A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.
Many attacks on manufacturers are just the first step in going after even bigger targets.
One of the inescapable truths about the industrial sector is that it is usually the ultimate proving ground for product performance. When we look at some of the technologies that have created seismic social shifts, tools like operational software, wireless connectivity and numerous monitoring devices were not ready for the demanding i...
In this episode, we dive into some of the most notorious attacks to hit manufacturing over the last six months.
In addition to speaking with cybersecurity experts from around the world for this podcast, I’ve also been able to do a fair amount of reporting on our websites regarding several high-profile industrial attacks. So, I felt like it could be interesting to present some of these articles via the Security Breach podca...
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
As we near our 100th episode of Security Beach, I thought it would be a good time to take a look back at some of our guest’s predictions from the previous 12 months.
If you want to check out the full episodes from any of these previous guests, you can find them in the show archives, or by clicking through to our websi...
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
The origins of what we talk about here on Security Breach can go back to any number of transformational events, but the reality is that all of them contributed an individual component to the unique mosaic that is the legacy of industrial cybersecurity. What is most interesting is that the first hacks of industrial control syst...
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
Everything old … is new again. While that might seem like a natural lead-in for discussing hacker tactics, that same mantra rings true when discussing OT technology. Mordor Intelligence recently reported that U.S. manufacturing spent over $307 billion on digital transformation technologies last year, and nearly every research an...
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
Included in the challenges associated with securing an ever-expanding OT attack surface is the role played by the increasing use of mobile devices – at both the enterprise and individual level. In fact, according to a recent report from Imprivata, only 46 percent of manufacturing organizations have the ability to maintain control...
It's not always about the ransom, data theft or denial of service.
Many cheered with the recent crackdowns on groups like LockBit, and rightfully so. However, the harsh reality is that most of these victories are short-lived. For example, after law enforcement seized control of multiple LockBit websites and stolen data, the group was back to running extortion campaigns within a week.
And the same can be said...
How we're failing to properly support and train our most important cybersecurity asset.
According to Nozomi Networks February 2024 OT-IoT Security Report, manufacturing was exposed to more common vulnerabilities and exposures, or CVEs, than any other sector - realizing a 230 percent year-over-year increase in this area. Addressing even a fraction of these CVEs would be daunting, which is why understanding your assets ...
Threat intelligence is important, but why manufacturers should focus on risk factors first.
When it comes to the industrial sector’s ongoing cybersecurity challenges, we all know that there's more to defend, but what is most concerning is that we’re not responding quickly enough to the expanding threat landscape. In case you needed proof, here are some of the recent stats from Dragos 2023 Year in Review Report. It fou...
The sector's (forced) cyber awakening needs to focus on making it harder to be a hacker.
Regardless of how complex the attack, how organized the hacker, or how advanced the tools and tactics, security solutions usually lie in very fundamental practices. So, while you might think you already know enough about segmentation strategies, framework development, asset visibility or enhanced access controls, it’s these things...
How thinking like a hacker can lead to better cybersecurity ROI and avoid the dreaded "hope" strategy.
Regardless of what you might hear from some, ransomware in the industrial sector is at an all-time high in terms of frequency and cost. Zero day and day one vulnerabilities are being discovered at a historic level and patching continues to be a challenge.
Asset visualization and endpoint security have b...
Creating an OT vision, and why hackers are "like water."
With hackers repeatedly demonstrating that that they play no favorites in terms of the sector of manufacturing, its location, or the size of the enterprise, detection and response strategies can be universally dissected in addressing ransomware, phishing or any number of social engineering approaches.
And this data, along with the potential solutions it fue...
Hacker insight and vulnerability updates are great, but that's only half the battle.
An ever-expanding attack surface has created a number of complexities when it comes to combining the benefits of new automation technologies with the challenges of securing the OT environment and supply chain. This led Cybersixgill to predict that in 2024, more companies will adopt Threat Exposure Management, a holistic, proactive app...
The tech that's helping social engineers expand current exploits, including credential harvesting.
In this episode, we welcome Kory Daniels, CISO of Trustwave, a leading provider of industrial cyber risk solutions, to the show. The conversation spanned a number of topics, including:
How prioritizing the wrong data and assets is leading to more cyber risk.
When it comes to OT security, the cruel reality is that the bad guys are doing what most predators do over time – they continue to hunt and evolve. This evolution allows hackers to constantly adjust to new security protocols and more rapidly react to common vulnerabilities – often days, weeks or months before a suitable patch or solution can be put i...
How the legacy of OT innovation contributes to cyber challenges.
Vulnerabilities across the cybersecurity landscape are obviously trending in an upward direction. Perhaps most concerning, however, is the number of zero and one-day vulnerabilities being uncovered in key industrial control systems by many of the sector’s leading providers of software, automation and system integration services.
These vulnerabilities...
Two recent vulnerabilities, one traditional and one frighteningly unique, could reshape industrial cybersecurity.
In this episode, we’re going to dive into two recently detected vulnerabilities that could have a significant impact on the industrial sector, as they involve two companies with wide-reaching influence on manufacturers of all sizes.
One involves the Siemens Automation License Manager, and the potentia...
Elevated social engineering, more connections and growing extortion amounts will drive attack growth.
Late last year we discussed Lockbit’s ransomware attack on Boeing, and the ensuing “cyber incident” that resulted in a large quantity of the aerospace giant’s data being stolen. One of the experts we tapped into in breaking down the attack, and its fallout, was Tony Pietrocola.
In addition to serving as the presid...
Coordinating patches, covering the basics and not falling for 'pinky promises.'
Late last year we discussed Lockbit’s ransomware attack on Boeing, and the ensuing “cyber incident” that resulted. One of the experts we tapped into in breaking down the attack, and its fallout, was KnowBe4’s Erich Kron.
You can check that episode out in our archives.
In addition to his extensive knowledge on threat...
A former black hat offers insight on defending against hackers that "go for the throat every time."
One of the mindsets shared by hackers and their corporate victims is the desire to put a successful bow on the calendar year. For you this could mean hitting a collection of shipping dates, production quantities or equipment implementations. What many are beginning to realize is that the black hat community has a n...
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Every week comedian and infamous roaster Nikki Glaser provides a fun, fast-paced, and brutally honest look into current pop-culture and her own personal life.
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
If you can never get enough true crime... Congratulations, you’ve found your people.
A straightforward look at the day's top news in 20 minutes. Powered by ABC News. Hosted by Brad Mielke.