Cybersecurity Leadership

Up to now, the IoT industry has relied mainly on security by obscurity and the results have been predictable

Critical infrastructure organizations need to recognize that the technology and cybersecurity landscapes have changed.

Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems.

If you’ve been putting off redesigning your IT-OT security systems, now is the time to make it a priority.

Historically, the financial services sector has been the most attacked by cybercriminals. Still, in 2021 there was a substantial shift, and a different industry ranked at the top for the first time – the manufacturing industry.

Traditional focus on IT security has left operational technology (OT) vulnerable. New report reveals organizations turning to CISOs for OT security.

Cybersecurity in OT continues to lag behind IT security in terms of maturity and focus.

When industrial environments integrated connected systems into their assets, attack surfaces are expanded, opening once-closed critical infrastructure sites and the companies that manage them to attacks from threat actors.

As a result of this shift from the IT to OT landscape, the C-suite must educate themselves and drive change into the organization to ensure a robust cybersecurity program is in place that addresses OT separately from IT.

Operational technology (OT) networks control the devices critical to the continued operations of production lines, power plants, and energy supplies, and as such are typically segmented from a company’s internet-facing IT networks to better isolate critical hardware from cyberattacks. Now security researchers are warning of the risks posed by the embedded devices that sit on those OT networks.

What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis.

The critical infrastructure and healthcare industries are key targets for cyberattacks because of their extensive use of cyber-physical systems. Here are best practices for cyber-physical security.

How the energy, mining, and materials industries can meet the unique challenges of operational technology cybersecurity.

Recent warnings about advanced persistent threats from China against critical infrastructure suggest a shift in goals, but other nation-state adversaries have their own agendas.

How to ensure cybersecurity in the operational technology environment, at a time of increasing digitalization and convergence of the OT and IT environments.

Here’s how OT cybersecurity practitioners should protect their industrial environments to improve security posture and meet insurance coverage requirements.

OT/ICS cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers.

While securing OT systems can seem overwhelming…the task is not impossible. The power of attack surface management provides the technology needed to lock down assets in your organization.

Innovation in Industrial Control Systems (ICS) may well be helping businesses get the best from their data, but it’s also helping cyber attackers see new ways to attack these critical systems.

Dragos research has found a surge in ransomware attacks on operational technology, disproving that such threats only target IT

OT involves a collection of dedicated systems and physics, and that creates distinct security requirements, said Robert M. Lee, CEO and co-founder at Dragos.

A cyberattack on Amsterdam-Rotterdam-Antwerp (ARA) will have cascading effects across Europe and shows collaboration is needed to challenge future attacks.

According to a report released by Honeywell, 71% of surveyed facility managers in the US, Germany, and China consider OT cybersecurity a concern or worry

Far from sensationalizing ransomware attacks, our response should be to return to the basics of cybersecurity. This requires a converged IT-OT security strategy to limit damage and protect valuable assets.

A cybersecurity solution in business IT, often requiring the use of active components and intrusive techniques, may be highly unsuitable for industrial systems and networks. Not only will it fail to recognize specific industrial protocols and interactions.