The energy sector is having a tumultuous decade. During the COVID pandemic, the price of oil plummeted. In 2021, a ransomware attack forced one of the US’s most significant oil pipelines to cease operations for five days, causing a state of emergency in seventeen states. Putin’s war in Ukraine has disrupted natural gas supplies across Europe. And now, it seems, it is the electricity providers’...

Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be overlooking one of its...

Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative, and faster than ever. So, understanding attackers' tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action...

As technologies advance and the world grows more complicated, collaboration and coordination have become increasingly important. Setting standards, sharing information, and bringing experts together are essential to safely developing technologies for national and global priorities, and the world needs organizations to fulfill this role.  The American...

From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated.  National Institute of...

Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act. This new legislation recognizes that collective defense is the...

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the...

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households...

The financial services sector faces unprecedented cybersecurity challenges in today's digital age. With the industry being a prime target for cybercriminals, understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of cybersecurity regulations affecting financial services, underscoring...

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy,...

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few. Though...

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to...

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital...

2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement: the technology used to manage water pressure was developed by Israel,...

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity...

  One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. ...

Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major challenge: keeping sensitive patient information private. At the heart of this privacy challenge stands...

Cybersecurity in Mental Healthcare - The Overlooked Risk Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can join, and there are courses they can attend, but they aren’t forced to.  It should be noted that...

At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of...