Fresh Thinking for the Modern CISO
powered by Kudelski Security-
Preparing For New AI Regulations
Until recently, the regulation of AI was left up to the organizations developing the technology, allowing these organizations to apply their own judgment and ethical guidelines to the products and services they create. Although this is still widely true, it may be about to change. New regulations are on the horizon, and some already signed…
Read More >> -
Defending Against Cyberattacks in the Increasingly Vulnerable Manufacturing Industry
As manufacturing relies more and more on remote access and automation, cyber hygiene continues to be one of the top challenges in securing manufacturers across the nation. In light of several major supply chain disruptions across manufacturing sectors, the Biden Administration recently announced the creation of a Supply Chain Disruptions Task Force to strengthen critical supply chains…
Read More >> -
Security Advisory: Kaseya VSA Supply Chain Compromise Used to Execute REvil Ransomware
SUMMARY On July 2nd, a large-scale supply chain attack operation by the REvil ransomware group affected multiple I.T Managed Service Providers (MSPs) and leveraged the I.T MSP’s Kaseya VSA instances to infect the MSP’s clients. As of this writing the attack campaign has affected 60 I.T MSPs and over 1500 end clients. The attack was…
Read More >> -
5 Steps – Regulatory Compliance and Operational Technology
The recent cyber-attacks against Florida Water Plant and Colonial Pipeline are part of a growing trend. IT and OT are converging, rendering these environments more vulnerable than ever. As cyber-attacks increase against critical infrastructure and Scada systems, the focus on regulatory compliance grows. All well and good – we need to have standards to make…
Read More >> -
The Critical Infrastructure Cybersecurity Dilemma
Colonial Pipeline, Oldsmar incidents highlight the challenge of securing older operational technology systems Critical infrastructure is vital to the functioning of modern societies and economies, yet often these systems are not properly protected or are easily accessed and exploited, and thus remain a key target for threat actors. Although awareness around the severity of operational…
Read More >> -
Data Security as a Business Enabler
Security has evolved since the days when cybersecurity systems were evaluated by the number of incidents handled by the InfoSec team over a year. IT departments and organizational leadership adopted the attitude that no news (or no data breaches) meant no security problems, so all was well. That approach wasn’t true then, and it certainly…
Read More >> -
Part 2: Four Roadblocks to Faster Threat Detection & Response – Three Things You Can Do About Them
Tips for Breaking Through In my last blog post, I looked at how challenges relating to SIEMs, default configurations, device-led strategies, and competing priorities can impede efficient threat detection and response. In this post, I’ll look at three things you can do to address them and how Kudelski Security MSS can help.. 1. Develop…
Read More >> -
The CISO Legacy: Security Lieutenants
No matter how good a CISO is, there aren’t enough hours in the day to handle the myriad of new responsibilities that have been thrown at them. To be effective and ensure a strong security posture, CISOs need a lieutenant to head up each domain that falls within their scope. Given all the challenges CISOs…
Read More >>