By expanding its scope and introducing modernized requirements, the new NIS 2 Directive challenges organizations to elevate their cyber preparedness. This article explores how the directive affects a wide range of sectors and the critical infrastructure within them, detailing the requirements for compliance and highlighting the key role that IONIX plays in supporting organizations in meeting these regulations.

This week, the U.S. Environmental Protection Agency (EPA) warned that cyberattacks against water utilities across the country are becoming more frequent and more severe. The agency urged water systems to take immediate actions to protect the nation’s drinking water. According to the EPA, there are more than 150,000 public water systems across the U.S. serving over 300 million people—virtually all of which are administered and secured at local levels of government.

The US National Institute of Standards and Technology (NIST) has long served as the US federal government’s officially designated creator and publisher of controls frameworks for cybersecurity. The organization developed the first NIST Cybersecurity Framework (NIST CSF) in 2014.

For hackers in 2024, digital assets likely look like a gold mine. Looking back at 2023, many people in the industry celebrated that there were only $1.5 billion of funds stolen due to hacks and security breaches over the course of the year (a smaller number when contrasted with 2022’s jaw-dropping $3.8 billion).

Organizations’ zero-trust policies and identity-centric programs ensure that user identities and login credentials are vigorously protected with IAM policies and security tools like MFA or IP restrictions. However, the situation is very different regarding non-human identities (NHI) like API keys, OAuth apps, service accounts, and secrets. Lack of visibility, monitoring, and governance of this permissive access is everywhere, and attackers have figured it out.

When consumers get online, they enter a vast environment of potential threats. These threats may be after money, information, or network access, and cybersecurity defenses work to prevent these valuables from falling into criminals’ hands.

NIST 800-171 revision 3 was released on May 14, 2024, prompting DoD to issue an indefinite class deviation for DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012). US Defense Industrial Base (DIB) contractors must now comply with NIST SP 800-171 revision 2 rather than the version in effect at the time the solicitation is issued, as was previously required.

In Kubernetes, managing and analyzing network traffic poses unique challenges due to the ephemeral nature of containers and the layered abstraction of Kubernetes structures like pods, deployments, and services. Traditional tools like Wireshark, although powerful, struggle to adapt to these complexities, often capturing excessive, irrelevant data – what we call “noise.”

Microsoft has recently highlighted the abuse of the remote support tool Quick Assist in sophisticated social engineering attacks leading to ransomware infections. This blog post summarizes the threat and recommends a mitigation strategy for Netskope customers.

In the world of cybersecurity being proactive is a necessity. Cyber threats loom large, and only those who dare to innovate, lead, and push boundaries can truly make a difference. That’s why it’s no surprise that our very own Jess Parnell, has been named the CISO of the Year in the 2024 Cybersecurity Excellence Awards.