Many industrial security professionals lack visibility into their organizations’ assets and processes. This includes Industrial Internet of Things (IIoT) devices as well as industrial organizations’ supply chains. Back in March 2021, Tripwire announced the results of a survey in which 99% of security professionals said that they had experienced challenges securing their organizations’ IoT and IIoT devices.

The past few years have emphasized just how important cybersecurity is. As cybercrime reached record heights and more companies went digital, industries realized their current security efforts fell short. Healthcare is a prime example. The medical sector has had the second highest number of data breaches of any industry for more than five years. This became increasingly noticeable in 2019 alone, when the industry experienced 525 data breaches, up from 369 the year before.

Ragnar Locker is a family of ransomware, which first came to prominence in early 2020 when it became notorious for hitting large organisations, attempting to extort large amounts of cryptocurrency from its victims.

There has been a lot of talk about cyber weapons and the cyber dimension of global politics after the NotPetya and WannaCry attacks of 2017 and the Stuxnet worm, first discovered in 2010, when it was used to attack the control mechanisms of Iran’s uranium enriching centrifuges.

The benefits of a capable and properly deployed File Integrity Monitoring (FIM) solution are plentiful: And the importance of FIM cannot be understated. Let’s not forgot what the Center for Internet Security (CIS) says in its Distribution Independent Linux Benchmark version 2.0.0.

Asset inventory is a significant part of a comprehensive security plan for all organizations. After all, if you do not know what assets you have, then you cannot manage them. Even a small company can amass a surprisingly large amount of assets. It is no surprise that accounting for all of these assets can be like chasing a moving target, as new and old assets must be accounted for, and conversely, decommissioned assets must also be removed.

2021 was the year that marked a major cyber-attack against a critical national infrastructure organization whose impact was felt by millions of Americans on the East Coast. However, the attack against the Colonial Pipeline Company was not the only incident that affected the Operational Technology (OT) systems of a critical sector for the U.S. national economy.

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new Standard emerged as an offshoot to the Notifiable Data Breach Scheme, which came into effect in early 2018.

In a previous article, I examined Australia’s proposed Security Legislation Amendment (Critical Infrastructure) Bill 2020. This information security overhaul imposes strict reporting requirements for enterprises as well as affords the Australian government unprecedented and far-reaching powers that enables them to intervene in the operation of an organisztion’s network in the event of a threat to critical infrastructure.