Fresh Thinking for the Modern CISO
powered by Kudelski Security-
Today’s Ransomware Threat: Why It’s So Severe… And Only Getting Worse
The ransomware threat is nothing new. Though it really got going around the mid-2010s, cyberattacks in which malicious actors encrypt files and demand payment to render them accessible again have been launched for over thirty years. Recently, however, the nature of the battle against ransomware has changed: defenders must contend with greater attack volumes, higher…
Read More >> -
Anticipating Issues With Automation Impact Audits
The promise of automation is doing more with less, freeing people from repetitive tasks allowing focus on more interesting activities. This claim makes for a great tagline but can fall short in implementation. Automation doesn’t have to include complicated machine learning or deep learning. It could be a simple script. Automation is far from a…
Read More >> -
Preparing For New AI Regulations
Until recently, the regulation of AI was left up to the organizations developing the technology, allowing these organizations to apply their own judgment and ethical guidelines to the products and services they create. Although this is still widely true, it may be about to change. New regulations are on the horizon, and some already signed…
Read More >> -
Defending Against Cyberattacks in the Increasingly Vulnerable Manufacturing Industry
As manufacturing relies more and more on remote access and automation, cyber hygiene continues to be one of the top challenges in securing manufacturers across the nation. In light of several major supply chain disruptions across manufacturing sectors, the Biden Administration recently announced the creation of a Supply Chain Disruptions Task Force to strengthen critical supply chains…
Read More >> -
Security Advisory: Kaseya VSA Supply Chain Compromise Used to Execute REvil Ransomware
SUMMARY On July 2nd, a large-scale supply chain attack operation by the REvil ransomware group affected multiple I.T Managed Service Providers (MSPs) and leveraged the I.T MSP’s Kaseya VSA instances to infect the MSP’s clients. As of this writing the attack campaign has affected 60 I.T MSPs and over 1500 end clients. The attack was…
Read More >> -
5 Steps – Regulatory Compliance and Operational Technology
The recent cyber-attacks against Florida Water Plant and Colonial Pipeline are part of a growing trend. IT and OT are converging, rendering these environments more vulnerable than ever. As cyber-attacks increase against critical infrastructure and Scada systems, the focus on regulatory compliance grows. All well and good – we need to have standards to make…
Read More >> -
The Critical Infrastructure Cybersecurity Dilemma
Colonial Pipeline, Oldsmar incidents highlight the challenge of securing older operational technology systems Critical infrastructure is vital to the functioning of modern societies and economies, yet often these systems are not properly protected or are easily accessed and exploited, and thus remain a key target for threat actors. Although awareness around the severity of operational…
Read More >> -
Data Security as a Business Enabler
Security has evolved since the days when cybersecurity systems were evaluated by the number of incidents handled by the InfoSec team over a year. IT departments and organizational leadership adopted the attitude that no news (or no data breaches) meant no security problems, so all was well. That approach wasn’t true then, and it certainly…
Read More >>