Critical infrastructure organizations bear an enormous responsibility. The assets, systems, and networks they manage are crucial to the functioning of a healthy society. They provide water, energy, transportation, healthcare, telecommunications, and more—should they fail, they would bring entire countries to their knees.The vast importance of Critical National Infrastructure (CNI) makes it a prime...

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious...

The manufacturing sector has long been a favorite target for ransomware actors. However, the true scale of the issue has only recently become apparent: research published in Infosecurity Magazine last December revealed that ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018. But why is the manufacturing sector so vulnerable? And what can...

Electricity transmission and distribution are popular topics at the moment, especially as they pertain to utilities infrastructure security. These essential pillars of modern society are undergoing rapid digital transformation, with increased connectivity and technological sophistication harboring large-scale cybersecurity challenges.Electrical critical infrastructure is prone to a plethora of...

In today’s dynamic IT environments, securing and maintaining the integrity of your systems is critical. Fortra’s Tripwire Enterprise is a robust tool designed to help organizations ensure compliance and security by continuously monitoring the configuration and behavior of their IT assets.When deploying Tripwire, a common question arises: should you prioritize monitoring applications, operating...

Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if companies hope to make the most of this technology.The White House’s 2024 cybersecurity report named...

The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves.In...

Data breaches continue to cost organizations millions of dollars each year, with costs rising steadily. According to IBM's 2024 Cost of a Data Breach Report, the average cost of a data breach has surged to $4.88 million globally, reflecting the increasing complexity and sophistication of cyberattacks. In the United States, this figure is even higher, averaging $9.8 million per breach, and the...

The Transportation Security Administration (TSA) has proposed new rules requiring those under its jurisdiction to follow specific cyber risk management (CRM) requirements, report cybersecurity incidents in a certain timeframe, and address physical security concerns.This is positive news for the transportation industry, as hundreds of attacks have been leveled against the sector. These attacks have...

The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. The new legislation proposes penalties for various cybersecurity-related offences. But they key one which has people concerned is this:"Those who carry out activities aimed at targeting institutions or individuals by creating the perception that there has been a...

As we enter 2025, the frequency and sophistication of cyberattacks on critical national infrastructure (CNI) in the US are rising at an alarming rate. These attacks target the foundational systems that support everything from energy and water to transportation and communications, and the consequences are far-reaching and potentially catastrophic. They impact not just the operations of these...

While Exponential Organizations (ExOs) are transforming industries beyond the tech space, that doesn’t mean that they are not susceptible to an increasing number of cyber threats. As ExOs harness innovative and cutting-edge technologies to drive transformative growth, the ability to respond effectively and proactively to cyber incidents becomes increasingly vital. Recent statistics from the 2024...

London is one of the smartest and most interconnected cities in the world. Digital infrastructure plays a role in almost every facet of society, streamlining public transport, improving healthcare provision, boosting sustainability, and more.However, this reliance on technology has left London’s critical national infrastructure (CNI) perilously vulnerable to digital attacks. As geopolitical...

Cybersecurity threats to manufacturing and process plants come from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications, but...

The industrial Internet of Things (IIoT) is growing rapidly. While that’s good news for businesses in terms of productivity and cost savings, these devices carry unique cybersecurity risks that demand attention. Amid such rising concerns, IIoT threat detection is a must.Why Organizations Need IIoT Threat DetectionIIoT endpoints are inherently risky because of the potential for lateral movement....

In recent years, the security of the United States' critical infrastructure has become a pressing concern, particularly in the oil and gas sector, due to its pivotal role in the nation's economy and energy supply. Recognizing this, the Transportation Security Administration (TSA) implements several new directives in July each year aimed at enhancing the security and resilience of vital energy...

DDoS attacks have become an annoyance most companies assume they may have to deal with at some point. While frustrating, minor website disruptions from small-scale hacktivist campaigns rarely create substantial business impacts. However, a particularly insidious DDoS spinoff has emerged over the past decade – one aimed at blackmail.This evolutionary milestone stems from what's called Ransom DDoS ...

Cybersecurity's role in geopolitics is growing more significant by the day. In a world of increasingly sophisticated cyber threats, governments worldwide are recognizing the impact digital attacks can have on national security, trade, and infrastructure.This has never been more evident than with the recent introduction of the Protecting Investments in Our Ports Act by U.S. Senators John Cornyn (R...

We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeed in responding to the threat.Key TakeawaysOne takeaway...

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that malicious hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly.In an advisory posted on CISA's website yesterday, the agency said that internet...