During a recent client engagement, the DGC penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk products. The vulnerability exists in a software component common to most Autodesk products and impacts nearly all organizations using licensed Autodesk software in any capacity.

No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence agency.

Want a job in cybersecurity? There are plenty to go around. Cybersecurity Ventures estimated that there will be 3.5 million job openings in the industry by the end of the year. That makes sense. According to Gartner , global spending on information security and risk management technology is expected to exceed$150 billion in 2021. Organizations are going to need someone to help them manage those new solutions. The issue is that information security is an expansive industry.

For a while, privacy in Q2 was looking like it would follow the season’s idiomatic rule: in like a lion, out like a lamb. But it came roaring back in June with a new U.S. state law, EU adequacy decisions, a new EU data transfer mechanism, and more. As we look back over the second quarter of 2021, several important developments are worth noting.

Today’s enterprise operations involve the coordination of several different digital ecosystems but none quite so inflamed as the cybersecurity ecosystem. Technology has been evolving at a rapid pace, and attackers are armed with advanced tactics to steal data and expose secure information. In response, cybersecurity teams deploy numerous tools and solutions to prevent and mitigate these attacks.

Back in June, I wrote about the Transportation Security Agency’s (TSA) new security directive concerning pipeline owners and operators. The order mandated those entities to disclose security incidents such as the ransomware attack that affected the Colonial Pipeline Company back in May to the TSA and the Cybersecurity & Infrastructure Security Agency (CISA).

OT networks often rely on Windows systems for various ICS applications including HMIs, historians, and data gateways. Beyond that, they also commonly rely on Windows systems to run associated IT-networks.

As businesses emerge from the pandemic, many are making strategic decisions about their long-term work arrangements. While there is a substantial debate about remaining remote or bringing people back to the office, many companies are choosing to meet in the middle, embracing a hybrid work arrangement that allows people to work both on-site and remotely.

Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors. In June, for instance, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet about ransomware attacks on OT.

Are you an organization that operates a Bulk Power System (BPS) in the United States? If so, you understand the need to comply with the Critical Infrastructure Protection (CIP) standards. Developed by the North American Electric Reliability Corporation (NERC), CIP is a set of requirements through which in-scope entities can protect themselves against digital attacks, thereby strengthening the reliability of the U.S. electric grid overall.