The result of this is inevitable […]

Courtesy: CFE Media and Technology

Looking into the cybersecurity future through the past

Hackers, with the backing of a foreign power, infiltrated the Pickett Gap water treatment facility in Tennessee with a remote viral attack. Thankfully, plant managers were able to avert the crisis and prevent thousands of […]

Unlikely cybersecurity targets are a myth

Unlikely cybersecurity targets are a myth

The Colonial Pipeline, Iranian Centrifuges, large financial companies and large companies in general, big cities – these are the notable targets of cyber attackers. Seen within this context, it is easy to assume your company […]

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.

Control system cybersecurity tips and tactics released

The impact of cybersecurity breaches on infrastructure control system owners/operators is more visible than ever before. Whether you work for an infrastructure owner/operator or are a consumer of an infrastructure service, the events of the […]

Disconnected cybersecurity systems are a myth

Disconnected cybersecurity systems are a myth

In February of this year, I had COVID-19 symptoms and tested positive. I thought I was reasonably “disconnected.” Turns out, I was not. You may think your manufacturing systems or industrial control systems are similarly […]

Image courtesy: Brett Sayles

Six steps for preventing a cybersecurity attack

Let’s face facts: sooner or later the hackers will come for you. Don’t let yourself think that you don’t have anything that they want. Everyone has something of value. What can companies do to protect […]

Low-level risk assessment for cybersecurity

Low-level risk assessment for cybersecurity

The low-level risk assessment is a detailed analysis typically performed after a high-level risk assessment or, sometimes, conducted on specific plants in order to deeply assess the precise risk estimate of a cyber attack. In […]

High-level risk assessment for cybersecurity

High-level risk assessment for cybersecurity

Across a complete IEC 62443 risk assessment, the High Level Risk Assessment is performed to determine the potential consequences in the event that a plant/system is compromised by a cyber attack. High-level risk assessment helps […]

Eight remote work cybersecurity commitments for 2021

Eight remote work cybersecurity commitments for 2021

According to a Ponemon study, 82% of cybersecurity expenditures go toward post-hoc measures, such as detection, containment and recovery. Only 18% of budgets are invested in prevention – yet financial figures may not be the […]

Courtesy: NordVPN

Ten biggest data breaches in 2020

Hackers were as active as ever in 2020 by taking advantage of users’ vulnerabilities and the economic disruption amid the global COVID-19 pandemic. The number of cyberattacks is rising every year, and 2020 saw a […]

Test 2 Alt Text

Five remote work cybersecurity risks for the COVID-19 era

Many chief information security officers (CISOs) sacrificed cybersecurity as a major priority in an effort to enable employees to perform remote work when the COVID-19 pandemic hit. Much of the workforce plans on operating this […]

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES