Tag: #cybersecurity

In our earlier blog US Electric Grid is “becoming more vulnerable to cyberattacks” says US GAO, we talked about US GAO assessment report [GAO-19-332] pertaining to Critical Infrastructure Protection at Electric Grids. In this blog, we will do a deep dive to better understand specifics from the report. For a high level overview of the […]

Grid Power Lines

In an earlier blog article titled “Energy Sector at risk of Cyber Attacks”, we described an attack at a Western Utility company and how the attack leveraged a known software vulnerability for which a patch was available but not applied. The energy sector needs to pull up its socks as is evident from recent NIST […]

Power Plant

In an earlier blog in May 2019 titled “Energy sector at risk of cyber attacks!”, we talked about how the energy sector is at the cusp of cyber attacks across the globe. This is a shared sentiment, as is evident from the recent special publication 1800-23 from NIST (link to complete publication for those interested) […]

Broken glass

Earlier last month NIST released a draft copy of CyberSecurity White paper titled “Mitigating the risk of Software Vulnerabilities by adopting a Secure Software Development Framework [SSDF]” for comments. The paper highlights how few software development lifecycle [SDLC] models explicitly address software security in detail and it recommends a core set of high-level secure software […]

Priority

The number of vulnerabilities being reported has just been growing over the years. The below chart help depict how the count of vulnerabilities has grown significantly (though not yet exponentially) over the recent years. Note it is apparent from the chart how ThreatWatch provides better overall vulnerability intel coverage, apart from standard sources like NVD. […]

If not, then you should be…and here’s why. Most organizations leverage clouds providers (like AWS, Azure, etc.) extensively these days. Typically public cloud is an integral part of the overall roadmap, with most organizations having some form of a hybrid model. The hybrid model involves a private cloud (internal managed data center) along with a […]

Energy is the all pervasive fuel which drives world economies. It is no wonder that hackers regularly target energy sector companies to cause massive disruption. In a report titled “The road to resilience: managing cyber risks”, Christoph Frei, Secretary General, World Energy Council said the following: Cyber threats are among top issues keeping energy leaders […]

Most organizations face challenges with prioritizing risk from a new vulnerability or threat. At times, late breaking threats do not provide a severity assessment. The standard way to identify the key characteristics of a threat is using CVSS (Common Vulnerability Scoring System). CVSS provides a Vector (based on key dimensions / attributes of the threat […]

  Lately I have been going through recorded sessions from RSA Conference 2019. Thanks RSA for making these recordings available. This particular session “In the wake of an attack – Thoughts from a seasoned CISO” caught my attention and I listened to its playback. It is around 45 minutes for those of you who are […]

[Credits: Photo by rawpixel.com from Pexels] With the internet, things are moving at an alarmingly fast pace. This equates to increased attack surface and phenomenal increase in the number of vulnerabilities out there. Industries are trying to keep up. Evidently one industry which is struggling to keep the pace is Healthcare. In the healthcare industry, the […]