As we stated earlier, if Bleeping Computer’s The Week in Ransomware series is a must review, you’ll also want to follow along with a new multi-part series by Control Global executive editor Jim Montague.
Unless you manufacture all of your own components, every organization faces significant risk from their supply chain, and perhaps even more so from the smart/connected technology supply chain.
The Ford Foundation has released a Cybersecurity Assessment Tool (CAT), which is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. While the CAT appears intended primarily for non-technical groups, its creators note that it can be used by any organization undertaking a cybersecurity journey. The tool is designed to be taken as a survey in one 30-minute sitting.
Multiple FBI Warnings
The FBI has published a TLP:WHITE FLASH message containing indicators of compromise associated with the Ragnar Locker ransomware, which the FBI notes has been deployed against an increasing number of victims. This product also contains a list of recommended mitigation measures and encourages recipients to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch) at (855)-292-3937 or CyWatch@fbi.gov.
Nothing screams cybersecurity is serious like personally being on the hook for an entire organization. Personal liability of executives for cyber incidents isn’t new. But when safety of the cyber-physical systems (CPS) that operate within industrial environments is on the line, executives and boards need to be acutely aware of these systems and their vulnerabilities and intentionally pursue a sound risk management strategy for securing these assets.
The Canadian Centre for Cyber Security has released the National Cyber Threat Assessment 2020, which begins by noting increased vulnerability of Canadian individuals and organizations to cyber threat actors given their greater reliance on the internet in the COVID-19 environment. One of the key judgements presented in the document is state-sponsored actors are very likely attempting to develop cyber capabilities to disrupt Canadian critical infrastructure, such as the supply of electricity, to further their goals.
Today the Cybersecurity and Infrastructure Security Agency (CISA) published its Insider Threat Mitigation Guide, which brings together planning and preparedness resources from federal and private sector experts into a single format that organizations can use to prepare for and respond to an insider threat. It contains step-by-step information, best practices, metrics, tools, and training that can be used for establishing an effective threat mitigation plan to decrease the likelihood of harm to people, companies, organizations, and critical infrastructure.
DHS CISA's Cyber Essentials contains a list of six actionable items for leaders and IT professionals to take to reduce cyber risk. CISA has also started releasing toolkits that correspond to each of the cyber elements.
After its recent webinar on Understanding Embedded Devices and Firmware in OT, Verve Industrial took to its blog to address many questions posed during the event. Verve responds in detail and provides “pro-tips” to six important questions for understanding cybersecurity and vulnerability management issues for embedded devices.
Questions answered in this post include:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
