You are here

Home » Cybersecurity

Cybersecurity

When it Comes to Operational Technology, Old Networks Need to Learn New Tricks

Noting that his company’s most recent landscape threat report cybercriminal target vulnerabilities ten or more years old more than they target new ones, an analyst with cybersecurity firm Fortinet emphasizes the importance of companies utilizing operational technology (OT) to improve the security of their systems. He observes that this is especially warranted given that OT systems are often old and have been left unmanaged for many years – making them among the most vulnerable assets in any organization – and the rise of OT’s convergence with information technology (IT) systems.

New Data Breach Notification Laws in Effect in Three States

Companies in Texas, Illinois, and Oregon have new notification obligations if they experience a data breach, under amendments to state laws that went into effect on January 1. All 50 states and the District of Columbia require companies to notify people of security breaches of personal information, but states have been updating data breach notice statutes in recent years to broaden the definition of personal information and change requirements for when and how to notify affected individuals or the state attorney general.

New California Digital and IoT Security Law May Set a National Standard

The California Consumer Privacy Act (CCPA) went into effect on January 1, potentially marking the dawn of a new age for digital privacy and Internet of Things (IoT) device security. Under the law, Californians now have the right to request, review, and erase their digital profiles – personal information that has been collected by businesses. The law applies to any company that interacts with a California resident. While CCPA creates unparalleled digital privacy rights, it places the burden of responsibility on the consumer and not the business.

Advice from DHS’s CISA on Securing New Internet Connected Devices

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has posted an advisory on how to secure new internet connected devices. As described in the advisory, these devices include smart cameras, TVs, watches, phones, and tablets, all of which are popular gifts during the holiday season. Of course, this means that many people are likely to have recently come into possession of such devices. In some cases, they may be bringing these devices to work, potentially introducing new security vulnerabilities to their organizations.

The Number of Ransomware Victims Paying on the Rise

According to Crowdstrike’s recently released 2019 Global Security Attitude Survey, the total number of organizations around the world that pay the ransom after falling victim to a ransomware attack more than doubled this year, from 14 to 39 percent of those affected. Cybersecurity experts and law enforcement agencies, including the FBI, recommend that victims don’t pay the ransoms as doing so funds the criminals and encourages future activity.

The 2010s, When Hacking Moved from “Novelty” to “Fact of Life”

With the 2010s coming to a close, Wired magazine takes its readers on “an anxiety-inducing stroll” through a review of some of the worst hacks that occurred in the last decade. It notes that these hacks demonstrated that cyber incidents have become less of a novelty and more of a fact of life for billions of people around the world. One of the incidents revisited by Wired is that involving the Stuxnet malware that caused physical damage to equipment at a nuclear enrichment facility, a kind of attack that experts have warned could be conducted in other industrial settings.

Exposed Databases Are as Bad as Data Breaches

A review of some of the most significant data breaches from the past year reveals that many resulted not because of a hacker having to apply exceptional technical prowess to infiltrate a system but as a consequence of an administrator having left the information sitting on the Internet by mistake. The problem is pervasive, according to Chris Vickery, a researcher at security company UpGuard who tracks database exposures. "It is the ugly elephant in the room that every security professional knows about, but doesn't want to talk about," he said.

Quantifying OT Cyber Risk Through Comprehensive OT Asset Inventories

Quantifying OT cyber risk requires empirical facts. In a compendium to WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, industrial cybersecurity firm Verve Industrial proposes the best way to gain empirical knowledge of OT environments is through comprehensive asset inventories based on real time, multi-contextual parameters. Verve’s article aims to help separate fact from fiction and varying opinions on what components are the most important when trying to secure OT environments.

Pages

Subscribe to Cybersecurity