You are here

Home » Cybersecurity

Cybersecurity

Cybersecurity Resilience – Security Audits

We all dread them; we all need them – security audits. They can take multiple forms, but without security audits we are unable to measure cybersecurity improvements and many deficiencies may never be brought to light. Security audits involve evaluating or analyzing people, processes, and technology surrounding the security aspects of an organization. Likewise, as organizational networks and cyber threats are constantly changing, security audits should be performed regularly to assess if current controls and processes sufficiently reduce risk against the ever-changing threat landscape.

IT Security Configuration - Active Directory

If your utility uses Microsoft Windows in a networked environment, there’s a near 100% chance you use Active Directory (AD) to centrally administer domains, machines, users, and groups. And like many legitimate tools, if not securely configured, can be a threat actor’s dream for gaining a foothold and hiding in plain sight within your environment. Using AD tactics is nothing new for threat actors, but two recent very large-scale compromises – SolarWinds and Microsoft Exchange – emphasize the importance of securing AD. When is the last time you reviewed your AD configurations?

Verizon’s 2021 Data Breach Investigations Report (2021 DBIR)

Pardon the lack of fanfare that this report deserves, but this serves as an FYI that arguably the most heralded cybersecurity industry report, the Verizon Data Breach Investigation Report, affectionately known as the “DBIR,” was released this morning. According to Verizon, the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR) examines more breaches than ever before. Some of the high-level findings include:

Why IT-Based Ransomware Matters for ICS Operations – Colonial Pipeline Ransomware Attack

Ransomware attacks have ubiquitous relevance for all organizations, regardless of targeting set/victimology or targeted system (IT or OT) of the attributed ransomware group/family for any given incident. For every cyber threat group that claims they don’t target particular sectors or types of organizations, there are many more groups that do not espouse similar tenets. For example, while Darkside proclaims to only support targeting high-value victims capable of paying outrageous demands, many other ransomware groups are indiscriminate and opportunistic and project no such illusion.

Aspiring to CIP Compliance for Water and Wastewater Utilities, Even Though You Don’t Have To

Given cross-sector dependencies with electric utilities, many water and wastewater utilities are familiar with the North American Electric Reliability Corporation (NERC) and its Critical Infrastructure Protection (CIP) Reliability Standards. Some larger and more resourced water and wastewater utilities reference NERC CIP standards as they are applicable to many cybersecurity practices.

Password Hygiene – World Password Day, May 6, 2021

In 2004, Bill Gates prematurely postulated that passwords were dead. According to a recent DarkReading post, in 2005 security expert Mark Burnett wrote a book called Perfect Passwords, in which he floated the idea of dedicating one day in the calendar each year when everybody should change their passwords. Here we are in 2021 and passwords are still pertinent today and for the projected future.

The Ghosts of COVID-Past – Cybersecurity Considerations for Returning to Workspaces

In a heroic feat to maintain operations at a record-setting pace, countless IT and security teams rushed to provide accommodations for a new remote workforce leaving the office behind over one year ago. As we begin inhabiting those abandoned buildings there are bound to be some ghosts lurking around the office due to unintentional oversights when we left. If IT and security staff haven’t been on the premises during the past year, now is a good time to exorcise those ghosts before the masses return.

If Your Utility Qualifies for a “.gov” Top-Level Domain (TLD), Consider This

On Tuesday, administration of the “.gov” top-level domain (TLD) was officially transferred to CISA. Organizations that qualify as a government entity but do not currently use a .gov TLD can be confusing to the public as to whether the website is legitimate. Reasons vary for why some government entities do not use a .gov. Often that reason is due to the cost of registering and maintaining .gov, especially for small municipalities.

Emotet Effectively Exhausted – Uninstall Command Executed on April 25

The uninstall code planted by the German Bundeskriminalamt (BKA) federal police agency instructing Emotet to uninstall from roughly one million remaining infected systems executed on Sunday. This action cleans up the Windows registry key that enabled the Emotet modules to run automatically and stops and deletes associated services, but does not remove other files, nor does it erase additional malware that might have been installed through the botnet.

Pages

Subscribe to Cybersecurity