As an organization’s infrastructure becomes more and more connected and complicated, it becomes more important than ever to have a safe and protected way for employees to access systems remotely. This is not just a challenge for IT environments, but OT environments as well. Nearly half of the Fortune 2000 organizations consider OT networks to be critical components of their business1. It’s...

In information security, it’s often said, “It’s not a matter of if, but when” an organization will be hit by a breach—it's an accepted fact that preventative controls will eventually fail to keep attackers out. And now, with high-impact vulnerabilities like Heartbleed and Shellshock being discovered with some regularity, the likelihood of a serious breach is greater than ever. In this paper, we highlight how the tactics and strategies to respond to high-impact vulnerabilities differ from those used in other security events, outline the steps you can take to prepare for these vulnerabilities before they hit, and provide insight into incident response strategies.

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. ...

Every organization wants to be secure in the long term, but compliance might order them to focus on implementing certain safeguards within a short period. Given this situation, some organizations might elect to focus on compliance now and look at security later. This might involve designating budget for compliance before allocating additional funds for security at some point in the future. This...

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...

Digital attacks are a growing concern for industrial control system (ICS) security professionals. In a 2019 survey conducted by Dimensional Research, 88 percent of respondents told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed their concerns to the possibility of an attack producing a shutdown or downtime. Other survey...

The task of building and running an effective cybersecurity program is a major challenge for any complex organization, but those in charge of industrial control systems (ICS) have even more to figure out than their strictly-IT counterparts. How can industrial organizations overcome the cybersecurity skills gap? What about the increasingly-difficult endeavor of bringing the IT and OT sides of the...

The rapid convergence of IT and OT systems can leave even the most cybersecurity-mature organizations exposed. Industrial security teams are under-reacting to new cyberthreats, and legacy operational technology simply wasn’t built to handle the risks incurred by connecting to IT systems. The main issue is visibility: You can’t secure what you can’t see. Safety, productivity, and uptime are...

Don’t believe there are real cyberthreats to your operations network and control systems? Data shows otherwise. Better foundational industrial cybersecurity practices can help prevent disruption to your operations and financial risk to your bottom line. ...

Cybersecurity experts are urging government agencies to protect their data with up-to-date, foundational security controls, and agencies are listening. But how can they determine where exactly to focus their efforts to maximize efficiency and ensure a strong security stance? This white paper details the four key components federal agencies need in order to establish and maintain a robust security...

You and your security team have a lot on your plate. It’s crucial to keep your organization’s network protected by maintaining a security program that minimizes risk, and it’s you and your team’s responsibility to execute this. This effort has only become more complicated as we’ve entered into a new decade. With the dramatic shift to many of us working from home in 2020—and many organizations...

Search online for the phrase “data is the new oil” and you’ll see it’s used by (and attributed to) many people. Data is a precious and highly valuable commodity. Data is the fuel pumping through today’s digital business, powering communications and commerce. Organizations the world over are mining data to turn raw information into real insight—to drive sales and grow their business. ...

Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?