3 Benefits of a 360-Degree Vulnerability Assessment
Defending critical infrastructure environments requires 360-degree visibility into asset and network vulnerabilities Vulnerability management teams often face difficulties in patching all of their systems on a timely basis. This is true for traditional OT devices such as HMIs, PLCs, etc. But
Top October 2021 Industrial IoT & ICS cybersecurity Events
From a deadly pandemic to a World Expo, this month certainly experienced its fair share of world-shifting events. Here is a list — and timeline — of the major events that happens in October around the globe and what’s in it
Minimum Components of an SBOM Published by NTIA
The NTIA (National Telecommunications and Information Administration) recently published the minimum elements for a Software Bill of Materials (more commonly known as SBOM). The document can be viewed HERE. What is an SBOM? - Definition of an SBOM An SBOM (Software Bill of
Using Security Monitoring to Address Cybersecurity Threats
Joe Saunders, CEO of RunSafe Security, recently hosted a panel discussion on Monitoring Open Source Software in SAAS Infrastructure. His panel included business leaders in the software, technology, and security sectors: Jonathan B Fishbeck, Founder and CEO of EstateSpace, LLC, a
MQTT Principals to Mitigate IoT Cyberattack
In September 2016, the Mirai malware cyberattack shook the IoT world with a DDoS attack model that infected over 600,000 IoT devices. Such attacks on network-attached devices and IoT devices continue to increase exponentially. With the IDC predicting that there will
How to Get Started with Vulnerability Management in OT Cyber Security
Vulnerability Management in OT or ICS cyber security is a challenge, but with an actionable strategy and existing IT/ OT cyber security tools, we can make a significant difference. What is OT/ICS vulnerability management? Vulnerability management in OT/ICS security is the process
Cybersecurity Nightmare = Ransomware + Software Supply Chain Attack
Recently, the Russia-based hacking group REvil, attacked the Florida-based software company Kaseya Ltd. If you’re not familiar with Kaseya, they provide network and security management services for small to medium-sized businesses (SMBs), not unlike what SolarWinds offers for large businesses.
A SolarWinds-style Attack Has Happened Before-Cybersecurity Lessons Learned
A SolarWinds-style cyberattack happened back in in 2013-14 that affected big government agencies and thousands of companies. What should we have learned from the Dragonfly/HAVEX attack? Software Infiltration A cyberattack group called Dragonfly attacked power plants and industrial sites, employing a very
Cybersecurity for Embedded Systems
All critical infrastructure is under cyber attack, all the time. The attack on the Oldsmar, FL water supply is a good example. And it’s getting worse; vulnerability to cyber attack is increasing as the embedded devices controlling these critical infrastructures become