Security Breach

Follow Security Breach
Share on
Copy link to clipboard

A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.

Eric Sorensen


    • Jun 2, 2025 LATEST EPISODE
    • every other week NEW EPISODES
    • 31m AVG DURATION
    • 135 EPISODES


    Search for episodes from Security Breach with a specific topic:

    Latest episodes from Security Breach

    'We've Made Our Own Prison'

    Play Episode Listen Later Jun 2, 2025 43:27


    Insider threats are creating new attack vectors, but old-school solutions could rise to the challenge.Regardless of the situation or dynamic, everyone likes to think that they're special. However, with experience we learn that appreciating both the shared similarities, as well as some of those unique traits, are how we can best solve problems. A great example is a recent conversation I had with Umaimah Khan, founder and CEO of Opal Security – she goes by UK for short. Her firm focuses on the identify management sector of cybersecurity. What UK constantly reinforced is that the industrial sector is not alone in trying to figure out the best ways to manage and secure human, equipment and asset identification. So, while some of the application challenges are unique, there's a lot of strategies to draw from in determining what might be best for your enterprise.Listen as we discuss:The challenges of identify management at both the human and machine levels.The need for fluid change management when it comes to determining who can access what, and at what level.Why the success of any cybersecurity initiative will be about what the human can or can't do, not the machine.How many security vulnerabilities are created by a "perfect storm of poor communication."Breaking down silos, which have created "security by obscurity."The new attack vectors poor identity management is creating.The evolving role of agentic AI in industrial cybersecurity. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    Dark AI Speeding Hacker Evolution

    Play Episode Listen Later May 16, 2025 36:41


    In many instances the biggest challenge facing OT cybersecurity practitioners is knowing where to focus resources, especially their time. In other words, what are the priorities for the enterprise, facility and people?I recently sat down with Securin's Lead Threat Intelligence Analyst - Aviral Verma. And while I anticipated a conversation focused on vulnerabilities and the threat landscape, discussing these topics led to deeper dives on a range of topics that also included breaking down IT/OT silos, artificial intelligence, the dark web and patching strategies. Listen as we discuss:The transformation of threat actors and how they've been able to cut timelines for exploiting vulnerabilities to 15 days.How hackers are using Dark Web versions of ChatGPT to design more effective credential and data harvesting schemes.Why the security of every software platform, especially those embedded within industrial assets, cannot be assumed.How the legacy dynamic of many OT assets has led hackers to exploit vulnerabilities that have been around for as long as five years.Addressing patching challenges by breaking down silos and getting a deeper understanding of the unique elements of each OT environment.How threat detection needs to evolve, especially with state-sponsored hackers executing "quieter" strategies for attacking manufacturing and critical infrastructure. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Why Ransomware, Credential Theft and Phishing Schemes Persist

    Play Episode Listen Later Apr 25, 2025 40:38


    One of the great things about covering industrial cybersecurity is the number of reports, studies and white papers being produced right now to help provide intelligence on threats, research on new tools, and data on leading trends.The tough part is sorting through all this data and, at some point, prioritizing it in order to get the most and best information.One source that I look forward to each year is IBM's X-Force Threat Intelligence Index. It's full of all that stuff I just mentioned, but will special attention paid to the industrial sector. Unfortunately, some of that attention results from manufacturing being the most highly attacked industry for the fourth consecutive year. Also, according to the Index, it had the most ransomware incidents in 2024.But, as Chris Caridi, a Cyber Threat Analyst for the X-Force and our guest for today's episode shared with me, the news is not all bad. Watch/listen as we discuss:The rise in infostealer malware, credential harvesting and phishing attacks.The importance of understanding how to secure new technology before investing and implementing it.Why most cybersecurity issues are a human problem, not a technical problem.Why multi-factor authentication is now a must for OT connections.The misconfiguration errors that continue to plague manufacturing, and how they create a series of other cybersecurity problems.How manufacturing's cybersecurity journey is similar to the financial sector 10 years ago, and wAs a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts Spotify Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Insecure Webcam Was All a Ransomware Group Needed

    Play Episode Listen Later Apr 16, 2025 31:53


    Endpoint security tools worked, but the hackers worked harder for their payday.While everyone likes to know how someone else might have screwed up and what the fallout looks like, the more import elements of episodes like this one come from the in-depth conversations about new tactics and strategies that are being used by the bad guys, and simultaneously, the insight on new best practices for the good guys.So while I did enjoy diving into how the ransomware group Akira was able to use webcam access to infiltrate an organization, it was also great to discuss the evolution of these hacking groups, EDR tools, dark web monitoring and the need for better credential security with Steve Ross. He's the director of cybersecurity at S-RM, a leading provider or cyber intelligence and solutions.Watch/listen as we also discuss:Endpoint Detection and Response (EDR) tools.The rise of Akira, and the evolving symbiotic strategies used by this and other RaaS groups.Patching challenges.The growing need for dark web monitoring.The continued rise in login/credential harvesting.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    IABs, Dark Web Fueling Ransomware Surge

    Play Episode Listen Later Mar 31, 2025 39:58


    We talk a lot about the growing complexity of hacking groups and how their tools and tactics continue to evolve. One such evolution is the ongoing specialization that runs rampant throughout the black hat community – especially when it comes to ransomware. The rise of initial access brokers, affiliate programs, spoofing domain creators, dark web communities, and more are fueling ransomware-as-a-service groups and posing new cybersecurity challenges. And while numerous reports detail the rise in ransomware attacks and the escalating amounts being paid in seeking a reprieve from denial of service, data extortion, and supply chain hacks, one recent finding really stood out. In their annual State of Ransomware Report, Blackfog stated that manufacturing had the highest number of undisclosed ransomware attacks, when compared to all other industries. So, as tough as we know the ransomware challenge is – it's actually a bit worse than we acknowledge because of the growing number of attacks that go unreported. Fortunately, we have an army of highly skilled individuals working to combat these threats. And that includes our guest for today's episode - Fortra's senior manager of domain and dark web monitoring solutions, Nick Oram. Watch/listen as we discuss:The surge of new ransomware tactics and groups, like RansomHub.The origins and continued growth of Initial Access Brokers (IABs) within the ransomware community.How affiliate programs are helping both RaaS and IAB groups increase their rate of successful attacks.Why dark web monitoring might be more important than ever for manufacturers.The ongoing "we adapt", "they adapt" dynamic.How to better educate the workforce and shift from a "As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts Spotify Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Manufacturing's Internal Cyber Struggles

    Play Episode Listen Later Mar 13, 2025 27:48


    Breaking down silos while securing the cloud and leveraging secure-by-design advancements.The challenges facing the industrial OT landscape that emanate from external sources are … varied, complex and constantly evolving. Smarter hacking groups, AI-driven phishing schemes and deceptive malware viruses head the list of concerns.And while these factors show no signs of fading, the reality is that there are just as many challenges facing industrial cybersecurity that are embedded within the very foundation of our operations. These legacy dynamics have created internal battles that absorb valuable resources, waste precious talent and help the bad guys stay a step ahead. With this in mind, we're going to tap into two key industry leaders to get their take on pressing, internal liabilities that are ensuring key production assets remain exposed. We'll hear from Silverfort's Rob Larsen, as he discusses the ongoing struggles created by IT/OT silos, as well secure-by-design initiatives. Mandiant's Paul Shaver will also offer his take on these silos, and how decisions related to cloud networking are impacting the security stature of key data, assets and network connections.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Observations of an Ethical Hacking Researcher

    Play Episode Listen Later Feb 28, 2025 36:06


    One of the goals of the show is to help you better understand all the threats facing your OT assets, your data and your people. In order to do that, we work to identify those individuals with a feel and in-depth understanding of these threats and the evolving network of threat actors.And I can't think of anyone better to break down the hacker landscape than an individual whose research has led to being followed by well-known data breachers on social media and considered persona-non-grata in countries housing many of the most notorious state-sponsored hacking groups in the world. It's my pleasure to welcome Jeremiah Fowler back to Security Breach. You might remember that we originally spoke to him regarding a huge ERP data vulnerability last summer.  As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Evolution of OT Vulnerabilities

    Play Episode Listen Later Feb 13, 2025 37:18


    When we talk about the threat landscape for the industrial sector, the eye-catching, headline-grabbing hacking groups with nefarious names typically lead the list of concerns. And while understanding their well-publicized exploits are important, what is often overlooked are all the little things these groups were able to do before dropping malware, shutting down networks, extorting ransoms, and stealing data.This is where taking the time to address those insecure connection points, update login credentials or patch zero and one-day vulnerabilities continue to be essential in the fight to safeguard operational technology and the industrial control system. But, the reasons these problems remain is that the solution is never as simple as it sounds. So, hopefully our collection of experts for this episode can help show you the way.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Legacy of AI in Cybersecurity

    Play Episode Listen Later Jan 30, 2025 27:31


    While we're still in the infancy of 2025, the New Year has proven to have no issues in welcoming in a number of pre-existing challenges – whether we're talking about cybersecurity or … other social topics.So, in continuing this trend, we tapped into a unique collection of voices to discuss a topic that has, and will continue to be, vital to industrial cybersecurity efforts – Artificial Intelligence. First, we'll hear from Mandiant's Paul Shaver as he discusses the legacy dynamics of industrial cybersecurity, including ongoing obstacles associated with inventory, visibility and segmentation strategies – and the impact AI could have on all of them. Then we'll transition to HackerOne's Will Kapcio for his take on AI and the ongoing evolution of cybersecurity tools. We'll wrap up with instructor and the author of the Hack is Back as he discusses what drove his desire to write the book, the impact AI is having on the next generation of cybersecurity specialists, and the evolving vulnerabilities they can expect to face.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    A Happy Ending to the Latest ICS Hack

    Play Episode Listen Later Jan 16, 2025 30:11


    The continued evolution of the CyberAv3ngers hacking group and its IIoT-focused malware.We talk a lot about change on Security Breach. Some of it's good and obviously some of it makes us want to tear our hair out. Well, this episode, surprisingly, should go easy on the scalp, even though it will focus on the IOCONTROL malware strand recently detected by Noam Moshe and Claroty's Team82. The malware is described as a custom-built IoT/OT strand created by the Iran-based hacktivist group, the CyberAv3ngers. The malware targeted OT/IoT devices in Israel and the U.S. Moshe's team detected the malware being used to attack IoT and SCADA/OT devices of various types including IP cameras, routers, PLCs, HMIs and firewalls. Typically, this is the part of the story that takes us down a dark and frustrating road, but as you'll hear, that's not necessarily the case this time.For more information on Team82's findings on IOCONTROL, click here.Also, just a bit of housekeeping – we're switching the frequency of Security Breach from weekly to bi-weekly. This change will allow me to spend more time on each episode, which will translate to greater depth and expanded coverage on all the pressing topics of industrial cybersecurity. And remember, this is your podcast – let me know your thoughts and feelings on the change and anything else you'd like to see on the show.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Biggest Hacks of 2024

    Play Episode Listen Later Dec 27, 2024 40:01


    Winston Churchill famously stated that, “Those who fail to learn from history are doomed to repeat it.” His concerns about applying lessons learned to post WWII foreign policy initiatives rings just as true in the current cybersecurity climate. So, in an effort to ensure we repeat as few of 2024's mistakes in 2025, we're going to take a look at some of the industrial sector's biggest exploits, and offer solutions and strategies in our ever-raging combat with the Black Hats. Watch/listen as we cover:A unique supply chain hack that came up during our conversation with Theo Zafirakos, a Cyber Risk and Information Security Expert at Fortra.The fall of 2024 brought security compromises to the front door of a number of prominent industrial enterprises, including Halliburton.In early August millions were impacted when National Public Data, a major data broker that performs background checks, reported that 2.9 billion personal records from over a million individuals in the U.S., the U.K. and Canada were accessed.Ford Motor Company was also a target, with a data breach that saw hacking groups steal 44,000 records containing personal and product information.Anna Wells, executive editor of Manufacturing.net and Manufacturing Business Technology, brought us coverage of a hack that has crippled a global beverage maker.We close out with a story from early this year describing how some of the basic tools found throughout a manufacturing plant can become pathways for the innovative hacker.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Looking Back to Move Forward

    Play Episode Listen Later Dec 12, 2024 42:15


    As we begin to close out 2024 and look ahead to 2025, I couldn't resist the urge to revisit some of my favorite guests from the last couple of months.While I'm grateful for everyone we've had on the show, and all the support we continue to receive from the industrial cybersecurity community, I felt these comments were worth another listen, with special focus being given to a handful of the most critical issues confronting our OT environments. First, we hear from Jon Taylor (1:16) at Versa, as he discusses a unique approach to patching and secure-by-design strategies that involve the development embedded micro-segmentation approaches. Next, we'll hear from Cloud Range's Tom Marsland (11:18)  as he discusses the continued challenges presented by data silos, and innovative ways to address the shortage of cybersecurity specialists. Then we'll turn to Baker Tilly's Jeff Krull (19:42) as he reports on ransomware gangs and their combination of new and old tactics. And we'll finish up with cybersecurity researcher Jeremiah Fowler (29:40) as he discusses some of the ongoing challenges about addressing persistent vulnerabilities.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    AI Is Exposing Your Most Vulnerable Attack Surface

    Play Episode Listen Later Dec 9, 2024 36:04


    According to Fortinet's 2024 State of Operational Technology and Cybersecurity Report, 43 percent of those surveyed reported a loss of business critical data or intellectual property so far in 2024– a number this is up nearly 10 percent from last year. And we all know what happens with this hijacked data. Per the World Economic Forum's May 2024 white paper, the number of ransomware attacks on industrial infrastructure doubled in 2023, boosting ransomware to the leading concern for manufacturers, with 40 percent citing it as their top issue. While that may not surprise you, this might - due to the many challenges we've discussed here on Security Breach, the industrial sector now accounts for 71 percent of all ransomware attacks. Our data is valuable and the hackers know it.To offer some perspective on protecting this data, we sat down with Karthik Krishnan, CEO of Concentric.ai – a leading provider of data security posture management solutions. Watch/listen as he provides insight on:Prioritizing and limiting data access to lessen the blast radius.How data, especially customer data, is essentially the "new oil."Reversing your mindset to think about "data out" instead of "user in".The generative AI advancements that continue to be made, and how they're producing more complex phishing and ransomware attacks.  Why it has become easier for hackers to get a foothold on your network.The best ways to shore up your weakest security link - employees.How it all starts with data discovery and visualization, then prioritization.A look at the money involved with remediation and response costs versus proper planning and defense prep.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Minimizing Hacks by Focusing on Uptime

    Play Episode Listen Later Nov 21, 2024 40:01


    Next to artificial intelligence, one of the biggest buzz terms in industrial cybersecurity right now might be SBOM, or software bill of materials. The term generates equal parts concern and eye roll as those entrusted with enterprise defense look to ensure that there are no embedded vulnerabilities amongst the data platforms they are both sourcing and utilizing within their offerings. Perhaps most frustrating is having to essentially reverse engineer a number of established products in order to quell security concerns. However, as frustrating as these efforts might be, the growing number of zero day hacks emanating from embedded security vulnerabilities will only continue to grow as we look to embed greater levels of sensor, software and AI-driven functionality. In this episode we hear from Marcellus Buchheit, President and CEO of Wibu-Systems USA, a leading provider of security solutions for embedded data and intellectual property. Watch/listen as we discuss:How vulnerabilities and risks need to be assessed beyond their expense to focus on updates, reconfigurations and the growing number of OT connection points.The need for SOPs that make it easier to assimilate cybersecurity into OT processes.Ways to more safely update the growing number of devices on the plant floor.Protecting IP and, more specifically, the software coding associated with it.The impact AI continues to have on increasing the sophistication of hacking attempts.Why all hacks are "highly preventable."The role of quantum computing and the steps to take in preparing for "Q Day".As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    What Cybersecurity Can Learn from Tom Brady

    Play Episode Listen Later Nov 15, 2024 54:24


    We assembled some "nerds from the basement" to cover a key strategy in combatting evolving threats.Today's episode is going to take on a little different flavor, as we're going to show you one particular tool that can impact a number of your security planning, training and discovery strategies.While table top exercises are nothing new, we're going to demonstrate how they're evolving and can be customized according to your needs. We're going to tackle the human element of cybersecurity by discussing communications strategies, and we'll offer some insight on getting greater buy-in from throughout the organization, including the C-suite and those controlling the purse strings.Joining me to discuss these topics and run through a mock exercise will be:Navroop Mitter, the CEO and founder of ArmorText. His firm is a leader in secure out-of-band communications.Matthew Welling, a partner at Crowell & Moring's Washington, D.C. office, where he works in the firm's Privacy & Cybersecurity Group.Timothy Chase, the director of the Manufacturing ISAC, a non-profit organization and leading provider of threat intelligence sharing solutions.In addition to the table top exercise, we'll discuss:Communication challenges before, during and after an attack.Response strategies and the evolving dynamic of out-of-band communications.The ongoing challenges of addressing the Human Element of cybersecurity.The impact of regulatory efforts and how they're playing a bigger role in attack response plans.The types of tools or solutions that can play the biggest role in helping organizations respond to attacks more effectively.How to control the emotional responses that will undoubtedly emanate from an attack. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Threat Landscape Update

    Play Episode Listen Later Nov 8, 2024 38:25


    For this episode, instead of tapping into one source for feedback and updates on industrial cybersecurity, we're going to look at some of the key insights previous guests have offered on the evolving threat landscape – from increased risks emanating from technological integrations and an uptick in automation, to the more traditional adversaries responsible for next-generation malware, ransomware and phishing schemes. To kick things off, we'll hear from:Tom Marsland, VP of Technology for Cloud Range as he discusses threats to our infrastructure and state-sponsored groups from China.(3:31) He'll be followed by Cyberhoot's Craig Taylor as he updates us on phishing schemes.(5:45) And then we'll hear from Jon Taylor at Versa Networks as he talks about strategies bad actors are taking in targeting legacy industrial control systems. While many of those topics are already at the top of our list of concerns, there are also a number of evolving threats that warrant an uptick in resources – from both a financial and skillset development perspective. We'll dive into comments from:(9:26) Corsha's Anusha Iyer as she discusses supply chain and dwelling attacks.(15:33) Venafi's Kevin Bocek and his take on embedded software vulnerabilities and how hackers are taking advantage of them.(22:18) Baker Tilly's Jeff Krull offers an update on the evolving complexity of ransomware groups and how they're targeting the industrial sector.(25:20) And finally, let's wrap up with one of my favorite guests we've ever had on Security Breach – researcher Jeremiah Fowler. He'll offer some insight on a number of unique, embedded threats and some of the lessons he's learned in tangling with state-sponsored Russian hackers.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Little Things That Kill

    Play Episode Listen Later Oct 31, 2024 38:04


    While there are plenty of unknowns when it comes to protecting the OT attack surface, there are some things that are undeniably true.We know that the frequency of attacks will continue to increase.We know that it's not if your ICS will be probed, but when.And we also know that asset and connection visibility is an ongoing challenge due to the implementation of more automated technology.Finally, we also know that one of the most important aspects of any cybersecurity plan is the portion that lays out the response. One of the most effective ways to address these concerns can be the use of attack simulations. In this episode we tap in to the expertise of Tom Marsland, VP of Technology for Cloud Range, a leading provider of live-fire cybersecurity exercises and training. Watch/listen as we discuss:All the little things that are continuing to pose challenges to industrial cybersecurity.Why state-sponsored hacker groups in China are getting more of his attention lately.Why successful incident response is about the people, not the tools.The importance of "training like you fight."His role with VetSec, and the role it can play in filling cybersecurity talent gaps. How to bring IT and OT together and why the onus on strengthening these bonds might fall more on IT.Why the culture of security needs to permeate throughout the entire organization.How AI can help make the most of your people.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Phishing Attack Defense 'Not Rocket Science'

    Play Episode Listen Later Oct 24, 2024 22:22


    Maybe you're sick of hearing about phishing schemes and the way hackers are using this strategy to infiltrate your networks, access intellectual data, shut down production, or hold your assets for ransom. If that's the case, then you've made a lot of hackers very happy.And based on Proofpoint's 2024 State of Phish report, protecting against phishing schemes is simply not being reinforced or given the proper priority. For example,71% of surveyed users admitted to taking a risky action, and 96% knew they were doing something risky when interacting with email or text messages.85% of security professionals said that most employees know they are responsible for security, but 59% of employees weren't sure or claimed that they're not responsible.Furthermore, 24% admitted to responding to emails or text messages from someone they don't know, and 19% clicked on links in emails from people they don't know.Finally, 73% of surveyed companies reported a business email compromise, but only 29% are actively teaching users about BEC attacks. To address these and other phishing attack dynamics, I sat down with Craig Taylor, co-founder of Cyberhoot, a leading provider of phishing prevention solutions. Watch/listen as we discuss:How hackers are going after session tokens to steal valuable credential data.Why phishing prevention training spends too much time on avoiding the click instead of positive reinforcement of proper actions.The need for worker training to go beyond any impact to the company, to the individual cyber risks as well.How adding "friction" to email could be a solution.The bad password advice that many high-level organizations continue to distribute.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Legacy Mindsets Are Helping Hackers Weaponize Networks

    Play Episode Listen Later Oct 18, 2024 41:49


    Send us a textSo, my daughters like to give me a hard time about growing old. Said another way, I'm a legacy asset - just like most of the devices many of you observe, manage and secure every day. Your machines are still in place because they work. While the technology around these assets has evolved, their core functionality and value to the production process has remained constant. But as sensors, network connections and access parameters have been upgraded to improve output, these highly prized pieces of equipment are showing their age from a cybersecurity perspective. The challenges they present are reinforced with findings from Fortinet's 2024 State of Operational Technology and Cybersecurity Report. A couple of key takeaways include findings that show nearly one-third of respondents experiencing six or more intrusions in the last year. Additionally, fewer respondents claimed 100 percent OT system visibility – with that number decreasing from 10 to five percent. On the bright side, we're getting better in some areas, with 20 percent of organizations establishing visibility and implementing segmentation, up from only 13 percent the previous year.Joining us to discuss these and other trends is Jon Taylor, Director and Principal of Security with Versa Networks, a leading provider of digital transformation and edge security solutions. Watch/listen as he discusses:Why the Purdue model might re outdated and preventing many from using new strategies like SASE.Why he believes visibility is security - "you have to see it  do defend it," and how AI could be the solution.The need for OT to look at vulnerabilities from a network or architecture perspective, not by device or connection point.How air gapping help feed the division between IT and OT.The weaponizing of OT networks stems from the lack of an adaptive network strategy fed by archaic infrastructure.Instead of Security by Design, we need to implement Patching by Design.Why the industrial sector needs to be more vocal about the need for embedded security and embedded micro-segmentation.How state-sponsored hackers are helping elevate the industrial sector's response and prioritization of cybersecurity.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security BreachTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Using Force Multipliers to Protect Against Next-Gen Stuxnet

    Play Episode Listen Later Oct 10, 2024 39:22


    Send us a textWhile the justifications for additional cybersecurity spending is easy to explain, getting buy-in at the C-level can be difficult. However, some recent research might help you win over those controlling the purse strings.SonicWall's Mid-Year Cyber Threat Report found that their firewalls were under attack 125 percent of the time during a 40-hour work week. And if that doesn't get the attention of the powers that be, it might also be worth mentioning that during these attacks SonicWall also found that, at a minimum, 12.6 percent of all revenues were exposed to cyber threats that were not covered by security tools or procedures. Extrahop's Global Cyber Confidence Index also reported that 31 percent of cyber and IT leaders want more budget, or more accurately, a 50 percent increase in order to effectively manage and mitigate cyber risk. That number might seem a bit inflated, but it does help illustrate how we're seemingly fighting the cyber battle on multiple fronts.To help sort through some of these challenges and direct our resources as effectively as possible, I recently sat down with Anusha Iyer, the Founder and CEO of Corsha, a leading provider of OT asset management and access security solutions.Watch/listen as we discuss:        How to retrofit new practices for legacy assets in order to optimize uptime.The false confidence generated by many air gap strategies.The importance of machine identity strategies in order to understand the best ways to secure assets and their growing number of connections.Increases in ICS-focused malware and live-off-the-land attacks.The importance of focusing on the "whys" when conducting employee cybersecurity training.Reinforcing the "realities of the day" in improving the entire cybersecurity community.Using AI to assess more connection behaviors.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Never Let a Good Hack Go to Waste

    Play Episode Listen Later Oct 3, 2024 32:38


    Send us a textOne of the most common topics we explore here on Security Breach is the ongoing challenge of asset visibility in the OT landscape. It's frustrating because it would seem that the solution starts with basic inventory management approaches, i.e. the first step in developing frameworks and plans for everything from tool selection to attack response.Of course, this is never simple due to the increasing amount of IIoT technology and the connection demands they place on industrial systems. It's a situation that promises to only get more complex, with Fortinet reporting that in 2023, only five percent of surveyed organizations have 100 percent visibility into their own OT activities – a number that is down from 13 percent in 2022. To provide some insight on managing this growing number of machines, connections, access points and other vulnerable areas of the ICS, we connected with Kevin Bocek, the Chief Innovation Officer at Venafi, a leading provider of asset identity management. Watch/listen as he discusses:Why cyber incidents are a learning opportunity for everyone.The benefits of showing the C-suite all those plant floor connections when working to get proper cybersecurity funding.The rise in attacks that will be emanating from legacy software and coding.Why software assets should be managed and secured in the same manner as machines or devices.How manufacturing can bring Continuous Improvement strategies to OT security.Stuxnet's long-term impact.How quantum computing will dramatically alter authentication approaches and secure-by-design practices within the next five years.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Finding Your 'Creative Maliciousness'

    Play Episode Listen Later Sep 26, 2024 38:17


    Send us a textAccording to Veeam's 2024 Ransomware Trends Report, cyber victims stated that they were unable to restore 43 percent of whatever data was affected by ransomware attacks. This reaffirms what a number of Security Breach guests have stated about trusting hackers after paying their extortion demands. Another finding shows that 63 percent of ransomware attack victims restored the compromised systems directly back into their production environment, without some type of quarantine or scanning method. The risk here, obviously, is simply bringing the ransomware right back to where you removed it. This is a big contributor to the ongoing frustrations associated with dwelling, or living-off-the-land attacks. As much as we'd like it to, ransomware simply won't go away. Some of this stems from a hacking community that continues to draw from a growing treasure chest of financial and technical resources. The other is that we continue to fall short in executing some of the basic blocking and tackling of cybersecurity, like protecting logins, improving visibility of our OT environment, and securing key devices.In this episode, John Terrill, vice president of Phosphorus, a leading provider of security management services and solutions, offers his take on ransomware, as well as:How hackers are using replicable tool kits in moving from system to system or victim to victim in the industrial sector.Moving past the mindset that vulnerabilities are only a problem if that can't be exploited - hackers will them.How those in cyber defense need to unlock their "creative maliciousness", or take a similar approach to hackers in not being afraid to move around the system and potentially break stuff in order to identify soft spots in defenses.Why he prefers homegrown OT security expertise.The increasing benefits emanating from political discourse on cybersecurity.Remembering that non-OT systems, like HVAC or elevators, can be inroads to the ICS, and need to be defended as part of the OT landscape.Why we need to look at OT assets like computers, not just machines.How to overcome segmentation and micro-segmentation challenges.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Getting Past the Whack-A-Mole Approach

    Play Episode Listen Later Sep 20, 2024 35:10


    Send us a textThe ongoing theme in industrial cybersecurity centers on two competing dynamics – the desire to expand our implementation of automation and Industry 4.0 technologies with the goal of using more and faster connections, along with the decision-making data each generates to improve the efficiency and quality of production.However, these goals now need to be counter-balanced against the heightened risks that all these connections spawn, and the doors they can open for hackers looking to shut down, extort or steal data from manufacturers. In this episode, Joe Saunders, the CEO and Founder of RunSafe Security, offers his take on securing these connections and data, as well:The on-going challenges associated with memory-based vulnerabilities.Tactics for supporting legacy OT code and minimizing the potential disruptions that can accompany software upgrades.Addressing vulnerabilities at a "class" level, instead of the one-at-a-time "whack-a-mole" approach.Embracing CISA's secure-by-demand edicts.The balancing act of more connections without lowering the security posture.Warnings about China and other state-sponsored threat actors.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Inside the Growing Complexity of Ransomware Hacking Groups

    Play Episode Listen Later Sep 11, 2024 31:41


    Send us a textWe're back to discuss an all-too-familiar topic – ransomware.Ironically enough, it seems the topics we describe in this manner become so familiar because we can't figure out viable, long-term solutions. I think part of the challenge for industrial organizations dealing with ransomware is that we have to divide our energy and resources between prevention, detection and response. Any one of those is a challenge, but managing all three is daunting, and hackers know this. But so do the good guys - one of which is our guest for today's episode. Listen as Jeff Krull, principal and leader of Baker Tilly's cybersecurity practice discusses their Guide to Ransomware Prevention, as well as his thoughts on:The C-suite's growing appreciation of how cyberattacks are impacting profitability, which means cybersecurity has become more than just an IT issue.How more resources have made RaaS groups increasingly difficult to detect and stop.Paying vs. not paying the ransom.Why more cyber regulation is on the way.Manufacturing's lack of redundant assets is making it a more attractive target, but also fueling action around response and recovery plans.Why not everyone needs access to everything.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Time to 'Rip off the Band-Aid' to Ensure Security

    Play Episode Listen Later Sep 5, 2024 38:52


    Send us a textA smarter, well-funded hacker community means embracing basic, yet daunting cyber challenges.In manufacturing, regardless of your role, avoiding downtime is an obvious priority, and one of the motivating factors driving investments in cybersecurity.In working to mitigate potential DDoS attacks or malware drops, manufacturers are tapping into more resources in heightening their awareness of vulnerabilities and the associated remedies, which can include updating access protocols, applying patches and replacing old equipment and technology. The problem is that the solutions can actually contribute to the problem you were originally trying to avoid – downtime. Our guest for today's episode looks to offer some solutions. Watch/listen as Gabe Dimeglio, VP of Global Security Services at Rimini Street, a leading provider of data security and managed services, offers his take on:Patching strategies that minimize downtime.Getting employees engaged in cybersecurity strategies.Ensuring buy-in from throughout the enterprise when security measures need to be implemented.The evolving nature of hacker skills and the volume of attacks they are able to launch.How nation states are developing an institutionalized approach to developing new and better-trained hackers.Placing a priority on visibility, inventory and segmentation tools.Why he's an advocate of better regulatory efforts, not necessarily more of them.The under-utilized resources available to constructing response plans.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Combating the 20th Century Mafia with a Stronger Human Firewall

    Play Episode Listen Later Aug 28, 2024 45:47


    Send us a textSophos recently reported that 65 percent of manufacturing and production organizations were hit by ransomware last year, which, unlike other sectors, is an increase. Overall, these attacks have increased by 41 percent for manufacturing since 2020. Additionally, the cybersecurity firm found that 44 percent of computers used in manufacturing have been impacted by a ransomware attack, and over half of these intrusions can be directly linked to malicious emails and compromised credentials. These findings help illustrate what we've known for years – hackers would rather log in than break in. And stopping these types of attacks requires starting with your front line defenses – the workforce. Our guest for today's episode will look to offer some solutions for transitioning employees from a weak link to a key cybersecurity asset. Watch/listen as Shawn Waldman, CEO and Founder of Secure Cyber, a leading provider of secure network design solutions, discusses:Why he would give the industrial sector a low D when grading their ability to effectively communicate security processes and protocols.How to address those employees that continue to click on every link in their emails.Why cybersecurity should be treated like a trade.Understanding the difference between security tools and IT services.Implementing accountability without being overly punitive and rewarding employees for positive cybersecurity actions.The concerns he has about 5G and quantum decryption.Avoiding the AI "easy button".To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Tearing Down the 'Set It and Forget It' Mindset

    Play Episode Listen Later Aug 22, 2024 41:33


    Send us a Text Message.I recently watched an interesting documentary called Turning Point: The Bomb and the Cold War on Netflix. Great watch – I'd highly recommend it. Essentially it positioned nearly every prominent geo-political event since World War II as fallout from the U.S. dropping the nuclear bomb on Japan to end World War II.Similarly, we can look at a number of recent, major cybersecurity events that have their origins in attacks on critical infrastructure. Whether you want to go all the way back to Stuxnet, or more recent developments like Colonial Pipeline, hackers realized that the control systems utilized in these environments mirror those used by manufacturers like Boeing, Clorox, Johnson Controls and many others who have been recent victims of high-profile hacks.Joining me to discuss these dynamics is Bill Moore, the founder and CEO of XONA Systems, a leading provider of secure access solutions. Watch/listen as he dives into:The challenges of updating and securing the legacy tech found throughout manufacturing and critical infrastructure.Getting past the 'set it and forget it' mindset of industrial cybersecurity.Strategies for implementing updates and patches without slowing operations or opening new doors to hackers.Ways to improve funding processes to ensure security needs are met and keep pace with an evolving threat landscape.How the more distributed dynamic of OT technology needs to be understood in developing new strategies and implementing new tools.Lessons learned from Colonial Pipeline.Ways to optimize regulatory efforts.Why every industrial organization needs a dedicated Director of OT Security.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Bridging the IT-OT Divide

    Play Episode Listen Later Aug 15, 2024 20:09


    Send us a Text Message.When I was a kid, we always looked forward to my dad's work picnic. He was a tool and dye maker for a leading caster manufacturer that would rent out a local park, make a ton of food and put on various games and activities for the families. One of the highlights of this day was a softball game pitting the office versus the shop.The good-natured shots that were fired across the dugouts of this summer classic reminds me of the challenges we see in industrial cybersecurity when it comes to bringing OT and IT teams together. While great strides have been made and numerous lessons learned on why these groups need to sync up, the reality is that we still have a long way to go. Over the last couple of months we've had some interesting takes on how to realize this need, so let's revisit the following thoughts on the IT-OT working relationship from:Kris Lovejoy, Global Security and Resilience Leader at Kyndryl.John Cusimano, VP of OT Security at Armexa.Josh Williams, Strategic Account Manager at IriusRisk.Rod Locke, director of project management at Fortinet. Our guests have also weighed in on some of the more challenging dynamics of improving the IT-OT relationship. These have included:Brian Deken, Commercial Manager of Cybersecurity Services at Rockwell Automation.Riley Groves, an engineer from Auvesy-MDT.Theo Zafirakos, Cyber Risk and Information Security Expert at Fortra.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    'There's No Bulletproof Vest' in Cybersecurity

    Play Episode Listen Later Aug 8, 2024 51:08


    Send us a Text Message.An ethical cyber researcher breaks down the 'tsunami of exposed data' he continues to uncover.When it comes to solving industrial cybersecurity's biggest challenges, I think we have to continue to ask questions that simultaneously tackle basic blocking and tackling concerns, as well as those that lead to bad news. Both prevent us from putting our heads in the sand in trying to ignore the shortcomings of our current strategies, and I'd argue that a great deal of positive outcomes couldn't be realized without repeatedly asking questions and not being afraid of the potential findings. I also think our guest for this episode would agree. It's our pleasure to welcome Jeremiah Fowler to Security Breach. He's a leading cybersecurity researcher who has a wealth of knowledge on the industrial threat landscape, and recently uncovered a data vulnerability exposing 769 million personal records and 380,000 email addresses. Left unaddressed, this could have had highly damaging impacts on a global scale.Watch/listen as Jeremiah shares his thoughts on:The need to educate the C-Suite on risk, the real-world costs of cybersecurity shortcomings, and how you can't measure the loss of trust.Why the human factor will always be the weakest link.How nearly every issue in cybersecurity comes back to visibility.The new challenges AI will continue to create.The increasing threat stemming from new credential harvesting schemes that clone login pages.The unintentional backdoor vulnerabilities created by legacy systems.Why he misses the Golden Age of Bug Bounties.The value of placing time limits on access to sensitive data.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Are We Over-Connected?

    Play Episode Listen Later Aug 2, 2024 19:30


    Send us a Text Message.The landscape of industrial cybersecurity continues to change and evolve, and demands a vigilant monitoring of the next threat, vulnerability or potential soft spot in our defenses. That's why we continue to produce Security Breach, and, by the way, continue to be so appreciative of the growth and support we've received from each of you.That said, once in a while it's good to take a look back at some of the ongoing lessons that we're learning, especially when the input from our guests offers such an interesting range of responses.So, let's hear from a collection of previous guests as they reflect on the challenges and opportunities of more connection points, and how they responded to the question – are we over-connected?Joel Burleson-Davis, SVP of Cyber Engineering at ImprivataJosh Williams, Strategic Account Manager at IriusRiskRoman Arutyunov, Co-founder of Xage SecurityKris Lovejoy, Global Security and Resilience Leader at KyndrylRoland Cozzolino, CTO/CIO of InsightCyberSharon Brizinov, Director of Research at Claroty's research arm, Team82To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The $25M 'Wake-Up Call' Supply Chain Hack

    Play Episode Listen Later Jul 24, 2024 30:22


    Send us a Text Message.According to IBM's Cost of a Data Breach Report, nearly 20 percent of the organizations surveyed stated that they have experienced a breach stemming from a compromise in their supply chain, or a vulnerability related to it. The average cost of these breaches was estimated at just under $4.5 million. Their data also found that attacks emanating from the supply chain had a longer lifecycle than average.The increased costs and complexities of addressing supply chain attacks is not a surprise when you consider that these intrusions not only impact the targeted company, but the logistics, distribution and retail elements that are dragged along on this difficult and painful ride. To help dive into the factors associated with supply chain attacks and other cybersecurity challenges, we welcome Theo Zafirakos, a Cyber Risk and Information Security Expert at Fortra to the show.Watch/listen as we discuss:The three primary soft spots from which supply chain hacks emanate - software, devices and people.Why people are the most neglected of the three, and how they can be trained to identify attacks.The expanded role AI is playing in email compromises that help fuel supply chain attacks.Why IT and OT need to become more aware of each other's requirements and risks.The important role cybersecurity plays in ensuring operational reliability.The growing need for ransomware response plans, and how a national supply chain hack helped reinforce this need for all enterprises, regardless of size or sector.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Dollars and Sense of Cybersecurity

    Play Episode Listen Later Jul 19, 2024 40:06


    Send us a Text Message.Due to the rise in attacks on manufacturing and critical infrastructure, and the devasting impacts these attacks have on daily lives around the world, the World Economic Form recently unveiled a report entitled Building a Culture of Cyber Resilience in Manufacturing. This initiative not only identified the sector's primary challenges for developing a culture of cyber resilience, but also formulated three guiding principles for establishing an enduring strategy. They revolve around people, processes and culture.I was fortunate enough to have one of the key contributors to the creation of these strategies sit down with me for some unique takes on the biggest challenges facing industrial cybersecurity. Watch/listen to my conversation with Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, a leader in cyber resiliency strategies and services, as we discuss:How the capital investment process utilized throughout manufacturing could be leaving several key players behind, and the negative impacts this could have on the entire sector.Why security is not a tool, but a process.The ongoing issues associated with asset inventory and the first steps to take in correcting this issue.The Trojan Horse dynamic that smaller enterprises need to embrace in order to improve their security posture.How to know if you're the biggest risk or weakest link in a production environment or supply chain.Why regulatory efforts focused on cybersecurity could dramatically change the composition of the industrial sector.The difference between moving to the cloud and securely moving to cloud platforms.How security should be a driver of digital transformation strategies.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    There's No 'Plant the Flag' Moment in Cybersecurity

    Play Episode Listen Later Jul 11, 2024 32:47


    When looking at industrial cybersecurity, more attention is being paid to how workers are logging in to access critical machinery, software or data. And according to Trustwave Threat Intelligence's recent Manufacturing Threat Landscape report, 45 percent of attacks experienced by manufacturers stemmed from the bad guys accessing credentials.Whether by utilizing brute-force tactics, submitting fake support tickets, or purchasing logins on the Dark Web, this seems to prove that hackers would much rather log in than break in. The report also cited the rise of Initial Access Brokers, or groups that focus specifically on obtaining and selling log-in data to other hackers. One example cited by Trustwave saw an IAB offering access to a leading steel manufacturer for just over $60,000. Unfortunately, this is not a unique circumstance, which is why we're talking to David Cottingham, president of rf IDEAS to weigh in on the ongoing challenges surrounding secure access throughout the OT environment.Listen as we discuss:The importance of simplifying security processes to keep people engaged with them.Why no manufacturer is too small to be a target for credential-based attacks.Overcoming the bad behaviors that can result from operations personnel dealing with over 25 passwords.Avoiding punitive actions surrounding people-based security vulnerabilities.Why dual factor authentication strategies are key to ongoing security developments. Best practices for mobile device use.How VPNs, firewalls and password wallets are simultaneously solutions and vulnerabilities.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    'Nobody Should Get Ransomwared'

    Play Episode Listen Later Jun 27, 2024 37:59


    As we've discussed numerous times on Security Breach, terms like change, evolution and constant are more than just buzz terms – they're a simple reality of working in the industrial OT space.Whether we're discussing threat actors from Stuxnet to Lockbit, tactics from social engineering to double-extortion ransomware, or vulnerability sources ranging from weak passwords to embedded secure-by design concerns, the ever-expanding attack surface is a constant reminder of change and the evolving nature of threats. In this episode we talk to Michael Haase, and draw on his extensive background and personal experiences as we discuss:The on-going balancing act between cost and security priorities.Why he considers the need for phishing training, "a massive failure on the part of the technical community."How AI is laying the groundwork for attacks that haven't happened yet.Why the growing complexity of hackers is actually a positive indicator.Automation is the inflection point for cybersecurity - for both sides.The shift from worrying about the ability to detect new attacks to focusing on the vulnerabilities being exploited.The distinction between learning what needs to be done and actually taking action.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Protection and Productivity of Zero Trust

    Play Episode Listen Later Jun 20, 2024 42:49


    Over the last nearly 100 episodes of Security Breach we've discussed a wide range of strategies for protecting the manufacturing enterprise. But perhaps the most polarizing of these has been Zero Trust. While some unwaveringly champion the cause of this approach, others question the ways in which it is typically deployed. Perhaps this dichotomy is best represented in Palo Alto and ABI Research's The State of OT Security report. It found that 93 percent of those surveyed were familiar with Zero Trust, and 87 percent found the approach to be the right fit for protecting OT environments. However, half of those participating in the research also stated that there are practical blockers that prohibit implementation. In the end, like most things in the cybersecurity world, the answer lies in striking a balance between restricting access and implementing safeguards against time-consuming processes. In this episode I talk to Roman Arutyunov, Co-founder and SVP of product at Xage Security, about zero trust and a number of other topics, including:How cybersecurity needs to be viewed as both a productivity and protection tool.Overcoming the "it won't happen to me" mindset.The sector's over-reliance on VPNs and firewalls.Why manufacturing is missing regulatory guidance, and why that will change in the short-term.Improving responses to attacks, including ransomware..How AI can play a key role in shrinking the attack surface.Avoiding tool implementations that can be an "inverse pyramid of pain."To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    OT's Legacy Tech Challenges

    Play Episode Listen Later Jun 12, 2024 28:08


    One of the more common obstacles that we discuss here on Security Breach is how increased connectivity has combined with new Industry 4.0 technologies to constantly expand the OT attack surface. In the midst of all this expansion, it's easy to either overlook cybersecurity concerns, or put too much trust in the embedded security features of the new assets. So, while this usually brings up conversations about endpoint security, integration processes and secure-by-design protocols, let's talk about something that our guest for today's episode knows and understands all too well … time. Industry experts value downtime on the plant floor at about $250k/hour. So, just like predictive maintenance has become part of a facility's new normal, predictive cybersecurity needs to receive the same priority.Here to discuss this concept is Riley Groves, an engineer at Auvesy-MDT, a leading providing of ICS and automation solutions. Listen as we also discuss:The improving convergence of IT and OT on the plant floor.Getting ahead of vulnerabilities.The factors driving greater buy-in from the C-suite on cybersecurity investments.Why cybersecurity is the Special Teams of the industrial enterprise.How legacy systems are providing "function by disfunction" from a security perspective.The better ways to use AI.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Shutting Down 'Spy Board' Threats

    Play Episode Listen Later Jun 5, 2024 34:01


    Those of you with a military or law enforcement connection are probably, and unfortunately, familiar with the term collateral damage. While this phrase has a legacy in these environments, it's also become an unwelcome addition to the realm of cybersecurity.Examples of this dynamic can be found in a number of hacktivist attacks that targeted infrastructure in a certain region, but either through unrealized connections or other bad actors simply following the blueprint, impacted facilities across the globe.  Jason Oberg, the CEO of Cycuity, a leading provider of vulnerability mitigation solutions for semiconductor manufacturers, recently joined us to discuss some of the potential fallout from hacks, and how to prevent or respond to them in minimizing the collateral damage. We also talked about:How hackers are getting smarter in their hacks against chip makers.Why awareness of hacker tactics is not enough, and how manufacturers of all types can enhance their knowledge level pertaining to the growing sophistication of hackers and attacks.Addressing the baked-in compromises of hardware products, and the long-term impacts on all users and industries.Focusing on the inherent vulnerabilities of production processes, not just the associated technology.Balancing the goals of "getting product out the door" with embedding greater levels of security.How greater transparency can help with secure-by-design challenges.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The OT Threat Landscape's Infectious Nature

    Play Episode Listen Later May 30, 2024 43:15


    Viewing hacks as diseases to address evolving threats, vulnerabilities and tools like AI.Like many of you, I recently dove into Verizon's 2024 Data Breach Investigations Report (DBIR).  And while there's a plethora of data housed in the report that could fuel conversations on a multitude of topics, I chose the following two pieces of information:While credential harvesting and phishing attacks still led the way, the use of exploitable vulnerabilities to access networks tripled from last year, and were primarily leveraged by Ransomware and other Extortion-related threat actors.The reported median time to click on a malicious link after an email is opened is 21 seconds, and then only another 28 seconds for the person caught in the phishing scheme to enter their data. So, basically, a successful phishing attack can be executed in less than 60 seconds. These two items caught my eye because they seem like the low-hanging fruit when it comes to cybersecurity. In this episode, Roland Cozzolino, CTO/CIO of InsightCyber, a global provider of asset visibility, risk management and security services delivered via an AI-driven platform, offers his perspective on these types of exploits, as well as:Why state-sponsored hacker groups are his biggest concern.The problems caused by patient hackers and their live-off-the-land, or dwelling approach to network intrusions.How manufacturers can and need to improve their use of AI tools for enhancing visibility, asset management and threat detection.The advantages of designing OT security processes as though you're working in a disease-driven environment.Viewing cybersecurity as less about saving money and more about not losing control of an operation.Developing a strategy that goes beyond just "unplugging the machine".To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Knowing How to Arm Yourself for Battle

    Play Episode Listen Later May 20, 2024 36:20


    It starts with a dedication to enhanced visibility.One of the big conversations regarding OT security revolves around the use of tools. Some have too many, others not enough and everyone is searching for the funds to mange and obtain the right ones for a constantly evolving threat landscape.The key to understanding which tools are right for you and your organization not only demands a comprehensive understanding of your OT environment's assets, APIs and connections, but a working situational awareness. Here to discuss some of these topics, and more, is Sharon Brizinov, Director of Research at Claroty's research arm, Team82.Claroty is a leading provider of ICS and OT security, with partners that include Rockwell, Schneider Electric and Siemens. Watch/listen as we discuss:How creating patching windows can help address vulnerabilities more quickly.How tools can help manage the proliferation of connected devices.Why OT will benefit from IT's lessons-learned.Creating a defense against your daughter's iPad.Why manufacturers have to do a better job of knowing what they're defending against.The non-complicated, but terrifying strategies of hacktivists and state-sponsored attack groups. (Click here to view the report discussed in this episode breaking down a recent hack on Russian manufacturing.)The evolution of component-level connectivity, and what that will mean for industrial cybersecurity.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Supply Chains Are a Hacker's Gateway

    Play Episode Listen Later May 16, 2024 32:57


    Many attacks on manufacturers are just the first step in going after even bigger targets.One of the inescapable truths about the industrial sector is that it is usually the ultimate proving ground for product performance. When we look at some of the technologies that have created seismic social shifts, tools like operational software, wireless connectivity and numerous monitoring devices were not ready for the demanding industrial environment right away.When it comes to cybersecurity, that dynamic has done a 180. Hackers initially went after healthcare and financial institutions because they were seen as easy targets with deep pockets that would pay to make the problem go away as quickly as possible. Then 2020 came and put many industries on pause – except for manufacturing. Like moths to a flame, the hackers were drawn to OT networks and found not only a vulnerable target, but a lucrative one. We tackle these issues and many others in this episode with Sam Moyer, MxD's Lead Cybersecurity Engineer. Some of the topics we discuss include:The lingering (live-off-the-land) nature of many state-sponsored or hacktivist group attacks.Finding the right ways to prioritize cybersecurity in manufacturing, and how the industry works "in it's own time."The disruptive or competitive push that manufacturing is missing.AI, and the potential traps to avoid in eliminating too much human knowledge.Why manufacturers are a target because of who they work with on a regular basis.Improvements in landscape visibility.The rise in frequency of manufactures paying ransomware demands.Navigating the regulatory landscape, and learning from past mistakes.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Hacks!

    Play Episode Listen Later May 8, 2024 15:44


    In this episode, we dive into some of the most notorious attacks to hit manufacturing over the last six months.In addition to speaking with cybersecurity experts from around the world for this podcast, I've also been able to do a fair amount of reporting on our websites regarding several high-profile industrial attacks. So, I felt like it could be interesting to present some of these articles via the Security Breach podcast in helping further the conversation around tactics and lessons learned.So sit back and watch or listen as I dive into some of the most notorious attacks to hit the industrial community over the last six months.The first hack I'd like to cover is one that we've referenced several times here on the podcast – the  Cyber Av3ngers Unitronics PLC hack.The second attack I'm going to discuss involves a large player that those involved with industrial networking will immediately recognize – the Dark Angels penetration of Johnson Controls. This hack serves as a strong example of how a growing number of OT attacks can originate within IT systems or assets.We'll also take a look at another familiar company within the ICS community, and how they responded to a double-extortion ransomware attack from the Cactus RaaS group.Finally, we take a deep dive into another Dark Angels attack. This time the victim was Nexperia, a leading manufacturer of silicon-based processors based in The Netherlands, and a subsidiary of China-based Wingtech Technology.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Security Breach: Predictions That Hit

    Play Episode Listen Later May 1, 2024 31:07


    As we near our 100th episode of Security Beach, I thought it would be a good time to take a look back at some of our guest's predictions from the previous 12 months. If you want to check out the full episodes from any of these previous guests, you can find them in the show archives, or by clicking through to our website.So, join me as we take a look back at a collection of predictions from:Pete Lund at OPSWATJohn Dwyer from IBMSiemens' Kimberly CornwellMoty Kanias from NanolockNovaCoast's Elise Manna-BrowneBrian Haugli from SideChannelHuxley Barbee from runZeroForescout's Daniel TrivellatoDragos' Dawn CappelliImpero's Matthew WolfeKnowBe4's Erich KronTony Pietrocola from AgileblueTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    DMZs, Alarm Floods and Prepping for 'What If?'

    Play Episode Listen Later Apr 24, 2024 47:29


    The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.The origins of what we talk about here on Security Breach can go back to any number of transformational events, but the reality is that all of them contributed an individual component to the unique mosaic that is the legacy of industrial cybersecurity. What is most interesting is that the first hacks of industrial control systems occurred at water treatment facilities, oil and gas pipelines and energy plants.These targets were chosen because they simultaneously provided great visibility, heightened social impact, and, most notably, easily exploitable vulnerabilities. In most cases, these attacks allowed the hackers to accomplish all of their early financial and self-promotional goals, along with longer-term benefits that we're all dealing with now – how to successfully probe the ICS.John Cusimano, VP of OT Security at Armexa is our guest for this episode. He's seen hackers apply these lessons learned about the industrial control system first-hand, and has some interesting thoughts on the current threat landscape, as well as solutions for keeping your systems secure. Watch/listen as we discuss:How he transitioned from a safety and automation engineer to a career in OT cybersecurity.The benefits of failing in a safe manner.The new dangers of remote monitoring.Ways to implement application safe listing.Always being prepared to answer the 'what if?' question.Micro-segmentation and DMZ strategies.Best practices for patching and avoiding alarm floods.Why his biggest concern lies in a large-scale, coordinate attack on the ICS.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Weaponizing Secure-By-Design

    Play Episode Listen Later Apr 17, 2024 42:04


    How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.Everything old … is new again. While that might seem like a natural lead-in for discussing hacker tactics, that same mantra rings true when discussing OT technology. Mordor Intelligence recently reported that U.S. manufacturing spent over $307 billion on digital transformation technologies last year, and nearly every research and consulting outlet around the world is predicting that those numbers will rise in 2024. All this new software, connectivity, automation and equipment creates a familiar challenge when it comes to OT cybersecurity. This meshing of the old and new is something our guest for this episode is all too familiar with, and he's here to break down everything associated with bringing legacy and next-gen together. Listen as Josh Williams, Strategic Account Manager at IriusRisk, offers his thoughts on secure-by-design, as well as:How the industrial sector gets a C- when it comes to securely integrating new technology into the OT landscape.Why the onus for secure-by-design concepts resides with the buyer.How monitoring became a critical vulnerability.The double-edged sword of connectivity.How state-sponsored hackers are a threat to more than just political targets.Why industrial OT is the front line in the cyber war.Why he doesn't want to be the "old man yelling at the clouds.".How supply chains have become manufacturing's biggest cyber concerns.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Impacts of Over-Connectivity and Mobile Defeatism

    Play Episode Listen Later Apr 10, 2024 48:23


    The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.Included in the challenges associated with securing an ever-expanding OT attack surface is the role played by the increasing use of mobile devices – at both the enterprise and individual level. In fact, according to a recent report from Imprivata, only 46 percent of manufacturing organizations have the ability to maintain control over who has access to such devices and when, and 61 percent are using shared pin numbers to secure these devices. Additionally, an average of 16 percent of these devices are lost each year, costing organizations over $5M annually, not to mention the collateral damage from a security perspective.  This translates to an opportunity for hackers to unleash catastrophic damage by leveraging any vulnerabilities in areas like remote monitoring, and potentially new ways to worm into the networks associated with controlling your machines and systems.Watch/listen as Joel Burleson-Davis, SVP of Cyber Engineering at Imprivata, returns to Security Breach to discuss OT mobile device security, as well as:The journey the industrial sector has made from devices that were never intended to be connected, to what Joel describes as OT "super connectivity".Why OT continues to be an easy target for hackers.The evolution of hacking groups.How we might be over-doing all the connectivity.The double-edged sword that is mobile use in the industrial sector.Avoiding 'mobile defeatism'.Combatting the growing number of dwelling or living-off-the-land attacks.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Hackers Learn How to Attack You, From You

    Play Episode Listen Later Apr 3, 2024 34:15


    It's not always about the ransom, data theft or denial of service.Many cheered with the recent crackdowns  on groups like LockBit, and rightfully so. However, the harsh reality is that most of these victories are short-lived. For example, after law enforcement seized control of multiple LockBit websites and stolen data, the group was back to running extortion campaigns within a week.And the same can be said for many other high-profile busts of groups like Hive and Volt Typhoon. These groups re-build or re-brand, as was the case with the Conti Group offshoot Black Basta. After Conti disbanded, Black Basta reformed from the ashes and tallied over $100 million in ransomware payments last year. My point is not to belittle the incredible work that global agencies are performing, but to illustrate that while the industrial sector continues to make tremendous gains - the war continues. And as we evolve and improve, so will the bad guys. And perhaps no one knows this better than our guest for this episode - Rod Locke. He's the director of project management at Fortinet, a leading provider of OT cybersecurity solutions. Watch/listen as Rod shares his thoughts on:The growing influence of state-sponsored hacker groups.The rise of dwelling or live-off-the-land attacks and how some hackers are more focused on learning about their victims than harming them.Why OT can't always place the blame on IT, and the value in understanding both environments.How some regulatory efforts might have "swung too far."How to attract more "unique individuals" to cybersecurity.An anticipated rise in cloud infrastructure and the ways it will impact data security.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    The Largest Attack Surface - People

    Play Episode Listen Later Mar 28, 2024 44:04


    How we're failing to properly support and train our most important cybersecurity asset.According to Nozomi Networks February 2024 OT-IoT Security Report, manufacturing was exposed to more common vulnerabilities and exposures, or CVEs, than any other sector - realizing a 230 percent year-over-year increase in this area. Addressing even a fraction of these CVEs would be daunting, which is why understanding your assets is so basic, but so vital in establishing priorities and implementing approaches best suited to your security needs. To discuss these topics, and more, we welcome Jeff Nathan, Director of Detection Engineering at Netography, a leading provider of network security solutions, to the show. Watch/listen as he discusses:How social engineering tactics play a key role in manipulating emotional responses that trigger certain actions.The phishable weaknesses of MFA, and how its workflow might not be strengthening your security posture.Limiting your blast radius.The potential of encrypting endpoint data.Why cybersecurity needs to take a more scientific approach to defensive tactics.The industry's biggest miss on AI.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Avoiding a 'Chicken Little' Cybersecurity Strategy

    Play Episode Listen Later Mar 21, 2024 39:03


    Threat intelligence is important, but why manufacturers should focus on risk factors first.When it comes to the industrial sector's ongoing cybersecurity challenges, we all know that there's more to defend, but what is most concerning is that we're not responding quickly enough to the expanding threat landscape. In case you needed proof, here are some of the recent stats from Dragos 2023 Year in Review Report. It found that:80 percent of industrial sector vulnerabilities reside deep within the ICS network, making them difficult to see and harder to kick out.53 percent of the advisories Dragos analyzed could cause both a loss of visibility and control.Ransomware attacks against industrial organizations increased by 50 percent last year, and Dragos tracked 28 percent more ransomware groups focused on the ICS/OT environment.Attacks were confirmed in 33 unique manufacturing sectors.74 percent of all vulnerability advisories had no mitigation strategy.I'm not going to promise solutions for all of these challenges, but we've definitely found a guy interested in trying. Scott Sarris is an Information Security, Compliance and Privacy Solutions Advisor at Aprio, a leading advisory and business consulting firm. Watch/listen as we discuss:Why OT could affectionately be known as "Old Tech".The political factors impacting IT/OT divisiveness in the industrial sector, but why Scott is optimistic about the progress being made in bringing the two segments together.Why cybersecurity planning and investments needs to start with assessing and prioritizing risk.How slowing down can help ramp up security efforts.Why dwelling or living-off-the-land attacks will escalate.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Cybersecurity's Greatest Weapon - Awareness

    Play Episode Listen Later Mar 13, 2024 36:36


    The sector's (forced) cyber awakening needs to focus on making it harder to be a hacker.Regardless of how complex the attack, how organized the hacker, or how advanced the tools and tactics, security solutions usually lie in very fundamental practices. So, while you might think you already know enough about segmentation strategies, framework development, asset visibility or enhanced access controls, it's these things that get overlooked and then exploited by hackers. It's the evolution of these little things that our guest for today's show likes to emphasize in helping to keep the OT environment secure. Watch/listen as Brian Deken, Commercial Manager of Cybersecurity Services at Rockwell Automation offers perspective on topics that include:How increased coverage and awareness of industrial cybersecurity has helped improve OT visibility, and incited more manufacturers to take real action.Why constantly evolving simple cyber strategies, like frameworks, segmentation and access hygiene are essential.What video gamers can teach us about finding OT security expertise.The status of IT-OT convergence.The attack from which some manufacturers will never recover.The positive impacts of supply chain vulnerabilities.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Chasing Cyber Ghosts

    Play Episode Listen Later Mar 6, 2024 28:14


    How thinking like a hacker can lead to better cybersecurity ROI and avoid the dreaded "hope" strategy.Regardless of what you might hear from some, ransomware in the industrial sector is at an all-time high in terms of frequency and cost. Zero day and day one vulnerabilities are being discovered at a historic level and patching continues to be a challenge.Asset visualization and endpoint security have become more daunting thanks to technology-driven expansions of the industrial attack surface. And then there's AI, SBOMs and botnets all waiting to wreak havoc on the ICS.All of these factors, along with the growing complexity of the hacker community, means that industrial cybersecurity is no longer just about white and black hats. In fact, some would argue that perhaps the most important player in the cybersecurity arena now wears red.Joining us to discuss his approach to "red teams on steroids" is Guy Bejerano, CEO of SafeBreach, a leading provider of Breach and Attack Simulation tools and services. Listen as we discuss:What it means to think like a hacker, but defend like a CISO.Developing security with a focus on running a business.Connecting the dots between the technical aspects of an attack and the impact of it on the business.Improving cybersecurity ROI by demonstrating the value of closing "gaps."Focusing on known attacks, as opposed to the "ghost" vulnerabilities.The growth of collaboration between IT and OT.Why manufacturing is still susceptible to legacy attacks.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Missteps Creating 'An Internal Collection of Hackers'

    Play Episode Listen Later Feb 28, 2024 39:40


    Creating an OT vision, and why hackers are "like water."With hackers repeatedly demonstrating that that they play no favorites in terms of the sector of manufacturing, its location, or the size of the enterprise, detection and response strategies can be universally dissected in addressing ransomware, phishing or any number of social engineering approaches. And this data, along with the potential solutions it fuels, can be made available to the industry as a whole – not just the largest or most well-known entities. Universal problems typically generate the most response. And what I'm seeing is a much more aggressive response from big players throughout the industry – including the employer of today's guest, Alexandre Peixoto, Cybersecurity Business Director at Emerson Automation Solutions.Listen/watch as we discuss:Why recent cybersecurity developments are less about how the hackers have changed and much more about attack surface evolution.How, why and when to bring IT into the cybersecurity conversation.How OT can learn from IT in developing a vision for ongoing cybersecurity needs.The importance of going through the cybersecurity journey, similar to digital transformation, in order to really understand needs and priorities.Why OT cybersecurity often forgets about the basics.How "hackers are like water."Tackling the legacy dynamics of SBOMs.The future role of over-the-air (OTA) software updates, and how they could impact security priorities.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

    Claim Security Breach

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel