What would an OT cyberattack really cost your organization?
Attacks on industrial control systems (ICS) may not be just about ransomware
or accessing information but about deliberately making machines misbehave.
Attackers can exploit vulnerabilities to make machines overheat, or robotic
arms swing unpredictably. A failed attack on a water utility in Florida
attempted to raise the amount of lye in the drinking water; success might have
killed thousands. ... When operations in your factory, plant, or substation
shut down, revenue will cease. So, an important question not just for the
CISO, but for Operations, Finance, and other chiefs is how long you can go
without the expected revenue that you may never see? ... There will be
significant damage to an organization's public reputation as news of an attack
gets out. The customer trust that took years to build may be gone in an
instant, and customers forced to find another supplier while you're shut down
may not come back. After all, your shutdown not only inflicted damage to
companies further down the chain, it may also have created an impression that
you were careless in letting it happen.
The Risk of Quantifying Cyberrisk
Legal concerns could stem from the nature of risk quantification. This process
is designed to uncover problems with an actionable amount of detail. Anything
that is discoverable in a legal proceeding can find its way into a court case
and embarrassing fallout may ensue. The fear is that the very detailed CRQ
risk assessment results will be made public. For many organizations that have
not adopted CRQ, such results may include lists of broken or missing controls
and audit results, all with corresponding verbal risk labels (e.g., high,
medium, low). They could (and really should) also include a list of scenarios
with the same risk labels attached to them. These results alone could be
damning to some organizations. Specific CRQ concerns stem from having all of
these elements tied to a potential amount of loss and frequency. However, it
is difficult to imagine a court proceeding where strictly qualitative results
would allow an organization to walk free.
The CISO Report – The Culture Club
The report highlighted a number of key challenges facing organizations in the
EMEA, which are clearly now being discussed in the C-Suite. These challenges
include the level of regulatory compliance that organisations now face,
especially those operating in these regions. In my opinion, the General Data
Protection Regulation (GDPR) is still a massively misunderstood piece of
legislation that organisations need help with, yet, the C-Suite recognises the
importance of it. Added to this is the ongoing threat cybercrime, as
organisations large and small are facing an increasing number of cyberattacks,
including ransomware attacks, data breaches, and Distributed Denial of Service
(DDoS) attacks. ... To embed cybersecurity and data protection within an
organisation, you do not look to build a security culture, but rather, you
look to build a culture that respects the importance of Security. This is a
simple, yet profound distinction. Every organization possesses a culture,
which might either emerge naturally or be intentionally and meticulously
developed. Regardless of its origins, the influence of this culture on an
organization remains undeniable.
AI for Data Management: An Old Idea with New Potential
No matter how you choose to leverage AI in the data management space — whether
you're using AI for more basic needs or you're taking advantage of
next-generation AI technologies — your goal should be to identify ways that AI
can accelerate workflows and reduce toil for data engineers. Much of the work
that data engineers perform on a daily basis can be tedious and
time-consuming. Converting data from one format to another by hand could take
enormous amounts of time and is a boring task, to put it mildly. So is sifting
through vast volumes of information to find data quality issues like redundant
or empty cells. Even if you leverage tools to help search and sort data
automatically, you're still likely to find yourself investing an inordinate
amount of time on data quality if you have to write complex queries by hand to
detect quality problems. But if you can substitute AI-based workflows for
these tasks, you save yourself a lot of time and labor.
Low-code and no-code: Meant for citizen developers, but embraced by IT
Low and no-code continue to gain popularity because organizations "are
realizing that these tools are not just for early-stage or beginner citizen
developers but also for sophisticated, senior developers to save them valuable
time and effort," says Pulijala. "Low-code/no-code helps, whether it's
addressing talent shortages or freeing up other developers' time. With
low-code/no-code solutions, a junior product manager can build a basic
prototype, freeing up more senior engineers to focus on customized, higher
code solutions. In addition to mitigating talent shortages, low-code/no-code
tools improve business agility and contribute to cost savings since it
significantly reduces hiring costs and application maintenance costs." ...
"While no-code solutions are built from the point-of-view of a non-developer
user, they will at times still require professional IT intervention.
Enterprise applications can be complex and outages can happen, requiring IT to
step in to triage and get things running again."
Multiple Flaws Uncovered in Data Center Systems
Data center equipment and infrastructure solutions provider CyberPower's
PowerPanel Enterprise DCIM platform allows information technology teams to
manage, configure and monitor the infrastructure within a data center through
the cloud, serving as a single source of information and control for all
devices. "These platforms are commonly used by companies managing on-premises
server deployments to larger, co-located data centers - like those from major
cloud providers AWS, Google Cloud and Microsoft Azure," the researchers said.
Dataprobe manufactures power management products that assist businesses in
monitoring and controlling their equipment. The iBoot-PDU allows
administrators to remotely manage the power supply to their devices and
equipment via a "simple and easy-to-use" web application, according to the
researchers, who added that the devices are "typically found in small to
midsized data centers and used by SMBs managing on-premises server
deployments."
Hybrid mesh firewall platforms gain interest as management challenges intensify
"A hybrid mesh firewall makes you highly dependent on one single vendor," says
John Carey, managing director of the technology solutions group at global
consulting firm AArete. "Some organizations prefer to have best-of-breed and
select the right tool for the right job. You'll see CrowdStrike running
alongside CyberArk running alongside Juniper running alongside Cisco. You
don't see many organizations doing a blanket removal, taking out all those
tools and putting in one. It's costly, and they don't want to be totally
dependent on that one vendor." With a hybrid mesh firewall only able to manage
firewalls from that one vendor, that could be a problem for those companies.
Alternatively, an enterprise can use an NSPM product from a vendor such as
Tufin or Firemon, says Scott Wheeler, cloud practice leader at Asperitas
Consulting, an IT and cloud services firm. "They are not firewall products,
but they do enable the concept of hybrid mesh firewall. So, depending on how
you look at the semantics, they are more of a hybrid mesh firewall solution
because you can manage across different firewall providers."
Why the cyber skills crisis is an opportunity to transform your cybersecurity
A strategic approach is needed for security leaders and their teams to address
the resource crisis. A key response emerging in the market is security vendor
consolidation. According to Gartner, 75% of organizations were pursuing
consolidation in 2022, almost tripling since 2020. Considering that an
alarming 35% of cyber budgets are being spent on tools that don’t give a
measurable improvement in cybersecurity posture, it’s evident why businesses
are seeking to consolidate and do more with less. However, there is a degree
of caution around consolidating vendors and tools. Nearly four in five
security leaders and decision-makers admitted to being concerned that
consolidation will reduce their ability to mitigate cyber risk. But we found
this skepticism to be unfounded. In reality, half of those who have begun
consolidating have seen an improvement in security posture as a result. This
is because, when approached strategically, consolidation streamlines security
operations.
Industrial modernization: Becoming future-ready in uncertain times
Future-ready companies have already embraced agile practices and distributed
computing technologies like edge computing, containers, and microservices to
optimize existing systems and drive innovation. IT modernization is the
practice of updating older software and infrastructure to newer computing
approaches, including languages, frameworks, architectures, and infrastructure
platforms. It does not require wholesale replacement> if done well,
modernization can extend the lifespan of an organization’s software and
infrastructure while taking advantage of recent innovation. While the term
legacy may have a negative connotation in technology, these systems are often
the bedrock of a company’s business operations. Modern, cloud-native computing
paradigms are distributed by nature. Modernization shifts the technology stack
from a tightly coupled, hierarchical, siloed, and point-to-point structure to
one that is application-driven, loosely coupled, software-defined, and
integrated across all layers of the architecture.
Interrogate Your Software with AI — The Future for SREs
With AI-driven incident analysis, we gain the capability to process data
rapidly and recognize correlations that otherwise might have been overlooked.
This empowers us to take proactive measures and predict potential incidents
using historical data, breaking free from the limitations of reactive
maintenance. Moreover, AI-powered analysis can play a vital role in assisting
SREs in determining the severity of incidents. By defining criteria for
incident severity classification and relying on AI insights, we can make more
informed decisions and prioritize response efforts efficiently. Resource
allocation, a crucial aspect of SRE, can be guided by AI-generated statistics
that paint a clear picture of an incident’s impact and resource requirements,
enabling us to scale responses based on severity and complexity. Finally, we
can’t forget about incident reports, documentation and runbooks. We all know
how bad those can be. Depending on who triaged the incident, what’s reported
and documented can range from a simple paragraph to pages of in-depth research
and analysis.
Quote for the day:
"The problem with being a leader is
that you're never sure if you're being followed or chased." --
Claire A. Murray
