How to Survive a Data Breach: 14 Disaster Response Tips

How to protect against data breachesTwenty years ago, data breaches were uncommon, and when they happened, they tended to be small. But thanks to digital infrastructure, a worldwide community of skilled attackers with powerful tools and a black market for personally identifiable information (PII), login credentials and financial accounts, large-scale data breaches are now a significant threat to organizations large and small.

Read More

 


The IoT Security Gap, and Six Ways to Overcome It

IoT Security

By next year, Gartner predicts that the number of devices connected to the Internet will reach 20.4 billion. That’s up 14.1 billion from 2016 – a shocking amount of growth in a short period of time and quintuple the number of usable IP addresses that existed under IPv4.

Read More

 


The Difference Between IT and OT, and How They Are Converging

the difference between IT and OTEvery system is susceptible to failure or manipulation, and that is why all technology in the enterprise must be carefully secured. Depending on the type of technology, however, different approaches to security are required: guarding a computer with guns will not prevent it from being hacked. Likewise, anti-virus software will not protect a car.

At least, that’s how things used to be. More recently, the kinds of technology that support industry, business and personal productivity have started to converge on the level of software and networking, and security requirements are changing in response.

Read More


NIST 800-53 Rev. 5: What it Is, and Why You Should Care

NIST, security and privacy controlsLater this year, the National Institute for Standards and Technology (NIST) will release revision #5 to Special Publication SP 800-53 Security and Privacy Controls for Information Systems and Organizations, a key framework documenting recommended security controls for federal information systems. Soon, government agencies, contractors and FedRAMP certified vendors will be rushing to update their systems before the guidelines go into effect.

Read More


NIST 800-171: What it Is, and Why You Should Care

Since 2017, any federal contractor working in association with the Department of Defense (DoD) is required to comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171Protecting Unclassified Information in Nonfederal Information Systems and Organizations.  In this article, we’ll give you the rundown on this important regulation, and why compliance is essential for any federal partner.

 Read More


How Regular Risk Assessment Prevents and Stabilizes Threats

Risk assessments

Data breaches, foreign hackers and corporate espionage: today, it seems that phrases like these are on the tips of every tongue, and not without good reason.

Read More


What is ICS?

Through our years of experience within cyber security, Industrial Control Systems (ICS) are unique. There is a blend of old and new technologies. Critical infrastructure security comes in many sizes but only one principle is constant, high availability. Many clients within critical infrastructure and security is becoming more of a concern.

Read More


Always Expect the Worst: Anticipating Threats with Cyber Hunt

Once upon a time, security was about mitigating risks to an organization by following best practices and responding effectively to incidents when they arose. This compliance and risk-based mindset is no longer enough: the past several years have seen escalating breaches and organized cyber-crime, showing that safety is now the exception and not the rule. A threat-based mindset is the only solution. 

Read More


A New Security Risk for ICS Controllers: Triton Malware Explained

Over the past few years, we’ve started to see malware specifically developed to target industrial control systems (ICS). Among the most notable of recent culprits are BlackEnergyIndustroyer and Triton. FireEye was the first security firm responding to the Triton incident, and recently published more information about the Triton Threat Actor TTP profile which we will review in this article. 

Read More


Ransomeware ‘LockerGoga’ Disrupting Industrial Operations

It has recently been reported that a new breed of ransomeware is infecting industrial networks and forcing ICS organizations to switch from digital to manual operations. The malware ‘LockerGoga has, within the past few weeks, infiltrated Norweigan aluminum Manufacturer, Norsk Hydro. Because of this incident, the organization was forced to execute their business continuity and cyber security incident response plans.

Read More


Answering Risk Requests from Third-Party Partners with Risk Requests, risk management frameworkStandardized Documentation and Response

As CISOs become increasingly aware of the risks surrounding third-party relationships – and with a shift in focus towards supply chain risk management – there is mounting pressure from partners and clients to maintain a security posture centered on a mature information security program.

Read More


cyber attacks cyber warfarePreparing For Data Breaches: 5 Lessons From 2018

2018 will likely go down in history for the sheer scale of consumer data that was hacked, leaked, stolen and otherwise compromised by cyberattacks throughout the year. Estimates show that during the first six months alone, 4.5 billion records were exposed over 945 data breaches leading to mass identify theft and financial fraud.

Read More


cyber security data breachesLooking Ahead: Why 2019 Will Be the Year of Cyberwarfare

One year away from the third decade of the 21st century and technology has finally caught up with science fiction. In 2019, we’re going to hear more news about driverless cars, revolutions in artificial intelligence and commercial applications for drones. One thing is for sure: it’s an exciting time to be alive.

Read More


cyber security, us power gridImproving the Reliability of Power Delivery Systems

A recent poll found that an overwhelming majority of Americans (92%) agree on one thing: the power grid needs better protection. This point of view is understandable. The day before New Year’s 2017, researchers discovered that foreign hackers had infiltrated an internal computer at Vermont utility Burlington Electric.

Read More


United States Cyber Command (USCYBERCOM)

Securicon supports USCYBERCOM in planning, coordinating, integrating, synchronizing, and conducting the operations and defense of Department of Defense Information Networks (DODIN).

Read More