The State of Security

Cybersecurity threats to manufacturing and process plants come from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications, but they make the cybersecurity landscape more complex. Several affected industries have greatly improved their defence posture, primarily thanks to governmental regulatory compliance requirements. Most…

The industrial Internet of Things (IIoT) is growing rapidly. While that’s good news for businesses in terms of productivity and cost savings, these devices carry unique cybersecurity risks that demand attention. Amid such rising concerns, IIoT threat detection is a must. Why Organizations Need IIoT Threat Detection IIoT endpoints are inherently risky because of the potential for lateral movement. Breaching a connected operational technology (OT) system is often easier than an IT one. As a result, attackers can use IoT devices as entryways into a network and move to sensitive systems and data…

As the United States of America enters the final days of the race for the White House, the FBI has warned that fraudsters are using the presidential election campaign to scam citizens out of their savings and personal data. According to a public service announcement published by the Internet Crime Complaint Center (IC3), scammers who have previously exploited state and local elections are targeting victims across the United States in the run-up to the general election vote on November 5, 2024. Using the images, names, logos and slogans of candidates, fraudsters are scamming the unwary into…

The Sarbanes-Oxley Act (SOX) is a United States federal law that aims to enhance corporate transparency and accountability. Signed into law on July 30th, 2002, the Act came in response to a slew of major corporate accounting scandals, including those involving Enron and WorldCom, that came to light in the early 2000s. Its primary aim is to enhance corporate transparency and accountability, ensuring companies adhere to strict financial reporting standards and maintain effective internal controls. To meet SOX requirements, companies must ensure the integrity, confidentiality, and availability of…

Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important. Key Takeaways from Control 15 Identify your business needs and create a set of standards that can be used to grade service providers that are being proposed. Every company is different, so one set of standards will not be the same in different sectors. Organize and monitor all service providers that are associated with…

In recent years, the security of the United States’ critical infrastructure has become a pressing concern, particularly in the oil and gas sector, due to its pivotal role in the nation’s economy and energy supply. Recognizing this, the Transportation Security Administration (TSA) implements several new directives in July each year aimed at enhancing the security and resilience of vital energy infrastructure against various threats, including cyber-attacks and physical disruptions. The TSA was founded in 2001 following 9/11, and initially focused on aviation security. However, it later…

You can’t do large-scale business in 2024 without having a successful, well-run IT infrastructure. Arguably, it’s difficult to do any sort of business well (large or small) without tuning your IT capabilities to your business objectives. This allows them to work as one, not against each other. COBIT is a framework created by ISACA (International Systems Audit and Control Association) to do this very task. What is COBIT? COBIT is an IT framework originally developed to help financial auditors align with IT, but its effectiveness at bringing IT processes in line with the goals of the business…

Security configuration management (SCM) is all about making sure your security systems do what you think they’re doing. In tennis, there is something called an unforced error. This is when a player loses points for a mistake they made themselves, not due to the skill of the other opponent. In a big way, security misconfigurations are those unforced errors on the security side or instances in which we give attackers a free win. Let/node/29512/’s stop that. What is Security Configuration Management? The National Institute of Standards and Technology ( NIST) defines security configuration…

Historically, Mac users haven’t had to worry about malware as much as their Windows-using cousins. Although malware targeting Apple devices actually predates viruses written for PCs, and there have been some families of malware that have presented a significant threat for both operating systems (for instance, the Word macro viruses that hit computers hard from 1995 onwards), it is generally the case that you’re simply a lot less likely to encounter malware on your Mac than you are on your Windows PC. But that doesn’t mean that Mac users should be complacent. And the recent discovery of a new…

The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization’s application against it to bypass network security controls and compromise sensitive data. Key Takeaways for Control 16 Implementation of Secure Software Development Framework (SSDF) Using additional frameworks to harden security within software development…