NIST Updates5 NIST Updates That Will Impact Security Professionals in 2020

It’s fair to say regulations from the National Institute of Standards and Technology (NIST) are a cornerstone to the security of our federal government: NIST documents set the standard for business operations in both the public and private sector, ranging from information security controls (SP 800-53) to cybersecurity practices (CSF). As time goes by, these documents are frequently updated, and keeping track of them can be difficult.

Read More


pentesting, Risk Requests, risk management framework

Why Crowd-sourced Pentesting Isn’t All it’s Cracked Up to Be

Crowds have always been a powerful thing, but before the Internet came along, it was difficult to harness them. Now things have changed: almost anything can be powered by crowds these days, from funding initiatives to news coverage, research and more. But is crowd-sourcing the right approach to penetration tests? Some people think so.

Read More

 


data breach, vulnerability testing, hackersHackers Can Gain Active Directory Privileges Through Vulnerability in Xerox Printers

Organizations beware: last week, Xerox released a security advisory for several models of the WorkCentre Multifunction and Color Multifunction printers. Thanks to a Lightweight Directory Access Protocol (LDAP) vulnerability, hackers can launch a pass-back attack against printers with weak or default credentials. This exposes the login information of Active Directory users – including those with administrative privileges – and can be used to gain further control over an organization’s network.

Read More


hackers, cyber attacks cyber warfareThe Hacker’s Perspective: Risk as Opportunity

When the Cybersecurity Model Maturity Certification (CMMC) goes into effect this year, the defense department will be holding its contractors to a higher standard than ever before. But whether or not they’re ready for the change remains to be seen: in the past, DoD partners were required to comply with regulations like NIST 800-171. In reality, many fell behind due to the leeway they had in implementation.

Read More

 


2019 in Retrospect: Federal Security Changes and New Directions

The arrival of 2020 signals many exciting developments in cybersecurity across the public and private sectors. With the beginning of a New Year comes the start of a new budget for public spending, and now that Congress has reconvened after the Holiday season, there are lots of items that will have to be discussed as 2020’s agenda for National Security starts taking shape.

Read More


5 Big Risks for Industrial Control Systems (ICS) in 2020

2019 is coming to an end, and with it so is the decade when America started taking cybersecurity seriously. In the past decade, we have seen the rise of cloud-based infrastructure, government legislation like FedRAMP, and – most importantly – a dramatic increase in the number of cyber threats facing both commercial and governmental organizations.

Read More


How to Survive a Data Breach: 14 Disaster Response Tips

How to protect against data breachesTwenty years ago, data breaches were uncommon, and when they happened, they tended to be small. But thanks to digital infrastructure, a worldwide community of skilled attackers with powerful tools and a black market for personally identifiable information (PII), login credentials and financial accounts, large-scale data breaches are now a significant threat to organizations large and small.

Read More


The IoT Security Gap, and Six Ways to Overcome It

IoT Security

By next year, Gartner predicts that the number of devices connected to the Internet will reach 20.4 billion. That’s up 14.1 billion from 2016 – a shocking amount of growth in a short period of time and quintuple the number of usable IP addresses that existed under IPv4.

Read More


The Difference Between IT and OT, and How They Are Converging

the difference between IT and OTEvery system is susceptible to failure or manipulation, and that is why all technology in the enterprise must be carefully secured. Depending on the type of technology, however, different approaches to security are required: guarding a computer with guns will not prevent it from being hacked. Likewise, anti-virus software will not protect a car.

At least, that’s how things used to be. More recently, the kinds of technology that support industry, business and personal productivity have started to converge on the level of software and networking, and security requirements are changing in response.

Read More


NIST 800-53 Rev. 5: What it Is, and Why You Should Care

NIST, security and privacy controlsLater this year, the National Institute for Standards and Technology (NIST) will release revision #5 to Special Publication SP 800-53 Security and Privacy Controls for Information Systems and Organizations, a key framework documenting recommended security controls for federal information systems. Soon, government agencies, contractors and FedRAMP certified vendors will be rushing to update their systems before the guidelines go into effect.

Read More


NIST 800-171: What it Is, and Why You Should Care

Since 2017, any federal contractor working in association with the Department of Defense (DoD) is required to comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171Protecting Unclassified Information in Nonfederal Information Systems and Organizations.  In this article, we’ll give you the rundown on this important regulation, and why compliance is essential for any federal partner.

 Read More


How Regular Risk Assessment Prevents and Stabilizes Threats

Risk assessments

Data breaches, foreign hackers and corporate espionage: today, it seems that phrases like these are on the tips of every tongue, and not without good reason.

Read More


What is ICS?

Through our years of experience within cyber security, Industrial Control Systems (ICS) are unique. There is a blend of old and new technologies. Critical infrastructure security comes in many sizes but only one principle is constant, high availability. Many clients within critical infrastructure and security is becoming more of a concern.

Read More


Always Expect the Worst: Anticipating Threats with Cyber Hunt

Once upon a time, security was about mitigating risks to an organization by following best practices and responding effectively to incidents when they arose. This compliance and risk-based mindset is no longer enough: the past several years have seen escalating breaches and organized cyber-crime, showing that safety is now the exception and not the rule. A threat-based mindset is the only solution. 

Read More


A New Security Risk for ICS Controllers: Triton Malware Explained

Over the past few years, we’ve started to see malware specifically developed to target industrial control systems (ICS). Among the most notable of recent culprits are BlackEnergyIndustroyer and Triton. FireEye was the first security firm responding to the Triton incident, and recently published more information about the Triton Threat Actor TTP profile which we will review in this article. 

Read More


Ransomeware ‘LockerGoga’ Disrupting Industrial Operations

It has recently been reported that a new breed of ransomeware is infecting industrial networks and forcing ICS organizations to switch from digital to manual operations. The malware ‘LockerGoga has, within the past few weeks, infiltrated Norweigan aluminum Manufacturer, Norsk Hydro. Because of this incident, the organization was forced to execute their business continuity and cyber security incident response plans.

Read More


Answering Risk Requests from Third-Party Partners with Risk Requests, risk management frameworkStandardized Documentation and Response

As CISOs become increasingly aware of the risks surrounding third-party relationships – and with a shift in focus towards supply chain risk management – there is mounting pressure from partners and clients to maintain a security posture centered on a mature information security program.

Read More


cyber attacks cyber warfarePreparing For Data Breaches: 5 Lessons From 2018

2018 will likely go down in history for the sheer scale of consumer data that was hacked, leaked, stolen and otherwise compromised by cyberattacks throughout the year. Estimates show that during the first six months alone, 4.5 billion records were exposed over 945 data breaches leading to mass identify theft and financial fraud.

Read More


cyber security data breachesLooking Ahead: Why 2019 Will Be the Year of Cyberwarfare

One year away from the third decade of the 21st century and technology has finally caught up with science fiction. In 2019, we’re going to hear more news about driverless cars, revolutions in artificial intelligence and commercial applications for drones. One thing is for sure: it’s an exciting time to be alive.

Read More


cyber security, us power gridImproving the Reliability of Power Delivery Systems

A recent poll found that an overwhelming majority of Americans (92%) agree on one thing: the power grid needs better protection. This point of view is understandable. The day before New Year’s 2017, researchers discovered that foreign hackers had infiltrated an internal computer at Vermont utility Burlington Electric.

Read More


United States Cyber Command (USCYBERCOM)

Securicon supports USCYBERCOM in planning, coordinating, integrating, synchronizing, and conducting the operations and defense of Department of Defense Information Networks (DODIN).

Read More