On May 9, the North American Electric Reliability Corporation (NERC) officially adopted new Critical Infrastructure Protection (CIP) requirements for Internal Network Security Monitoring (INSM). This is one of the last steps before Federal regulators make it an official standard for utilities and the electrical power grid industry. What does it mean? Compliance for CIP-015-1 is coming to your utility. Utilities will need monitoring tools with deep and wide asset intelligence and network control.

The security of embedded devices is in the news over the last few years, especially IoT assets and OT systems. From connected medical devices to industrial control systems to smartwatches and building automation, connected IoT devices will expand to over 25 billion by 2028.

Here is the story of how we caught a ransomware attack in our research honeypot. Ransomware attacks on enterprise organizations lead the news. See Change Healthcare and Ascension. Attackers spend their time on the victim’s network, exfiltrate gigabytes of sensitive data, then lock victim’s systems — and ask for millions of dollars in ransom payment. We also hear news about how AI is used maliciously.

As the full scope of the Change Healthcare cyber attack and ransomware story unfolds, a new leading gang has emerged known as ‘RansomHub’. This ‘new’ group has been claiming more victims since the massive February ransomware and data breach attack. On April 8, Forescout Research – Vedere Labs obtained samples used by RansomHub affiliates in a separate incident.

It’s time to recognize official security vulnerability catalog systems aren’t enough. There are too many gaps in the named security vulnerability process. And plenty of vulnerabilities do not receive the attention they deserve. Some vendors silently patch issues while others leave vulnerabilities in a reserved state. There is not one source of information that contains every vulnerability being exploited. The result?

The growth of Internet of Things (IoT) devices is reshaping our digital landscape. From smart thermostats to industrial sensors to IP cameras to smart toilets, these devices drive efficiency through innovation. But they aren’t secure by nature. A new UK law aims to make IoT products much more secure. On April 29, the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act became official and is now enforcing compliance across IoT assets.

The art of risk assessment has long been a crucial element of military strategy and decision-making – and it remains critical to today’s best practices in cybersecurity defense. Abraham Wald, a mathematical genius, played a pivotal role in revolutionizing the understanding of hidden risk and exposure with his innovative work on aircraft survivability. During World War II, the US air force wanted effective methods to protect aircraft against enemy fire.

In our recent research “Better Safe Than Sorry”, we reported how the number of exposed OT/ICS devices in Japan grew by 372% over the past six years. During this time, several notable cyber-attacks targeted businesses and government entities in Japan. The substantial increase in exposed OT/ICS combined with the recent cyber-attacks in Japan has prompted us to give a deeper look at the current threat landscape in the country.