Babbage is our weekly podcast on science and technology, named after Charles Babbage—a 19th-century polymath and grandfather of computing. Host Alok Jha talks to our correspondents about the innovations, discoveries and gadgetry shaping the world. Published every Wednesday. If you’re already a subscriber to The Economist, you’ll have full access to all our shows as part of your subscription. For more information about Economist Podcasts+, including how to get access, please visit our FAQs pa ...
…
continue reading
Player FM - Internet Radio Done Right
Checked 6d ago
Added three years ago
Content provided by Eric Sorensen. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Eric Sorensen or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Security Breach
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
2k
2k
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
America is divided, and it always has been. We're going back to the moment when that split turned into war. This is Uncivil: Gimlet Media's new history podcast, hosted by journalists Jack Hitt and Chenjerai Kumanyika. We ransack the official version of the Civil War, and take on the history you grew up with. We bring you untold stories about covert operations, corruption, resistance, mutiny, counterfeiting, antebellum drones, and so much more. And we connect these forgotten struggles to the ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
T
This Is Woman's Work with Nicole Kalil
1 The Icelandic Art of Intuition with Hrund Gunnsteinsdóttir | 307 35:19
35:19 
Play Later 
Play Later 
Lists 
Like 
Liked35:19
Play Later
Play Later
Lists
Like
LikedWe’ve turned intuition into a buzzword—flattened it into a slogan, a gut feeling, or a vague whisper we don’t always know how to hear. But what if intuition is so much more? What if it's one of the most powerful tools we have—and we’ve just forgotten how to use it? In this episode, I’m joined by Hrund Gunnsteinsdóttir , Icelandic thought leader, filmmaker, and author of InnSæi: Icelandic Wisdom for Turbulent Times . Hrund has spent over 20 years studying and teaching the science and art of intuition through her TED Talk, Netflix documentary ( InnSæi: The Power of Intuition ), and global work on leadership, innovation, and inner knowing. Together, we explore what intuition really is (hint: not woo-woo), how to cultivate it in a culture obsessed with logic and overthinking, and why your ability to listen to yourself might be the most essential skill you can develop. In This Episode, We Cover: ✅ Why we’ve misunderstood intuition—and how to reclaim it ✅ Practical ways to strengthen your intuitive muscle ✅ What Icelandic wisdom teaches us about inner knowing ✅ How to use intuition during uncertainty and decision-making ✅ Why trusting yourself is an act of rebellion (and power) Intuition isn’t magic—it’s a deep, internal guidance system that already exists inside you. The question is: are you listening? Connect with Hrund: Website: www.hrundgunnsteinsdottir.com TedTalk: https://www.ted.com/talks/hrund_gunnsteinsdottir_listen_to_your_intuition_it_can_help_you_navigate_the_future?utm_campaign=tedspread&utm_medium=referral&utm_source=tedcomshare Newsletter: https://hrundgunnsteinsdottir.com/blog/ LI: www.linkedin.com/in/hrundgunnsteinsdottir IG: https://www.instagram.com/hrundgunnsteinsdottir/ Book: InnSæi: Icelandic Wisdom for Turbulent Times Related Podcast Episodes: How To Breathe: Breathwork, Intuition and Flow State with Francesca Sipma | 267 VI4P - Know Who You Are (Chapter 4) Gentleness: Cultivating Compassion for Yourself and Others with Courtney Carver | 282 Share the Love: If you found this episode insightful, please share it with a friend, tag us on social media, and leave a review on your favorite podcast platform! 🔗 Subscribe & Review: Apple Podcasts | Spotify | Amazon Music…
Minimizing Hacks by Focusing on Uptime
Manage episode 451302071 series 3352216
Content provided by Eric Sorensen. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Eric Sorensen or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Next to artificial intelligence, one of the biggest buzz terms in industrial cybersecurity right now might be SBOM, or software bill of materials. The term generates equal parts concern and eye roll as those entrusted with enterprise defense look to ensure that there are no embedded vulnerabilities amongst the data platforms they are both sourcing and utilizing within their offerings.
Perhaps most frustrating is having to essentially reverse engineer a number of established products in order to quell security concerns. However, as frustrating as these efforts might be, the growing number of zero day hacks emanating from embedded security vulnerabilities will only continue to grow as we look to embed greater levels of sensor, software and AI-driven functionality.
In this episode we hear from Marcellus Buchheit, President and CEO of Wibu-Systems USA, a leading provider of security solutions for embedded data and intellectual property. Watch/listen as we discuss:
- How vulnerabilities and risks need to be assessed beyond their expense to focus on updates, reconfigurations and the growing number of OT connection points.
- The need for SOPs that make it easier to assimilate cybersecurity into OT processes.
- Ways to more safely update the growing number of devices on the plant floor.
- Protecting IP and, more specifically, the software coding associated with it.
- The impact AI continues to have on increasing the sophistication of hacking attempts.
- Why all hacks are "highly preventable."
- The role of quantum computing and the steps to take in preparing for "Q Day".
As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.
Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...
Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.
Listen on: Apple Podcasts Spotify
To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.
If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.
To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.
Chapters
1. Minimizing Hacks by Focusing on Uptime (00:00:00)
2. [Ad] Promoguy Talk Pills (00:13:17)
3. (Cont.) Minimizing Hacks by Focusing on Uptime (00:13:50)
4. [Ad] Digital Disruption with Geoff Nielson (00:22:05)
5. (Cont.) Minimizing Hacks by Focusing on Uptime (00:22:45)
133 episodes
ShareManage episode 451302071 series 3352216
Content provided by Eric Sorensen. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Eric Sorensen or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Next to artificial intelligence, one of the biggest buzz terms in industrial cybersecurity right now might be SBOM, or software bill of materials. The term generates equal parts concern and eye roll as those entrusted with enterprise defense look to ensure that there are no embedded vulnerabilities amongst the data platforms they are both sourcing and utilizing within their offerings.
Perhaps most frustrating is having to essentially reverse engineer a number of established products in order to quell security concerns. However, as frustrating as these efforts might be, the growing number of zero day hacks emanating from embedded security vulnerabilities will only continue to grow as we look to embed greater levels of sensor, software and AI-driven functionality.
In this episode we hear from Marcellus Buchheit, President and CEO of Wibu-Systems USA, a leading provider of security solutions for embedded data and intellectual property. Watch/listen as we discuss:
- How vulnerabilities and risks need to be assessed beyond their expense to focus on updates, reconfigurations and the growing number of OT connection points.
- The need for SOPs that make it easier to assimilate cybersecurity into OT processes.
- Ways to more safely update the growing number of devices on the plant floor.
- Protecting IP and, more specifically, the software coding associated with it.
- The impact AI continues to have on increasing the sophistication of hacking attempts.
- Why all hacks are "highly preventable."
- The role of quantum computing and the steps to take in preparing for "Q Day".
As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.
Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...
Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.
Listen on: Apple Podcasts Spotify
To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.
If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.
To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.
Chapters
1. Minimizing Hacks by Focusing on Uptime (00:00:00)
2. [Ad] Promoguy Talk Pills (00:13:17)
3. (Cont.) Minimizing Hacks by Focusing on Uptime (00:13:50)
4. [Ad] Digital Disruption with Geoff Nielson (00:22:05)
5. (Cont.) Minimizing Hacks by Focusing on Uptime (00:22:45)
133 episodes
All episodes
×
S
Security Breach
In many instances the biggest challenge facing OT cybersecurity practitioners is knowing where to focus resources, especially their time. In other words, what are the priorities for the enterprise, facility and people? I recently sat down with Securin's Lead Threat Intelligence Analyst - Aviral Verma . And while I anticipated a conversation focused on vulnerabilities and the threat landscape , discussing these topics led to deeper dives on a range of topics that also included breaking down IT/OT silos, artificial intelligence, the dark web and patching strategies. Listen as we discuss: The transformation of threat actors and how they've been able to cut timelines for exploiting vulnerabilities to 15 days. How hackers are using Dark Web versions of ChatGPT to design more effective credential and data harvesting schemes. Why the security of every software platform, especially those embedded within industrial assets, cannot be assumed. How the legacy dynamic of many OT assets has led hackers to exploit vulnerabilities that have been around for as long as five years. Addressing patching challenges by breaking down silos and getting a deeper understanding of the unique elements of each OT environment. How threat detection needs to evolve, especially with state-sponsored hackers executing "quieter" strategies for attacking manufacturing and critical infrastructure. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Why Ransomware, Credential Theft and Phishing Schemes Persist 40:30
40:30 Play Later Play Later Lists Like Liked40:30
Play Later Play Later Lists Like LikedOne of the great things about covering industrial cybersecurity is the number of reports, studies and white papers being produced right now to help provide intelligence on threats, research on new tools, and data on leading trends. The tough part is sorting through all this data and, at some point, prioritizing it in order to get the most and best information. One source that I look forward to each year is IBM’s X-Force Threat Intelligence Index . It’s full of all that stuff I just mentioned, but will special attention paid to the industrial sector. Unfortunately, some of that attention results from manufacturing being the most highly attacked industry for the fourth consecutive year. Also, according to the Index, it had the most ransomware incidents in 2024. But, as Chris Caridi, a Cyber Threat Analyst for the X-Force and our guest for today’s episode shared with me, the news is not all bad. Watch/listen as we discuss: The rise in infostealer malware, credential harvesting and phishing attacks. The importance of understanding how to secure new technology before investing and implementing it. Why most cybersecurity issues are a human problem, not a technical problem. Why multi-factor authentication is now a must for OT connections. The misconfiguration errors that continue to plague manufacturing, and how they create a series of other cybersecurity problems. How manufacturing's cybersecurity journey is similar to the financial sector 10 years ago, and why this As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Insecure Webcam Was All a Ransomware Group Needed 31:53
31:53 Play Later Play Later Lists Like Liked31:53
Play Later Play Later Lists Like LikedEndpoint security tools worked, but the hackers worked harder for their payday. While everyone likes to know how someone else might have screwed up and what the fallout looks like, the more import elements of episodes like this one come from the in-depth conversations about new tactics and strategies that are being used by the bad guys, and simultaneously, the insight on new best practices for the good guys. So while I did enjoy diving into how the ransomware group Akira was able to use webcam access to infiltrate an organization, it was also great to discuss the evolution of these hacking groups, EDR tools, dark web monitoring and the need for better credential security with Steve Ross. He’s the director of cybersecurity at S-RM , a leading provider or cyber intelligence and solutions. Watch/listen as we also discuss: Endpoint Detection and Response (EDR) tools. The rise of Akira, and the evolving symbiotic strategies used by this and other RaaS groups. Patching challenges. The growing need for dark web monitoring. The continued rise in login/credential harvesting. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
We talk a lot about the growing complexity of hacking groups and how their tools and tactics continue to evolve. One such evolution is the ongoing specialization that runs rampant throughout the black hat community – especially when it comes to ransomware. The rise of initial access brokers, affiliate programs, spoofing domain creators, dark web communities, and more are fueling ransomware-as-a-service groups and posing new cybersecurity challenges. And while numerous reports detail the rise in ransomware attacks and the escalating amounts being paid in seeking a reprieve from denial of service, data extortion, and supply chain hacks, one recent finding really stood out. In their annual State of Ransomware Report , Blackfog stated that manufacturing had the highest number of undisclosed ransomware attacks, when compared to all other industries. So, as tough as we know the ransomware challenge is – it’s actually a bit worse than we acknowledge because of the growing number of attacks that go unreported. Fortunately, we have an army of highly skilled individuals working to combat these threats. And that includes our guest for today’s episode - Fortra's senior manager of domain and dark web monitoring solutions, Nick Oram. Watch/listen as we discuss: The surge of new ransomware tactics and groups, like RansomHub. The origins and continued growth of Initial Access Brokers (IABs) within the ransomware community. How affiliate programs are helping both RaaS and IAB groups increase their rate of successful attacks. Why dark web monitoring might be more important than ever for manufacturers. The ongoing "we adapt", "they adapt" dynamic. How to better educate the workforce and shift from a "blame a As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Breaking down silos while securing the cloud and leveraging secure-by-design advancements. The challenges facing the industrial OT landscape that emanate from external sources are … varied, complex and constantly evolving. Smarter hacking groups, AI-driven phishing schemes and deceptive malware viruses head the list of concerns. And while these factors show no signs of fading, the reality is that there are just as many challenges facing industrial cybersecurity that are embedded within the very foundation of our operations. These legacy dynamics have created internal battles that absorb valuable resources, waste precious talent and help the bad guys stay a step ahead. With this in mind, we’re going to tap into two key industry leaders to get their take on pressing, internal liabilities that are ensuring key production assets remain exposed. We'll hear from Silverfort’s Rob Larsen, as he discusses the ongoing struggles created by IT/OT silos, as well secure-by-design initiatives. Mandiant’s Paul Shaver will also offer his take on these silos, and how decisions related to cloud networking are impacting the security stature of key data, assets and network connections. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Observations of an Ethical Hacking Researcher 36:06
36:06 Play Later Play Later Lists Like Liked36:06
Play Later Play Later Lists Like LikedOne of the goals of the show is to help you better understand all the threats facing your OT assets, your data and your people. In order to do that, we work to identify those individuals with a feel and in-depth understanding of these threats and the evolving network of threat actors. And I can’t think of anyone better to break down the hacker landscape than an individual whose research has led to being followed by well-known data breachers on social media and considered persona-non-grata in countries housing many of the most notorious state-sponsored hacking groups in the world. It’s my pleasure to welcome Jeremiah Fowler back to Security Breach . You might remember that we originally spoke to him regarding a huge ERP data vulnerability last summer. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
When we talk about the threat landscape for the industrial sector, the eye-catching, headline-grabbing hacking groups with nefarious names typically lead the list of concerns. And while understanding their well-publicized exploits are important, what is often overlooked are all the little things these groups were able to do before dropping malware, shutting down networks, extorting ransoms, and stealing data. This is where taking the time to address those insecure connection points, update login credentials or patch zero and one-day vulnerabilities continue to be essential in the fight to safeguard operational technology and the industrial control system. But, the reasons these problems remain is that the solution is never as simple as it sounds. So, hopefully our collection of experts for this episode can help show you the way. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
While we’re still in the infancy of 2025, the New Year has proven to have no issues in welcoming in a number of pre-existing challenges – whether we’re talking about cybersecurity or … other social topics. So, in continuing this trend, we tapped into a unique collection of voices to discuss a topic that has, and will continue to be, vital to industrial cybersecurity efforts – Artificial Intelligence. First, we’ll hear from Mandiant’s Paul Shaver as he discusses the legacy dynamics of industrial cybersecurity, including ongoing obstacles associated with inventory, visibility and segmentation strategies – and the impact AI could have on all of them. Then we’ll transition to HackerOne’s Will Kapcio for his take on AI and the ongoing evolution of cybersecurity tools. We’ll wrap up with instructor and the author of the Hack is Back as he discusses what drove his desire to write the book, the impact AI is having on the next generation of cybersecurity specialists, and the evolving vulnerabilities they can expect to face. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
The continued evolution of the CyberAv3ngers hacking group and its IIoT-focused malware. We talk a lot about change on Security Breach. Some of it’s good and obviously some of it makes us want to tear our hair out. Well, this episode, surprisingly, should go easy on the scalp, even though it will focus on the IOCONTROL malware strand recently detected by Noam Moshe and Claroty’s Team82. The malware is described as a custom-built IoT/OT strand created by the Iran-based hacktivist group, the CyberAv3ngers. The malware targeted OT/IoT devices in Israel and the U.S. Moshe’s team detected the malware being used to attack IoT and SCADA/OT devices of various types including IP cameras, routers, PLCs, HMIs and firewalls. Typically, this is the part of the story that takes us down a dark and frustrating road, but as you’ll hear, that’s not necessarily the case this time. For more information on Team82’s findings on IOCONTROL, click here. Also, just a bit of housekeeping – we’re switching the frequency of Security Breach from weekly to bi-weekly. This change will allow me to spend more time on each episode, which will translate to greater depth and expanded coverage on all the pressing topics of industrial cybersecurity. And remember, this is your podcast – let me know your thoughts and feelings on the change and anything else you’d like to see on the show. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
Winston Churchill famously stated that, “Those who fail to learn from history are doomed to repeat it.” His concerns about applying lessons learned to post WWII foreign policy initiatives rings just as true in the current cybersecurity climate. So, in an effort to ensure we repeat as few of 2024’s mistakes in 2025, we’re going to take a look at some of the industrial sector’s biggest exploits, and offer solutions and strategies in our ever-raging combat with the Black Hats. Watch/listen as we cover: A unique supply chain hack that came up during our conversation with Theo Zafirakos , a Cyber Risk and Information Security Expert at Fortra . The fall of 2024 brought security compromises to the front door of a number of prominent industrial enterprises, including Halliburton . In early August millions were impacted when National Public Data, a major data broker that performs background checks, reported that 2.9 billion personal records from over a million individuals in the U.S., the U.K. and Canada were accessed. Ford Motor Company was also a target, with a data breach that saw hacking groups steal 44,000 records containing personal and product information. Anna Wells, executive editor of Manufacturing.net and Manufacturing Business Technology, brought us cover As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
As we begin to close out 2024 and look ahead to 2025, I couldn’t resist the urge to revisit some of my favorite guests from the last couple of months. While I’m grateful for everyone we’ve had on the show, and all the support we continue to receive from the industrial cybersecurity community, I felt these comments were worth another listen, with special focus being given to a handful of the most critical issues confronting our OT environments. First, we hear from Jon Taylor (1:16) at Versa , as he discusses a unique approach to patching and secure-by-design strategies that involve the development embedded micro-segmentation approaches. Next, we’ll hear from Cloud Range’s Tom Marsland (11:18) as he discusses the continued challenges presented by data silos, and innovative ways to address the shortage of cybersecurity specialists. Then we’ll turn to Baker Tilly’s Jeff Krull (19:42) as he reports on ransomware gangs and their combination of new and old tactics. And we’ll finish up with cybersecurity researcher Jeremiah Fowler (29:40) as he discusses some of the ongoing challenges about addressing persistent vulnerabilities. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 AI Is Exposing Your Most Vulnerable Attack Surface 35:48
35:48 Play Later Play Later Lists Like Liked35:48
Play Later Play Later Lists Like LikedAccording to Fortinet’s 2024 State of Operational Technology and Cybersecurity Report, 43 percent of those surveyed reported a loss of business critical data or intellectual property so far in 2024– a number this is up nearly 10 percent from last year. And we all know what happens with this hijacked data. Per the World Economic Forum’s May 2024 white paper, the number of ransomware attacks on industrial infrastructure doubled in 2023, boosting ransomware to the leading concern for manufacturers, with 40 percent citing it as their top issue. While that may not surprise you, this might - due to the many challenges we’ve discussed here on Security Breach , the industrial sector now accounts for 71 percent of all ransomware attacks. Our data is valuable and the hackers know it. To offer some perspective on protecting this data, we sat down with Karthik Krishnan, CEO of Concentric.ai – a leading provider of data security posture management solutions. Watch/listen as he provides insight on: Prioritizing and limiting data access to lessen the blast radius. How data, especially customer data, is essentially the "new oil." Reversing your mindset to think about "data out" instead of "user in". The generative AI advancements that continue to be made, and how they're producing more complex phishing and ransomware attacks. Why it has become easier for hackers to get a foothold on your network. The best ways to shore up your weakest security link - employees. How it all starts with data discovery and visualization, then prioritization. A look at the money involved with remediation and response costs versus proper planning and defense prep. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Next to artificial intelligence, one of the biggest buzz terms in industrial cybersecurity right now might be SBOM, or software bill of materials. The term generates equal parts concern and eye roll as those entrusted with enterprise defense look to ensure that there are no embedded vulnerabilities amongst the data platforms they are both sourcing and utilizing within their offerings. Perhaps most frustrating is having to essentially reverse engineer a number of established products in order to quell security concerns. However, as frustrating as these efforts might be, the growing number of zero day hacks emanating from embedded security vulnerabilities will only continue to grow as we look to embed greater levels of sensor, software and AI-driven functionality. In this episode we hear from Marcellus Buchheit, President and CEO of Wibu-Systems USA, a leading provider of security solutions for embedded data and intellectual property. Watch/listen as we discuss: How vulnerabilities and risks need to be assessed beyond their expense to focus on updates, reconfigurations and the growing number of OT connection points. The need for SOPs that make it easier to assimilate cybersecurity into OT processes. Ways to more safely update the growing number of devices on the plant floor. Protecting IP and, more specifically, the software coding associated with it. The impact AI continues to have on increasing the sophistication of hacking attempts. Why all hacks are "highly preventable." The role of quantum computing and the steps to take in preparing for "Q Day". As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 What Cybersecurity Can Learn from Tom Brady 54:34
54:34 Play Later Play Later Lists Like Liked54:34
Play Later Play Later Lists Like LikedWe assembled some "nerds from the basement" to cover a key strategy in combatting evolving threats. Today’s episode is going to take on a little different flavor, as we’re going to show you one particular tool that can impact a number of your security planning, training and discovery strategies. While table top exercises are nothing new, we’re going to demonstrate how they’re evolving and can be customized according to your needs. We’re going to tackle the human element of cybersecurity by discussing communications strategies, and we’ll offer some insight on getting greater buy-in from throughout the organization, including the C-suite and those controlling the purse strings. Joining me to discuss these topics and run through a mock exercise will be: Navroop Mitter, the CEO and founder of ArmorText. His firm is a leader in secure out-of-band communications. Matthew Welling, a partner at Crowell & Moring's Washington, D.C. office, where he works in the firm's Privacy & Cybersecurity Group. Timothy Chase, the director of the Manufacturing ISAC, a non-profit organization and leading provider of threat intelligence sharing solutions. In addition to the table top exercise, we'll discuss: Communication challenges before, during and after an attack. Response strategies and the evolving dynamic of out-of-band communications. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify Everyday AI: Your daily guide to grown with Generative AI Can't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
For this episode, instead of tapping into one source for feedback and updates on industrial cybersecurity, we’re going to look at some of the key insights previous guests have offered on the evolving threat landscape – from increased risks emanating from technological integrations and an uptick in automation, to the more traditional adversaries responsible for next-generation malware, ransomware and phishing schemes. To kick things off, we'll hear from: Tom Marsland, VP of Technology for Cloud Range as he discusses threats to our infrastructure and state-sponsored groups from China. (3:31) He’ll be followed by Cyberhoot’s Craig Taylor as he updates us on phishing schemes. (5:45) And then we’ll hear from Jon Taylor at Versa Networks as he talks about strategies bad actors are taking in targeting legacy industrial control systems. While many of those topics are already at the top of our list of concerns, there are also a number of evolving threats that warrant an uptick in resources – from both a financial and skillset development perspective. We'll dive into comments from: (9:26) Corsha’s Anusha Iyer as she discusses supply chain and dwelling attacks. (15:33) Venafi’s Kevin Bocek and his take on embedded software v As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
While there are plenty of unknowns when it comes to protecting the OT attack surface, there are some things that are undeniably true. We know that the frequency of attacks will continue to increase. We know that it’s not if your ICS will be probed, but when. And we also know that asset and connection visibility is an ongoing challenge due to the implementation of more automated technology. Finally, we also know that one of the most important aspects of any cybersecurity plan is the portion that lays out the response. One of the most effective ways to address these concerns can be the use of attack simulations. In this episode we tap in to the expertise of Tom Marsland, VP of Technology for Cloud Range, a leading provider of live-fire cybersecurity exercises and training. Watch/listen as we discuss: All the little things that are continuing to pose challenges to industrial cybersecurity. Why state-sponsored hacker groups in China are getting more of his attention lately. Why successful incident response is about the people, not the tools. The importance of "training like you fight." His role with VetSec , and the role it can play in filling cybersecurity talent gaps. How to bring IT and OT together and why the onus on strengthening these bonds might fall more on IT. Why the culture of security needs to permeate throughout the entire organization. How AI can help make the most of your people. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Phishing Attack Defense 'Not Rocket Science' 22:22
22:22 Play Later Play Later Lists Like Liked22:22
Play Later Play Later Lists Like LikedMaybe you’re sick of hearing about phishing schemes and the way hackers are using this strategy to infiltrate your networks, access intellectual data, shut down production, or hold your assets for ransom. If that’s the case, then you’ve made a lot of hackers very happy. And based on Proofpoint’s 2024 State of Phish report, protecting against phishing schemes is simply not being reinforced or given the proper priority. For example, 71% of surveyed users admitted to taking a risky action, and 96% knew they were doing something risky when interacting with email or text messages. 85% of security professionals said that most employees know they are responsible for security, but 59% of employees weren’t sure or claimed that they’re not responsible. Furthermore, 24% admitted to responding to emails or text messages from someone they don’t know, and 19% clicked on links in emails from people they don’t know. Finally, 73% of surveyed companies reported a business email compromise, but only 29% are actively teaching users about BEC attacks. To address these and other phishing attack dynamics, I sat down with Craig Taylor, co-founder of Cyberhoot, a leading provider of phishing prevention solutions. Watch/listen as we discuss: How hackers are going after session tokens to steal valuable credential data. Why phishing prevention training spends too much time on avoiding the click instead of positive reinforcement of proper actions. The need for worker training to go beyond any impact to the company, to the individual cyber risks as well. How adding "friction" to email could be a solution. The bad password advice that many high-level organizations continue to distribute. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Legacy Mindsets Are Helping Hackers Weaponize Networks 43:17
43:17 Play Later Play Later Lists Like Liked43:17
Play Later Play Later Lists Like LikedSo, my daughters like to give me a hard time about growing old. Said another way, I’m a legacy asset - just like most of the devices many of you observe, manage and secure every day. Your machines are still in place because they work. While the technology around these assets has evolved, their core functionality and value to the production process has remained constant. But as sensors, network connections and access parameters have been upgraded to improve output, these highly prized pieces of equipment are showing their age from a cybersecurity perspective. The challenges they present are reinforced with findings from Fortinet’s 2024 State of Operational Technology and Cybersecurity Report. A couple of key takeaways include findings that show nearly one-third of respondents experiencing six or more intrusions in the last year. Additionally, fewer respondents claimed 100 percent OT system visibility – with that number decreasing from 10 to five percent. On the bright side, we’re getting better in some areas, with 20 percent of organizations establishing visibility and implementing segmentation, up from only 13 percent the previous year. Joining us to discuss these and other trends is Jon Taylor, Director and Principal of Security with Versa Networks , a leading provider of digital transformation and edge security solutions. Watch/listen as he discusses: Why the Purdue model might re outdated and preventing many from using new strategies like SASE. Why he believes visibility is security - "you have to see it do defend it," and how AI could be the solution. The need for OT to look at vulnerabilities from a network or architecture perspective, not by device or connection As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Using Force Multipliers to Protect Against Next-Gen Stuxnet 40:51
40:51 Play Later Play Later Lists Like Liked40:51
Play Later Play Later Lists Like LikedWhile the justifications for additional cybersecurity spending is easy to explain, getting buy-in at the C-level can be difficult. However, some recent research might help you win over those controlling the purse strings. SonicWall’s Mid-Year Cyber Threat Report found that their firewalls were under attack 125 percent of the time during a 40-hour work week. And if that doesn’t get the attention of the powers that be, it might also be worth mentioning that during these attacks SonicWall also found that, at a minimum, 12.6 percent of all revenues were exposed to cyber threats that were not covered by security tools or procedures. Extrahop’s Global Cyber Confidence Index also reported that 31 percent of cyber and IT leaders want more budget, or more accurately, a 50 percent increase in order to effectively manage and mitigate cyber risk. That number might seem a bit inflated, but it does help illustrate how we’re seemingly fighting the cyber battle on multiple fronts. To help sort through some of these challenges and direct our resources as effectively as possible, I recently sat down with Anusha Iyer, the Founder and CEO of Corsha, a leading provider of OT asset management and access security solutions. Watch/listen as we discuss: How to retrofit new practices for legacy assets in order to optimize uptime. The false confidence generated by many air gap strategies. The importance of machine identity strategies in order to understand the best ways to secure assets and their growing number of connections. Increases in ICS-focused malware and live-off-the-land attacks. The importance of focusing on the "whys" when conducting employee cybersecurity training. Reinforcing the "realities of the day" in im As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
One of the most common topics we explore here on Security Breach is the ongoing challenge of asset visibility in the OT landscape. It's frustrating because it would seem that the solution starts with basic inventory management approaches, i.e. the first step in developing frameworks and plans for everything from tool selection to attack response. Of course, this is never simple due to the increasing amount of IIoT technology and the connection demands they place on industrial systems. It’s a situation that promises to only get more complex, with Fortinet reporting that in 2023, only five percent of surveyed organizations have 100 percent visibility into their own OT activities – a number that is down from 13 percent in 2022. To provide some insight on managing this growing number of machines, connections, access points and other vulnerable areas of the ICS, we connected with Kevin Bocek, the Chief Innovation Officer at Venafi, a leading provider of asset identity management. Watch/listen as he discusses: Why cyber incidents are a learning opportunity for everyone. The benefits of showing the C-suite all those plant floor connections when working to get proper cybersecurity funding. The rise in attacks that will be emanating from legacy software and coding. Why software assets should be managed and secured in the same manner as machines or devices. How manufacturing can bring Continuous Improvement strategies to OT security. Stuxnet's long-term impact. How quantum computing will dramatically alter authentication approaches and secure-by-design practices within the next five years. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
According to Veeam’s 2024 Ransomware Trends Report, cyber victims stated that they were unable to restore 43 percent of whatever data was affected by ransomware attacks. This reaffirms what a number of Security Breach guests have stated about trusting hackers after paying their extortion demands. Another finding shows that 63 percent of ransomware attack victims restored the compromised systems directly back into their production environment, without some type of quarantine or scanning method. The risk here, obviously, is simply bringing the ransomware right back to where you removed it. This is a big contributor to the ongoing frustrations associated with dwelling, or living-off-the-land attacks. As much as we’d like it to, ransomware simply won’t go away. Some of this stems from a hacking community that continues to draw from a growing treasure chest of financial and technical resources. The other is that we continue to fall short in executing some of the basic blocking and tackling of cybersecurity, like protecting logins, improving visibility of our OT environment, and securing key devices. In this episode, John Terrill, vice president of Phosphorus, a leading provider of security management services and solutions, offers his take on ransomware, as well as: How hackers are using replicable tool kits in moving from system to system or victim to victim in the industrial sector. Moving past the mindset that vulnerabilities are only a problem if that can't be exploited - hackers will them. How those in cyber defense need to unlock their "creative maliciousness", or take a similar approach to hackers in not being afraid to move around the system and potentially break stuff in order to identify soft spots in defenses. Why he prefers homegrown OT security expertise. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
The ongoing theme in industrial cybersecurity centers on two competing dynamics – the desire to expand our implementation of automation and Industry 4.0 technologies with the goal of using more and faster connections, along with the decision-making data each generates to improve the efficiency and quality of production. However, these goals now need to be counter-balanced against the heightened risks that all these connections spawn, and the doors they can open for hackers looking to shut down, extort or steal data from manufacturers. In this episode, Joe Saunders, the CEO and Founder of RunSafe Security, offers his take on securing these connections and data, as well: The on-going challenges associated with memory-based vulnerabilities. Tactics for supporting legacy OT code and minimizing the potential disruptions that can accompany software upgrades. Addressing vulnerabilities at a "class" level, instead of the one-at-a-time "whack-a-mole" approach. Embracing CISA's secure-by-demand edicts. The balancing act of more connections without lowering the security posture. Warnings about China and other state-sponsored threat actors. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Inside the Growing Complexity of Ransomware Hacking Groups 32:32
32:32 Play Later Play Later Lists Like Liked32:32
Play Later Play Later Lists Like LikedWe’re back to discuss an all-too-familiar topic – ransomware. Ironically enough, it seems the topics we describe in this manner become so familiar because we can’t figure out viable, long-term solutions. I think part of the challenge for industrial organizations dealing with ransomware is that we have to divide our energy and resources between prevention, detection and response. Any one of those is a challenge, but managing all three is daunting, and hackers know this. But so do the good guys - one of which is our guest for today’s episode. Listen as Jeff Krull, principal and leader of Baker Tilly’s cybersecurity practice discusses their Guide to Ransomware Prevention, as well as his thoughts on: The C-suite's growing appreciation of how cyberattacks are impacting profitability, which means cybersecurity has become more than just an IT issue. How more resources have made RaaS groups increasingly difficult to detect and stop. Paying vs. not paying the ransom. Why more cyber regulation is on the way. Manufacturing's lack of redundant assets is making it a more attractive target, but also fueling action around response and recovery plans. Why not everyone needs access to everything. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Time to 'Rip off the Band-Aid' to Ensure Security 40:20
40:20 Play Later Play Later Lists Like Liked40:20
Play Later Play Later Lists Like LikedA smarter, well-funded hacker community means embracing basic, yet daunting cyber challenges. In manufacturing, regardless of your role, avoiding downtime is an obvious priority, and one of the motivating factors driving investments in cybersecurity. In working to mitigate potential DDoS attacks or malware drops, manufacturers are tapping into more resources in heightening their awareness of vulnerabilities and the associated remedies, which can include updating access protocols, applying patches and replacing old equipment and technology. The problem is that the solutions can actually contribute to the problem you were originally trying to avoid – downtime. Our guest for today’s episode looks to offer some solutions. Watch/listen as Gabe Dimeglio, VP of Global Security Services at Rimini Street, a leading provider of data security and managed services, offers his take on: Patching strategies that minimize downtime. Getting employees engaged in cybersecurity strategies. Ensuring buy-in from throughout the enterprise when security measures need to be implemented. The evolving nature of hacker skills and the volume of attacks they are able to launch. How nation states are developing an institutionalized approach to developing new and better-trained hackers. Placing a priority on visibility, inventory and segmentation tools. Why he's an advocate of better regulatory efforts, not necessarily more of them. The under-utilized resources available to constructing response plans. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Combating the 20th Century Mafia with a Stronger Human Firewall 47:15
47:15 Play Later Play Later Lists Like Liked47:15
Play Later Play Later Lists Like LikedSophos recently reported that 65 percent of manufacturing and production organizations were hit by ransomware last year, which, unlike other sectors, is an increase. Overall, these attacks have increased by 41 percent for manufacturing since 2020. Additionally, the cybersecurity firm found that 44 percent of computers used in manufacturing have been impacted by a ransomware attack, and over half of these intrusions can be directly linked to malicious emails and compromised credentials. These findings help illustrate what we’ve known for years – hackers would rather log in than break in. And stopping these types of attacks requires starting with your front line defenses – the workforce. Our guest for today’s episode will look to offer some solutions for transitioning employees from a weak link to a key cybersecurity asset. Watch/listen as Shawn Waldman, CEO and Founder of Secure Cyber, a leading provider of secure network design solutions, discusses: Why he would give the industrial sector a low D when grading their ability to effectively communicate security processes and protocols. How to address those employees that continue to click on every link in their emails. Why cybersecurity should be treated like a trade. Understanding the difference between security tools and IT services. Implementing accountability without being overly punitive and rewarding employees for positive cybersecurity actions. The concerns he has about 5G and quantum decryption. Avoiding the AI "easy button". As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Tearing Down the 'Set It and Forget It' Mindset 43:02
43:02 Play Later Play Later Lists Like Liked43:02
Play Later Play Later Lists Like LikedI recently watched an interesting documentary called Turning Point: The Bomb and the Cold War on Netflix. Great watch – I’d highly recommend it. Essentially it positioned nearly every prominent geo-political event since World War II as fallout from the U.S. dropping the nuclear bomb on Japan to end World War II. Similarly, we can look at a number of recent, major cybersecurity events that have their origins in attacks on critical infrastructure. Whether you want to go all the way back to Stuxnet, or more recent developments like Colonial Pipeline, hackers realized that the control systems utilized in these environments mirror those used by manufacturers like Boeing, Clorox, Johnson Controls and many others who have been recent victims of high-profile hacks. Joining me to discuss these dynamics is Bill Moore, the founder and CEO of XONA Systems, a leading provider of secure access solutions. Watch/listen as he dives into: The challenges of updating and securing the legacy tech found throughout manufacturing and critical infrastructure. Getting past the 'set it and forget it' mindset of industrial cybersecurity. Strategies for implementing updates and patches without slowing operations or opening new doors to hackers. Ways to improve funding processes to ensure security needs are met and keep pace with an evolving threat landscape. How the more distributed dynamic of OT technology needs to be understood in developing new strategies and implementing new tools. Lessons learned from Colonial Pipeline. Ways to optimize regulatory efforts. Why every industrial organization needs a dedicated Director of OT Security. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
When I was a kid, we always looked forward to my dad’s work picnic. He was a tool and dye maker for a leading caster manufacturer that would rent out a local park, make a ton of food and put on various games and activities for the families. One of the highlights of this day was a softball game pitting the office versus the shop. The good-natured shots that were fired across the dugouts of this summer classic reminds me of the challenges we see in industrial cybersecurity when it comes to bringing OT and IT teams together. While great strides have been made and numerous lessons learned on why these groups need to sync up, the reality is that we still have a long way to go. Over the last couple of months we’ve had some interesting takes on how to realize this need, so let’s revisit the following thoughts on the IT-OT working relationship from: Kris Lovejoy, Global Security and Resilience Leader at Kyndryl. John Cusimano, VP of OT Security at Armexa. Josh Williams, Strategic Account Manager at IriusRisk. Rod Locke, director of project management at Fortinet. Our guests have also weighed in on some of the more challenging dynamics of improving the IT-OT relationship. These have included: Brian Deken, Commercial Manager of Cybersecurity Services at Rockwell Automation . Riley Groves, an engineer from Auvesy-MDT. Theo Zafirakos, Cyber Risk and Information Security Expert at Fortra. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 'There's No Bulletproof Vest' in Cybersecurity 52:37
52:37 Play Later Play Later Lists Like Liked52:37
Play Later Play Later Lists Like LikedAn ethical cyber researcher breaks down the 'tsunami of exposed data' he continues to uncover. When it comes to solving industrial cybersecurity's biggest challenges, I think we have to continue to ask questions that simultaneously tackle basic blocking and tackling concerns, as well as those that lead to bad news. Both prevent us from putting our heads in the sand in trying to ignore the shortcomings of our current strategies, and I’d argue that a great deal of positive outcomes couldn’t be realized without repeatedly asking questions and not being afraid of the potential findings. I also think our guest for this episode would agree. It’s our pleasure to welcome Jeremiah Fowler to Security Breach. He’s a leading cybersecurity researcher who has a wealth of knowledge on the industrial threat landscape, and recently uncovered a data vulnerability exposing 769 million personal records and 380,000 email addresses. Left unaddressed, this could have had highly damaging impacts on a global scale. Watch/listen as Jeremiah shares his thoughts on: The need to educate the C-Suite on risk, the real-world costs of cybersecurity shortcomings, and how you can't measure the loss of trust. Why the human factor will always be the weakest link. How nearly every issue in cybersecurity comes back to visibility. The new challenges AI will continue to create. The increasing threat stemming from new credential harvesting schemes that clone login pages. The unintentional backdoor vulnerabilities created by legacy systems. Why he misses the Golden Age of Bug Bounties. The value of placing time limits on access to sensitive data. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
The landscape of industrial cybersecurity continues to change and evolve, and demands a vigilant monitoring of the next threat, vulnerability or potential soft spot in our defenses. That’s why we continue to produce Security Breach , and, by the way, continue to be so appreciative of the growth and support we’ve received from each of you. That said, once in a while it’s good to take a look back at some of the ongoing lessons that we’re learning, especially when the input from our guests offers such an interesting range of responses. So, let’s hear from a collection of previous guests as they reflect on the challenges and opportunities of more connection points, and how they responded to the question – are we over-connected? Joel Burleson-Davis, SVP of Cyber Engineering at Imprivata Josh Williams, Strategic Account Manager at IriusRisk Roman Arutyunov, Co-founder of Xage Security Kris Lovejoy, Global Security and Resilience Leader at Kyndryl Roland Cozzolino, CTO/CIO of InsightCyber Sharon Brizinov, Director of Research at Claroty’s research arm, Team82 As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
According to IBM’s Cost of a Data Breach Report , nearly 20 percent of the organizations surveyed stated that they have experienced a breach stemming from a compromise in their supply chain, or a vulnerability related to it. The average cost of these breaches was estimated at just under $4.5 million. Their data also found that attacks emanating from the supply chain had a longer lifecycle than average. The increased costs and complexities of addressing supply chain attacks is not a surprise when you consider that these intrusions not only impact the targeted company, but the logistics, distribution and retail elements that are dragged along on this difficult and painful ride. To help dive into the factors associated with supply chain attacks and other cybersecurity challenges, we welcome Theo Zafirakos, a Cyber Risk and Information Security Expert at Fortra to the show. Watch/listen as we discuss: The three primary soft spots from which supply chain hacks emanate - software, devices and people. Why people are the most neglected of the three, and how they can be trained to identify attacks. The expanded role AI is playing in email compromises that help fuel supply chain attacks. Why IT and OT need to become more aware of each other's requirements and risks. The important role cybersecurity plays in ensuring operational reliability. The growing need for ransomware response plans, and how a national supply chain hack helped reinforce this need for all enterprises, regardless of size or sector. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Due to the rise in attacks on manufacturing and critical infrastructure, and the devasting impacts these attacks have on daily lives around the world, the World Economic Form recently unveiled a report entitled Building a Culture of Cyber Resilience in Manufacturing . This initiative not only identified the sector’s primary challenges for developing a culture of cyber resilience, but also formulated three guiding principles for establishing an enduring strategy. They revolve around people, processes and culture. I was fortunate enough to have one of the key contributors to the creation of these strategies sit down with me for some unique takes on the biggest challenges facing industrial cybersecurity. Watch/listen to my conversation with Kris Lovejoy, Global Security and Resilience Leader at Kyndryl , a leader in cyber resiliency strategies and services, as we discuss: How the capital investment process utilized throughout manufacturing could be leaving several key players behind, and the negative impacts this could have on the entire sector. Why security is not a tool, but a process. The ongoing issues associated with asset inventory and the first steps to take in correcting this issue. The Trojan Horse dynamic that smaller enterprises need to embrace in order to improve their security posture. How to know if you're the biggest risk or weakest link in a production environment or supply chain. Why regulatory efforts focused on cybersecurity could dramatically change the composition of the industrial sector. The difference between moving to the cloud and securely moving to cloud platforms. How security should be a driver of digital transformation strategies. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 There's No 'Plant the Flag' Moment in Cybersecurity 33:38
33:38 Play Later Play Later Lists Like Liked33:38
Play Later Play Later Lists Like LikedWhen looking at industrial cybersecurity, more attention is being paid to how workers are logging in to access critical machinery, software or data. And according to Trustwave Threat Intelligence’s recent Manufacturing Threat Landscape report, 45 percent of attacks experienced by manufacturers stemmed from the bad guys accessing credentials. Whether by utilizing brute-force tactics, submitting fake support tickets, or purchasing logins on the Dark Web, this seems to prove that hackers would much rather log in than break in. The report also cited the rise of Initial Access Brokers, or groups that focus specifically on obtaining and selling log-in data to other hackers. One example cited by Trustwave saw an IAB offering access to a leading steel manufacturer for just over $60,000. Unfortunately, this is not a unique circumstance, which is why we're talking to David Cottingham, president of rf IDEAS to weigh in on the ongoing challenges surrounding secure access throughout the OT environment. Listen as we discuss: The importance of simplifying security processes to keep people engaged with them. Why no manufacturer is too small to be a target for credential-based attacks. Overcoming the bad behaviors that can result from operations personnel dealing with over 25 passwords. Avoiding punitive actions surrounding people-based security vulnerabilities. Why dual factor authentication strategies are key to ongoing security developments. Best practices for mobile device use. How VPNs, firewalls and password wallets are simultaneously solutions and vulnerabilities. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
As we’ve discussed numerous times on Security Breach , terms like change, evolution and constant are more than just buzz terms – they’re a simple reality of working in the industrial OT space. Whether we’re discussing threat actors from Stuxnet to Lockbit, tactics from social engineering to double-extortion ransomware, or vulnerability sources ranging from weak passwords to embedded secure-by design concerns, the ever-expanding attack surface is a constant reminder of change and the evolving nature of threats. In this episode we talk to Michael Haase, and draw on his extensive background and personal experiences as we discuss: The on-going balancing act between cost and security priorities. Why he considers the need for phishing training, "a massive failure on the part of the technical community." How AI is laying the groundwork for attacks that haven't happened yet. Why the growing complexity of hackers is actually a positive indicator. Automation is the inflection point for cybersecurity - for both sides. The shift from worrying about the ability to detect new attacks to focusing on the vulnerabilities being exploited. The distinction between learning what needs to be done and actually taking action. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Protection and Productivity of Zero Trust 44:17
44:17 Play Later Play Later Lists Like Liked44:17
Play Later Play Later Lists Like LikedOver the last nearly 100 episodes of Security Breach we’ve discussed a wide range of strategies for protecting the manufacturing enterprise. But perhaps the most polarizing of these has been Zero Trust. While some unwaveringly champion the cause of this approach, others question the ways in which it is typically deployed. Perhaps this dichotomy is best represented in Palo Alto and ABI Research’s The State of OT Security report. It found that 93 percent of those surveyed were familiar with Zero Trust, and 87 percent found the approach to be the right fit for protecting OT environments. However, half of those participating in the research also stated that there are practical blockers that prohibit implementation. In the end, like most things in the cybersecurity world, the answer lies in striking a balance between restricting access and implementing safeguards against time-consuming processes. In this episode I talk to Roman Arutyunov, Co-founder and SVP of product at Xage Security, about zero trust and a number of other topics, including: How cybersecurity needs to be viewed as both a productivity and protection tool. Overcoming the "it won't happen to me" mindset. The sector's over-reliance on VPNs and firewalls. Why manufacturing is missing regulatory guidance, and why that will change in the short-term. Improving responses to attacks, including ransomware.. How AI can play a key role in shrinking the attack surface. Avoiding tool implementations that can be an "inverse pyramid of pain." As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
One of the more common obstacles that we discuss here on Security Breach is how increased connectivity has combined with new Industry 4.0 technologies to constantly expand the OT attack surface. In the midst of all this expansion, it’s easy to either overlook cybersecurity concerns, or put too much trust in the embedded security features of the new assets. So, while this usually brings up conversations about endpoint security, integration processes and secure-by-design protocols, let’s talk about something that our guest for today’s episode knows and understands all too well … time. Industry experts value downtime on the plant floor at about $250k/hour. So, just like predictive maintenance has become part of a facility’s new normal, predictive cybersecurity needs to receive the same priority. Here to discuss this concept is Riley Groves, an engineer at Auvesy-MDT, a leading providing of ICS and automation solutions. Listen as we also discuss: The improving convergence of IT and OT on the plant floor. Getting ahead of vulnerabilities. The factors driving greater buy-in from the C-suite on cybersecurity investments. Why cybersecurity is the Special Teams of the industrial enterprise. How legacy systems are providing "function by disfunction" from a security perspective. The better ways to use AI. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Those of you with a military or law enforcement connection are probably, and unfortunately, familiar with the term collateral damage. While this phrase has a legacy in these environments, it’s also become an unwelcome addition to the realm of cybersecurity. Examples of this dynamic can be found in a number of hacktivist attacks that targeted infrastructure in a certain region, but either through unrealized connections or other bad actors simply following the blueprint, impacted facilities across the globe. Jason Oberg, the CTO of Cycuity, a leading provider of vulnerability mitigation solutions for semiconductor manufacturers, recently joined us to discuss some of the potential fallout from hacks, and how to prevent or respond to them in minimizing the collateral damage. We also talked about: How hackers are getting smarter in their hacks against chip makers. Why awareness of hacker tactics is not enough, and how manufacturers of all types can enhance their knowledge level pertaining to the growing sophistication of hackers and attacks. Addressing the baked-in compromises of hardware products, and the long-term impacts on all users and industries. Focusing on the inherent vulnerabilities of production processes, not just the associated technology. Balancing the goals of "getting product out the door" with embedding greater levels of security. How greater transparency can help with secure-by-design challenges. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The OT Threat Landscape's Infectious Nature 44:43
44:43 Play Later Play Later Lists Like Liked44:43
Play Later Play Later Lists Like LikedViewing hacks as diseases to address evolving threats, vulnerabilities and tools like AI. Like many of you, I recently dove into Verizon’s 2024 Data Breach Investigations Report (DBIR ) . And while there’s a plethora of data housed in the report that could fuel conversations on a multitude of topics, I chose the following two pieces of information: While credential harvesting and phishing attacks still led the way, the use of exploitable vulnerabilities to access networks tripled from last year, and were primarily leveraged by Ransomware and other Extortion-related threat actors. The reported median time to click on a malicious link after an email is opened is 21 seconds, and then only another 28 seconds for the person caught in the phishing scheme to enter their data. So, basically, a successful phishing attack can be executed in less than 60 seconds. These two items caught my eye because they seem like the low-hanging fruit when it comes to cybersecurity. In this episode, Roland Cozzolino, CTO/CIO of InsightCyber, a global provider of asset visibility, risk management and security services delivered via an AI-driven platform, offers his perspective on these types of exploits, as well as: Why state-sponsored hacker groups are his biggest concern. The problems caused by patient hackers and their live-off-the-land, or dwelling approach to network intrusions. How manufacturers can and need to improve their use of AI tools for enhancing visibility, asset management and threat detection. The advantages of designing OT security processes as though you're working in a disease-driven environment. Viewing cybersecurity as less about saving money and more about not l As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
It starts with a dedication to enhanced visibility. One of the big conversations regarding OT security revolves around the use of tools. Some have too many, others not enough and everyone is searching for the funds to mange and obtain the right ones for a constantly evolving threat landscape. The key to understanding which tools are right for you and your organization not only demands a comprehensive understanding of your OT environment’s assets, APIs and connections, but a working situational awareness. Here to discuss some of these topics, and more, is Sharon Brizinov, Director of Research at Claroty’s research arm, Team82. Claroty is a leading provider of ICS and OT security, with partners that include Rockwell, Schneider Electric and Siemens. Watch/listen as we discuss: How creating patching windows can help address vulnerabilities more quickly. How tools can help manage the proliferation of connected devices. Why OT will benefit from IT's lessons-learned. Creating a defense against your daughter's iPad. Why manufacturers have to do a better job of knowing what they're defending against. The non-complicated, but terrifying strategies of hacktivists and state-sponsored attack groups. (Click here to view the report discussed in this episode breaking down a recent hack on Russian manufacturing.) The evolution of component-level connectivity, and what that will mean for industrial cybersecurity. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Many attacks on manufacturers are just the first step in going after even bigger targets. One of the inescapable truths about the industrial sector is that it is usually the ultimate proving ground for product performance. When we look at some of the technologies that have created seismic social shifts, tools like operational software, wireless connectivity and numerous monitoring devices were not ready for the demanding industrial environment right away. When it comes to cybersecurity, that dynamic has done a 180. Hackers initially went after healthcare and financial institutions because they were seen as easy targets with deep pockets that would pay to make the problem go away as quickly as possible. Then 2020 came and put many industries on pause – except for manufacturing. Like moths to a flame, the hackers were drawn to OT networks and found not only a vulnerable target, but a lucrative one. We tackle these issues and many others in this episode with Sam Moyer, MxD’s Lead Cybersecurity Engineer. Some of the topics we discuss include: The lingering (live-off-the-land) nature of many state-sponsored or hacktivist group attacks. Finding the right ways to prioritize cybersecurity in manufacturing, and how the industry works "in it's own time." The disruptive or competitive push that manufacturing is missing. AI, and the potential traps to avoid in eliminating too much human knowledge. Why manufacturers are a target because of who they work with on a regular basis. Improvements in landscape visibility. The rise in frequency of manufactures paying ransomware demands. Navigating the regulatory landscape, and learning from past mistakes. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
In this episode, we dive into some of the most notorious attacks to hit manufacturing over the last six months. In addition to speaking with cybersecurity experts from around the world for this podcast, I’ve also been able to do a fair amount of reporting on our websites regarding several high-profile industrial attacks. So, I felt like it could be interesting to present some of these articles via the Security Breach podcast in helping further the conversation around tactics and lessons learned. So sit back and watch or listen as I dive into some of the most notorious attacks to hit the industrial community over the last six months. The first hack I’d like to cover is one that we’ve referenced several times here on the podcast – the Cyber Av3ngers Unitronics PLC hack. The second attack I'm going to discuss involves a large player that those involved with industrial networking will immediately recognize – the Dark Angels penetration of Johnson Controls. This hack serves as a strong example of how a growing number of OT attacks can originate within IT systems or assets. We'll also take a look at another familiar company within the ICS community, and how they responded to a double-extortion ransomware attack from the Cactus RaaS group. Finally, we take a deep dive into another Dark Angels attack. This time the victim was Nexperia, a leading manufacturer of silicon-based processors based in The Netherlands, and a subsidiary of China-based Wingtech Technology. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions. As we near our 100th episode of Security Beach , I thought it would be a good time to take a look back at some of our guest’s predictions from the previous 12 months. If you want to check out the full episodes from any of these previous guests, you can find them in the show archives, or by clicking through to our website. So, join me as we take a look back at a collection of predictions from: Pete Lund at OPSWAT John Dwyer from IBM Siemens’ Kimberly Cornwell Moty Kanias from Nanolock NovaCoast’s Elise Manna-Browne Brian Haugli from SideChannel Huxley Barbee from runZero Forescout’s Daniel Trivellato Dragos’ Dawn Cappelli Impero’s Matthew Wolfe KnowBe4’s Erich Kron Tony Pietrocola from Agileblue As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 DMZs, Alarm Floods and Prepping for 'What If?' 48:58
48:58 Play Later Play Later Lists Like Liked48:58
Play Later Play Later Lists Like LikedThe new factors impacting a growing attack surface, and how to evolve your cyber risk strategies. The origins of what we talk about here on Security Breach can go back to any number of transformational events, but the reality is that all of them contributed an individual component to the unique mosaic that is the legacy of industrial cybersecurity. What is most interesting is that the first hacks of industrial control systems occurred at water treatment facilities, oil and gas pipelines and energy plants. These targets were chosen because they simultaneously provided great visibility, heightened social impact, and, most notably, easily exploitable vulnerabilities. In most cases, these attacks allowed the hackers to accomplish all of their early financial and self-promotional goals, along with longer-term benefits that we’re all dealing with now – how to successfully probe the ICS. John Cusimano, VP of OT Security at Armexa is our guest for this episode. He's seen hackers apply these lessons learned about the industrial control system first-hand, and has some interesting thoughts on the current threat landscape, as well as solutions for keeping your systems secure. Watch/listen as we discuss: How he transitioned from a safety and automation engineer to a career in OT cybersecurity. The benefits of failing in a safe manner. The new dangers of remote monitoring. Ways to implement application safe listing. Always being prepared to answer the 'what if?' question. Micro-segmentation and DMZ strategies. Best practices for patching and avoiding alarm floods. Why his biggest concern lies in a large-scale, coordinate attack on the ICS. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield. Everything old … is new again. While that might seem like a natural lead-in for discussing hacker tactics, that same mantra rings true when discussing OT technology. Mordor Intelligence recently reported that U.S. manufacturing spent over $307 billion on digital transformation technologies last year, and nearly every research and consulting outlet around the world is predicting that those numbers will rise in 2024. All this new software, connectivity, automation and equipment creates a familiar challenge when it comes to OT cybersecurity. This meshing of the old and new is something our guest for this episode is all too familiar with, and he’s here to break down everything associated with bringing legacy and next-gen together. Listen as Josh Williams, Strategic Account Manager at IriusRisk, offers his thoughts on secure-by-design, as well as: How the industrial sector gets a C- when it comes to securely integrating new technology into the OT landscape. Why the onus for secure-by-design concepts resides with the buyer. How monitoring became a critical vulnerability. The double-edged sword of connectivity. How state-sponsored hackers are a threat to more than just political targets. Why industrial OT is the front line in the cyber war. Why he doesn't want to be the "old man yelling at the clouds.". How supply chains have become manufacturing's biggest cyber concerns. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Impacts of Over-Connectivity and Mobile Defeatism 49:51
49:51 Play Later Play Later Lists Like Liked49:51
Play Later Play Later Lists Like LikedThe good, the bad and the ugly of mobile device security in the expanding OT attack landscape. Included in the challenges associated with securing an ever-expanding OT attack surface is the role played by the increasing use of mobile devices – at both the enterprise and individual level. In fact, according to a recent report from Imprivata , only 46 percent of manufacturing organizations have the ability to maintain control over who has access to such devices and when, and 61 percent are using shared pin numbers to secure these devices. Additionally, an average of 16 percent of these devices are lost each year, costing organizations over $5M annually, not to mention the collateral damage from a security perspective. This translates to an opportunity for hackers to unleash catastrophic damage by leveraging any vulnerabilities in areas like remote monitoring, and potentially new ways to worm into the networks associated with controlling your machines and systems. Watch/listen as Joel Burleson-Davis, SVP of Cyber Engineering at Imprivata, returns to Security Breach to discuss OT mobile device security, as well as: The journey the industrial sector has made from devices that were never intended to be connected, to what Joel describes as OT "super connectivity". Why OT continues to be an easy target for hackers. The evolution of hacking groups. How we might be over-doing all the connectivity. The double-edged sword that is mobile use in the industrial sector. Avoiding 'mobile defeatism'. Combatting the growing number of dwelling or living-off-the-land attacks. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
It's not always about the ransom, data theft or denial of service. Many cheered with the recent crackdowns on groups like LockBit, and rightfully so. However, the harsh reality is that most of these victories are short-lived. For example, after law enforcement seized control of multiple LockBit websites and stolen data, the group was back to running extortion campaigns within a week. And the same can be said for many other high-profile busts of groups like Hive and Volt Typhoon. These groups re-build or re-brand, as was the case with the Conti Group offshoot Black Basta. After Conti disbanded, Black Basta reformed from the ashes and tallied over $100 million in ransomware payments last year. My point is not to belittle the incredible work that global agencies are performing, but to illustrate that while the industrial sector continues to make tremendous gains - the war continues. And as we evolve and improve, so will the bad guys. And perhaps no one knows this better than our guest for this episode - Rod Locke. He’s the director of project management at Fortinet, a leading provider of OT cybersecurity solutions. Watch/listen as Rod shares his thoughts on: The growing influence of state-sponsored hacker groups. The rise of dwelling or live-off-the-land attacks and how some hackers are more focused on learning about their victims than harming them. Why OT can't always place the blame on IT, and the value in understanding both environments. How some regulatory efforts might have "swung too far." How to attract more "unique individuals" to cybersecurity. An anticipated rise in cloud infrastructure and the ways it will impact data security. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
Balancing resources to keep the bad guys out, improve real-time visibility, and develop quicker responses to new attacks. In what might be legendary singer Johnny Cash's most famous song, he speaks of keeping his eyes wide open all the time, and those tasked with OT security responsibilities are finding that they too need to walk the line. In the cybersecurity world this means balancing between the priorities of different operational environments, selecting tools and technologies that best match these priorities, and then understanding how all these investments can be intertwined to carry out your strategy. Unfortunately, this makes it bit more difficult to stay true to original plans. Navigating that line also entails an understanding that keeping the bad guys out is not the sole function of cyber defense, because the evolution of threats and an expanding OT attack surface has created an incredibly complex environment – a fact that is as obvious as night is dark and day is light. So, to keep us walking that line in understanding how to adapt our tools and strategies, we welcome Stephen Tutterow, a team lead at Pentera, to the show. Pentera is a leading provider of automated security validation solutions. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Industry experts assess the ransomware attack, the attacker, and critical takeaways for manufacturers of all sizes. Recently, one of the most high-profile manufacturers in the world – Boeing – suffered what they’re describing as a “cyber incident”, which resulted in a large, but unknown quantity of data being stolen and held for ransom by the notorious Russian RaaS group, Lockbit. Lockbit, which is highly recognized as one of the most prolific threat actors targeting the industrial sector, obtained what is currently assessed as Citrix cloud files, security controls, email backups and corporate emails. The leak is potentially tied to a parts distribution company, Aviall, that Boeing purchased in 2006. What remains to be seen, despite Boeing’s claims, is just how damage this leak could cause, what the ramifications might be moving forward, how Boeing might respond and what the industrial sector can learn from this incident. We’ve assembled two leading industry experts to break down the attack - KnowBe4’s Erich Kron and Tony Pietrocola, president of AgileBlue and the Northern Ohio chapter of InfraGard . We’re also excited to announce that this episode is being sponsored by Palo Alto Networks. Protect your OT assets, networks and remote operations with Zero Trust OT Security from Palo Alto Networks. It’s powered by AI and machine learning while offering comprehensive visibility, zero trust security for all OT environments, and simplified operations. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security . To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overca As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Staying ahead of hackers as they look to infiltrate every new connection point. The balancing act continues when it comes to industrial cybersecurity, with the focus of many organizations split between focusing on known internal weaknesses or harnessing a better understanding of the external black hat organizations wanting to shut them down, steal data or extort payments. One stat that helps demonstrate this dynamic comes from the IBM Security X Force Threat Intelligence Index , which shows a 94 percent reduction in the average time for the deployment of ransomware attacks. What took attackers over two months in 2019, now takes less than four days. Another example comes from Open Text’s 2023 Cybersecurity Threat Report that took a closer look at the notorious LockBit group. Not only have they dropped more malware than any other in the last year, but they’ve begun to implement triple-extortion tactics. Joining us to discuss these and other topics related to threat intelligence and how to prioritize it, is Jonathan Tomek, VP of Research and Development at Digital Element, and co-founder of THOTCON , a hacking and security conference hosted in Chicago each spring. We’re excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security . To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
There are two common elements of a hacker’s strategy that show up regardless of whether it’s a ransomware attack on a local healthcare system or a malware drop on a global automotive manufacturer. The first is speed. Once an exploit is detected by the bad guys, they will work as quickly as possible to take advantage of it, hopefully beating the deployment of any patches. The second element is manipulation. Most commonly, hackers take advantage of well-established systems that have unextraordinary access points, legacy connections or human management dynamics that are easily manipulated by altering software code, stealing login data or introducing malware. Based on these fundamental dynamics, it would seem that hackers could benefit greatly from a tool that reduces a human being’s grunt work and utilizes algorithms and automation to produce the text for a phishing email, to re-write software code, or to develop data mining protocols to obtain logins and personal information. That tool is obviously artificial intelligence, and the hackers are all too familiar on how to use AI platforms for their nefarious purposes. Fortunately, the good guys have also become well-schooled in the art of AI, and one example is Gary Southwell, the VP and General Manager at ARIA Cybersecurity. He joins us to share some AI tricks that can slow down and defeat threat actors. We’re excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get yo As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Using hacker tactics against them by getting IT and OT on the same page. One of the most recent, widespread and hardest hitting cyberattacks is the MOVEit exploit spearheaded by the ransomware gang Clop. The zero-day vulnerabilities associated with this file transfer tool impacted a number of global manufacturers, including Shell, Schneider Electric, Siemens Energy, Emerson, FANUC, Bristol Myers Squibb, TTI and Honeywell. Essentially, Clop was able to infiltrate MOVEit files and inject commands that allowed the hackers to access databases and steal a plethora of personal and operational data from over 300 companies. Since its origins in 2019 Clop has targeted over 10,000 companies around the world. To help offer some clarity on the depth of this attack, some lessons learned from this ordeal, and things manufacturers need to know about the evolving threat landscape, it’s our pleasure to welcome Mike DeNapoli to the show. Mike serves as the cybersecurity architect and director at Cymulate – a leading provider of attack surface management and cyber risk mitigation solutions. We’re excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Patches, PLCs and Making it Harder for Hackers 36:24
36:24 Play Later Play Later Lists Like Liked36:24
Play Later Play Later Lists Like LikedThe little things that can shore up cyber defenses and protect against evolving attack groups. When it comes to assessing the threat landscape for OT cybersecurity environments, the challenge has become less about identifying possible sources of attack, and more about prioritizing them. Protection from external sources gets a lot of attention, and rightfully so. However, another source of these threats, which can be just as detrimental, lies within the walls of your facility. Joining us today to discuss some of these internal vulnerabilities, and a tremendous report that details them, is Carlos Buenano, the chief technology officer of OT at Armis. We’re also excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Why AI is Your Biggest Threat and Most Powerful Ally 29:28
29:28 Play Later Play Later Lists Like Liked29:28
Play Later Play Later Lists Like LikedArtificial intelligence is an unrivaled cyber threat, but benefits are also emerging for the White Hats. We’ve talked about a lot of challenges, vulnerabilities, attacks and hacker groups on Security Breach , but no topic generates greater consternation than Artificial Intelligence, and all the questions it brings to the table. According to an IBM report, the average cost for a data breach was just under $5 million last year. But going a step further, organizations that deployed an AI-based security tools saw their breach cost over $3 million less than those without such a tool. The report also indicated that it took 74 fewer days to identify and contain such a breach versus those who were not using AI technology for cybersecurity. Additionally, IBM found that the use of AI-fueled cybersecurity strategies have increased by 11 percent since 2020. While these realizations have produced a number of answers, they’ve also created new questions. To help address those and other concerns surrounding AI in cybersecurity, we welcome Jeff Macre, an Industrial Security Solutions Architect from Darktrace to the show. Darktrace is a leading provider of incident response solutions and artificial intelligence applications. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
How a dip in reported ransomware attacks could be disguising a push to target smaller manufacturers. Today’s episode offers some new takes on a familiar topic – the rollercoaster-like dynamics of ransomware attacks. One of the latest updates comes via Kovrr and their Ransomware Threat Landscape report for the first half of 2023. The firm found that while the number of reported ransomware attacks was down, manufacturing remains atop the most attacked sectors – with nearly one out of every five ransomware attacks focusing on the industrial sector, and nearly 60 percent of targeted companies registering less than $50 million in annual revenues. The report also found a collection of the usual suspects amongst the most active RaaS groups and why manufacturers should be ready for another spike in attacks. Guy Propper, a data team lead at Kovrr, joins us to discuss these groups, how they often know more about your system than you do, and additional findings that show how these attacks have become more concentrated, more sophisticated and capable of evolving more quickly. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Quantum Computing is not a future need - how it impacts (positively and negatively) everything you want to keep secure. Instead of setting things up with data about recent attacks or stats from industry reports, we're going to dive right into this episode's topic - Quantum Computing, and its short and long-term impact on every piece of personal, intellectual and operational data your enterprise values. Join us as we welcome Skip Sanzeri (Co-Founder) and Paul Fuegner (Director of Corporate Communications) from QuSecure as we discuss what Quantum Computing is, how its cryptographic capabilities currently impact over 20 billion devices, and why the only way to combat the black hat's quantum capabilities are by implementing your own. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
How and why hackers are targeting smaller enterprises, and one organization's efforts to defend manufacturing. We all know that cyberattacks in the industrial sector continue to rise and create new production, supply chain and data management challenges throughout the industrial sector. And conversations on this podcast have covered numerous reasons as to why these numbers continue to grow, ranging from vulnerabilities being created by new IoT-based connection points and a lack of visibility within the OT infrastructure, to an insufficient number of OT security specialists and the constantly evolving nature of hackers and cyber gangs that are growing smarter and more complex. We’ve also discussed the need for transparency in sharing information related to ongoing attacks and the challenges they create, whether it be through regulation, industry standards or trade groups. Well, our guest for today offers a great example of how one company is looking to arm manufacturers with data and insight that could prove invaluable in developing and adjusting their cybersecurity plans to meet new demands. Listen to our conversation with Dawn Cappelli, former Rockwell Automation CISO and current OT CERT Director at Dragos, a leading provider of industrial cybersecurity solutions. To learn more about Dragos' OT Cert program, click here . To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 How Hackers are Targeting Vehicles and Fleets 41:31
41:31 Play Later Play Later Lists Like Liked41:31
Play Later Play Later Lists Like LikedEV charging stations, telematics and infotainment offer tremendous benefits, and security vulnerabilities. Typically, when we talk about the expanding attack surface being created by new, exciting and efficiency-driven technology, we’re referencing digital transformation’s impact on the plant floor and throughout the manufacturing enterprise. Today, pun intended, we’re shifting gears to examine another operational technology environment that will continue to have a huge impact on cybersecurity strategies and vulnerabilities throughout manufacturing – the automotive sector. Advancements in Bluetooth and other connectivity-driven functionality has turned your vehicle into a hub for communications, entertainment, commerce, and more – and the hackers know it. According to Upstream and their 2003 Global Automotive Cybersecurity Report , the number of API-focus automotive hacks increased by 380 percent last year. In this episode we discuss these trends with Shachar Azriel, Vice President of Data at Upstream, a provider of automotive cybersecurity and data management solutions for connected vehicles and smart mobility services. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
How the Industry IoT Consortium's new security framework offers a 'belt and suspenders' approach to cybersecurity. One cybersecurity topic that gets me up on the soapbox quicker than most is the need for stakeholders within the industrial sector to collaborate and share more information on cyber attacks, hacker tactics and best practices for both in warding off intrusions and understanding how to respond to them. Thankfully, more local, national and international organizations are growing in notoriety and impact to help address these evolving concerns, including this episode's guests from the Industry IoT Consortium They joined us to discuss their recently updated Industry Internet of Things Security Framework, which offers broad industry consensus on securing the IIoT environment as ICS attacks continue to escalate and ransomware attacks drain billions of dollars from the industrial sector. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Inside the Summer's Biggest Industrial Hacks 37:09
37:09 Play Later Play Later Lists Like Liked37:09
Play Later Play Later Lists Like LikedTakeaways from two unique, yet similarly damaging attacks. This episode takes a slightly different approach. Instead of a single leading voice discussing trends and strategies focused on addressing and responding to OT cyberattacks, we’re going to dive into a couple of recent hacks that impacted the manufacturing sector. We’re going to start off with Matt Radolec. He’s an incident response team lead at Varonis and host of the State of Cybercrime podcast. Matt is going to share some insights on the recent attack of watch manufacturer Seiko. Then we’re going to check in with Mike DeNapoli, the cybersecurity architect and director at Cymulate – a leading provider of attack surface management and cyber risk mitigation solutions. He’ll be offering an inside look at the recent hack of the file transfer tool MOVEit. To catch up on past episodes you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Assessing the priorities, assets and technology strategies that make cybersecurity a journey, not a destination. A recent report from OT cybersecurity solutions provider Cyolo discussed several factors related to secure remote access in the industrial sector. Specifically, it identified a lack of visibility, insufficient user education and training, and weak access control as the top three cybersecurity deficiencies currently facing Cyolo’s industrial customers – all of which were referenced by more than 50 percent of those surveyed. Cyolo also reported on the most highly implemented solutions, which survey respondents identified as defense in depth, network segmentation and multi-factor authentication. The guest for this episode is Matthew Cosnek, senior business development manager of OT cybersecurity services at Eaton – a leading supplier and manufacturer of motion control and power management systems and components. He offers some unique perspective on a number of these topics, and we were also able to delve into the growing use of artificial intelligence, secure by design initiatives, state-sponsored hackers, and much more. To catch up on past episodes of Security Breach , you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
Using data to break down silos, reverse engineer outcomes, and identify emerging threats like WormGPT. According to recent report from Trellix, 31 percent of CISOs identified a lack of buy-in and use of cyber tools as one of their leading challenges. Additionally, of those who have experienced a large security incident, significant stress to the SecOps team and major attrition from these teams were identified as the most significant impacts of a cyber attack – outranking network downtime and data loss. These findings seem to indicate how important processes, and not just tools, have become in defending an ever-expanding threat landscape. Our guest for this episode is Daniel Trivellato, Vice President of Product & Engineering at Forescout – a leading provider of tools and solutions focused on increasing SOC efficiency. He's all too familiar with these dynamics and offers some interesting takes on how to address them. The report Daniel references can be found here. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
How we're failing to properly support and train our most important cybersecurity asset. According to Nozomi Networks February 2024 OT-IoT Security Report , manufacturing was exposed to more common vulnerabilities and exposures, or CVEs, than any other sector - realizing a 230 percent year-over-year increase in this area. Addressing even a fraction of these CVEs would be daunting, which is why understanding your assets is so basic, but so vital in establishing priorities and implementing approaches best suited to your security needs. To discuss these topics, and more, we welcome Jeff Nathan, Director of Detection Engineering at Netography, a leading provider of network security solutions, to the show. Watch/listen as he discusses: How social engineering tactics play a key role in manipulating emotional responses that trigger certain actions. The phishable weaknesses of MFA, and how its workflow might not be strengthening your security posture. Limiting your blast radius. The potential of encrypting endpoint data. Why cybersecurity needs to take a more scientific approach to defensive tactics. The industry's biggest miss on AI. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Avoiding a 'Chicken Little' Cybersecurity Strategy 40:32
40:32 Play Later Play Later Lists Like Liked40:32
Play Later Play Later Lists Like LikedThreat intelligence is important, but why manufacturers should focus on risk factors first. When it comes to the industrial sector’s ongoing cybersecurity challenges, we all know that there's more to defend, but what is most concerning is that we’re not responding quickly enough to the expanding threat landscape. In case you needed proof, here are some of the recent stats from Dragos 2023 Year in Review Report. It found that: 80 percent of industrial sector vulnerabilities reside deep within the ICS network, making them difficult to see and harder to kick out. 53 percent of the advisories Dragos analyzed could cause both a loss of visibility and control. Ransomware attacks against industrial organizations increased by 50 percent last year, and Dragos tracked 28 percent more ransomware groups focused on the ICS/OT environment. Attacks were confirmed in 33 unique manufacturing sectors. 74 percent of all vulnerability advisories had no mitigation strategy. I’m not going to promise solutions for all of these challenges, but we’ve definitely found a guy interested in trying. Scott Sarris is an Information Security, Compliance and Privacy Solutions Advisor at Aprio, a leading advisory and business consulting firm. Watch/listen as we discuss: Why OT could affectionately be known as "Old Tech". The political factors impacting IT/OT divisiveness in the industrial sector, but why Scott is optimistic about the progress being made in bringing the two segments together. Why cybersecurity planning and investments needs to start with assessing and prioritizing risk. How slowing down can help ramp up security efforts. Why dwelling or living-off-the-land attacks will escalate. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Cybersecurity's Greatest Weapon - Awareness 37:27
37:27 Play Later Play Later Lists Like Liked37:27
Play Later Play Later Lists Like LikedThe sector's (forced) cyber awakening needs to focus on making it harder to be a hacker. Regardless of how complex the attack, how organized the hacker, or how advanced the tools and tactics, security solutions usually lie in very fundamental practices. So, while you might think you already know enough about segmentation strategies, framework development, asset visibility or enhanced access controls, it’s these things that get overlooked and then exploited by hackers. It’s the evolution of these little things that our guest for today’s show likes to emphasize in helping to keep the OT environment secure. Watch/listen as Brian Deken, Commercial Manager of Cybersecurity Services at Rockwell Automation offers perspective on topics that include: How increased coverage and awareness of industrial cybersecurity has helped improve OT visibility, and incited more manufacturers to take real action. Why constantly evolving simple cyber strategies, like frameworks, segmentation and access hygiene are essential. What video gamers can teach us about finding OT security expertise. The status of IT-OT convergence. The attack from which some manufacturers will never recover. The positive impacts of supply chain vulnerabilities. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
How thinking like a hacker can lead to better cybersecurity ROI and avoid the dreaded "hope" strategy. Regardless of what you might hear from some, ransomware in the industrial sector is at an all-time high in terms of frequency and cost. Zero day and day one vulnerabilities are being discovered at a historic level and patching continues to be a challenge. Asset visualization and endpoint security have become more daunting thanks to technology-driven expansions of the industrial attack surface. And then there’s AI, SBOMs and botnets all waiting to wreak havoc on the ICS. All of these factors, along with the growing complexity of the hacker community, means that industrial cybersecurity is no longer just about white and black hats. In fact, some would argue that perhaps the most important player in the cybersecurity arena now wears red. Joining us to discuss his approach to "red teams on steroids" is Guy Bejerano, CEO of SafeBreach, a leading provider of Breach and Attack Simulation tools and services. Listen as we discuss: What it means to think like a hacker, but defend like a CISO. Developing security with a focus on running a business. Connecting the dots between the technical aspects of an attack and the impact of it on the business. Improving cybersecurity ROI by demonstrating the value of closing "gaps." Focusing on known attacks, as opposed to the "ghost" vulnerabilities. The growth of collaboration between IT and OT. Why manufacturing is still susceptible to legacy attacks. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Missteps Creating 'An Internal Collection of Hackers' 41:09
41:09 Play Later Play Later Lists Like Liked41:09
Play Later Play Later Lists Like LikedCreating an OT vision, and why hackers are "like water." With hackers repeatedly demonstrating that that they play no favorites in terms of the sector of manufacturing, its location, or the size of the enterprise, detection and response strategies can be universally dissected in addressing ransomware, phishing or any number of social engineering approaches. And this data, along with the potential solutions it fuels, can be made available to the industry as a whole – not just the largest or most well-known entities. Universal problems typically generate the most response. And what I’m seeing is a much more aggressive response from big players throughout the industry – including the employer of today’s guest, Alexandre Peixoto, Cybersecurity Business Director at Emerson Automation Solutions. Listen/watch as we discuss: Why recent cybersecurity developments are less about how the hackers have changed and much more about attack surface evolution. How, why and when to bring IT into the cybersecurity conversation. How OT can learn from IT in developing a vision for ongoing cybersecurity needs. The importance of going through the cybersecurity journey, similar to digital transformation, in order to really understand needs and priorities. Why OT cybersecurity often forgets about the basics. How "hackers are like water." Tackling the legacy dynamics of SBOMs. The future role of over-the-air (OTA) software updates, and how they could impact security priorities. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Hacker insight and vulnerability updates are great, but that's only half the battle. An ever-expanding attack surface has created a number of complexities when it comes to combining the benefits of new automation technologies with the challenges of securing the OT environment and supply chain. This led Cybersixgill to predict that in 2024, more companies will adopt Threat Exposure Management, a holistic, proactive approach to cybersecurity where cyber threat intelligence is a foundational component. To discuss this perspective, and more, we sat down with Gabi Reish, Global Head of Product Development at Cybersixgill , a leading provider of industrial cybersecurity solutions. Listen as we discuss: How data breaches have grown to average $4.7M per attack in manufacturing - which is $300K more than other industries. Why the biggest benefit of threat intelligence might be gaining a better understanding of how to position cyber assets. The latest SEC regs and how disclosing incidents makes the industry better. The potential impact of virtual patching. Why some OT specialists are being asked to "predict the weather without any forecasting tools." How and why ransomware attacks are getting more complicated. "Human nature is a problem." How AI is allowing hackers to "seem more human" and why that's a huge problem. We need more technology that works like a guardrail. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
The tech that's helping social engineers expand current exploits, including credential harvesting. In this episode, we welcome Kory Daniels, CISO of Trustwave, a leading provider of industrial cyber risk solutions, to the show. The conversation spanned a number of topics, including: The double-edged sword of credential harvesting hacks. How data theft is providing greater visibility of an organization's supply chain and partners in helping cybercriminals accumulate more potential targets. The challenges of implementing and sustaining data hygiene practices. Using AI to to fill cybersecurity jobs. How new technology, like AI, is helping cybercriminals lower their operating costs. Understanding that you can't defend what you don't know or understand about your internal landscape. Embracing the benefits of IIoT, but understanding the security risks it carries. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
How prioritizing the wrong data and assets is leading to more cyber risk. When it comes to OT security, the cruel reality is that the bad guys are doing what most predators do over time – they continue to hunt and evolve. This evolution allows hackers to constantly adjust to new security protocols and more rapidly react to common vulnerabilities – often days, weeks or months before a suitable patch or solution can be put in place. It’s the black hat’s constant drive to enhance their attacks that led us to this episode's discussion and guest. I recently sat down with Rick Kaun, VP of Solutions at Verve Industrial Protection. Verve is a leading provider of endpoint security, vulnerability testing and network segmentation strategies. Join us as Rick discusses: What 'done' looks like. Why nobody wants to be a CISO right now. The opportunities represented by former military personnel coming into cybersecurity. Why there's too much attention around SBOMs ... right now. The best ways to use AI. How identifying the "crown jewels" is the most important step to protecting them, and why this is consistently overlooked. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Tech Debt and the Unsexy Side of Cybersecurity 41:53
41:53 Play Later Play Later Lists Like Liked41:53
Play Later Play Later Lists Like LikedHow the legacy of OT innovation contributes to cyber challenges. Vulnerabilities across the cybersecurity landscape are obviously trending in an upward direction. Perhaps most concerning, however, is the number of zero and one-day vulnerabilities being uncovered in key industrial control systems by many of the sector’s leading providers of software, automation and system integration services. These vulnerabilities not only open the door for potential attacks, but lend credence to other cybersecurity challenges, such as patching, proper segmentation strategies and trying to accommodate the potential downtime associated with identifying and rectifying these embedded problems. Constantine Antoniou, Cybersecurity Business Consultant in Schneider Electric's Global Cybersecurity Solutions and Services business, promises to offer a unique perspective on these challenges and potential solutions. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 What Happens When a Torque Wrench Gets Hacked 29:16
29:16 Play Later Play Later Lists Like Liked29:16
Play Later Play Later Lists Like LikedTwo recent vulnerabilities, one traditional and one frighteningly unique, could reshape industrial cybersecurity. In this episode, we’re going to dive into two recently detected vulnerabilities that could have a significant impact on the industrial sector, as they involve two companies with wide-reaching influence on manufacturers of all sizes. One involves the Siemens Automation License Manager, and the potential threats a vulnerability poses to industrial control system data security for its users. The second stems from a unique source – a Bosch assembly tool. More specifically, we’re talking about a very popular nutrunner/pneumatic torque wrench that could potentially be exploited by hackers to create extortion campaigns. We discuss these security challenges with Andrea Palanca, a security researcher at Nozomi Networks, and Eran Jacob from OTORIO. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Elevated social engineering, more connections and growing extortion amounts will drive attack growth. Late last year we discussed Lockbit’s ransomware attack on Boeing, and the ensuing “cyber incident” that resulted in a large quantity of the aerospace giant’s data being stolen. One of the experts we tapped into in breaking down the attack, and its fallout, was Tony Pietrocola. In addition to serving as the president of AgileBlue, he also heads the Northern Ohio chapter of InfraGard, which works directly with the FBI on cybercrime. You can check that Boeing episode out in our archives . In addition to his extensive knowledge on threat actors like Lockbit, Tony also has a tremendous amount of insight on ways to improve attack surface visibility, especially as hackers are beginning to utilize next-gen tools like AI. For more information on the work AgileBlue does, you can check them out at agileblue.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Coordinating patches, covering the basics and not falling for 'pinky promises.' Late last year we discussed Lockbit’s ransomware attack on Boeing, and the ensuing “cyber incident” that resulted. One of the experts we tapped into in breaking down the attack, and its fallout, was KnowBe4’s Erich Kron. You can check that episode out in our archives. In addition to his extensive knowledge on threat actors like Lockbit, Erich also has a tremendous amount of insight on a number of cybersecurity challenges that continue to plaque the industrial sector, including the human elements. His knowledge seems especially timely given that one of the most significant vulnerabilities uncovered in the last month stems from a hacktivist group using unchanged default passwords to access PLCs in water treatment facilities and manufacturing plants. Just like Colonial Pipeline and numerous other attacks, this global vulnerability started with the actions, or inactions, of a human being. This episode offers some additional insight from Erich Kron at KnowBe4. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
A former black hat offers insight on defending against hackers that "go for the throat every time." One of the mindsets shared by hackers and their corporate victims is the desire to put a successful bow on the calendar year. For you this could mean hitting a collection of shipping dates, production quantities or equipment implementations. What many are beginning to realize is that the black hat community has a number of year-end targets to hit as well. The focus on closing out orders, dealing with holiday-related slowdowns and potentially fewer employees on the plant floor often leave doors open to hackers. It’s no surprise that these dynamics often result in the last quarter of the year producing large spikes in ransomware, DDoS and credential harvesting attacks. Our guest, Matthew Wolfe, Director of Cybersecurity Operations at Impero, offers insight on these attacks and how some of his previous experiences have given him a unique take on the bad guy's tactics. We’re also excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security . To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like t As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Growing Impact of Hacktivists and State-Sponsored Groups 43:18
43:18 Play Later Play Later Lists Like Liked43:18
Play Later Play Later Lists Like LikedAccidental advancements by state-sponsored hackers are impacting ICS security, and elevating network visibility needs. Amongst the traditional threats to manufacturing enterprises and industrial control systems are the escalating roles of state-sponsored hacker groups. Refined through recent hostilities in the Ukraine and Gaza Strip, more and more cyber attacks against critical infrastructure around the world has cybersecurity experts looking beyond independent RaaS groups and malware drops. What makes these organizations so concerning is that they are more focused on stealing data and manipulating operations than extorting funds. This means the challenges associated with dwell time and asset visibility now take on even greater prominence. That’s why we’ve invited Paul Ernst to the show. Paul will call upon his military experience, as well as his current role, to help us better understand these nation-state threats and vital ICS vulnerabilities. We’re also excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore o As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
MITRE’s ATT&CK knowledgebase, and the intrusion patterns, hacker tactics and response data it provides. While there are a number of indicators showing the positive direction in which industrial cybersecurity is heading, it's still worth taking a look at some of the more alarming facts impacting our current situation. For example, Fortinet is reporting that: Three-fourths of industrial enterprises reported at least one OT intrusion in the last year. Nearly one-third of all ransomware attacks continue to target the industrial sector, with a nearly 10 percent uptick in attacks going undetected until the extortion or blackmail note arrives. Intrusions from malware and phishing attacks have increased by one-third. But there is good news. Fortinet reports that 98 percent of organizations now include its OT cybersecurity posture in briefings with executive leadership. We also know more about the bad guys today, then we ever have before, with some of this progress attributed to the work being done by today’s guests - Adam Pennington and Jake Steele from MITRE’s ATT&CK knowledge database. We’re excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Brea As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. Promoguy Talk Pills Agency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama... Listen on: Apple Podcasts Spotify Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods. Listen on: Apple Podcasts Spotify To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Perhaps the only topic that solicits a uniform response is when my guests are asked about the most important part of a cybersecurity plan. The common mantra is that there has to be buy-in throughout the organization for any plan to be successful, and it starts at the top. Obtaining C-level support is obviously vital when it comes to loosening the corporate purse strings for software, penetration testing and training resources. But beyond that, corporate leadership can set the overall tone for a company’s attitude towards cybersecurity and the threat it presents throughout the organization, not just for IT or OT personnel. This comes as no surprise to this week's guest. Frank Riccardi is he author of Mobilizing the C-Suite – Waging War Against Cyberattacks. We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Balancing The Light and Dark Forces of Technology 36:00
36:00 Play Later Play Later Lists Like Liked36:00
Play Later Play Later Lists Like LikedAs we continue to see an increase in attacks targeting the ICS, it’s about more than just the industrial sector creating cyber defense plans, cataloging connection points and shoring up vulnerabilities. The reality is that it’s going to take a communal effort to keep manufacturing – the largest single contributor to our country’s GDP – safe and secure. As we’ve learned from a legacy of attacks spanning the last decade, the tactics used and organizations behind them continue to evolve, and we’ll need some help in order to prevent and respond to attacks that impact the livelihoods of thousands up and down stream of the initial intrusion. We welcome Kimberly Cornwell, an applications engineer at Siemens to discuss how the industrial community is working to meet new and evolving industrial cybersecurity challenges. We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
The latest high-profile hack of Dole Foods reinforces the need to upgrade operational technology security, and not just for the manufacturer. The distributors, logistics providers, retailers and end-users that rely so heavily on the role manufacturing plays are beginning to understand how critical and far-reaching the effects of a production-ceasing hack can be. And so do the bad guys. According to a survey from Nozomi Networks, 63 percent of respondents classify current cybersecurity threats targeting industrial control systems as high, severe or critical. This would support findings from Fortinet that 93 percent of manufacturers responded to at least one OT intrusion between 2021-2022, and 78 percent dealt with more than three such incidents. Additionally, the firm found that 61 percent of intrusions targeted OT assets. On this episode we're joined by Carlos-Raul Sanchez, Director of Operational Technology at Fortinet, a leading provider of OT Cybersecurity solutions to discuss these challenges. We’re excited to announce that Security Breac h is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Breaking Down the Dole Foods Ransomware Attack 28:33
28:33 Play Later Play Later Lists Like Liked28:33
Play Later Play Later Lists Like LikedJoining the ranks of high-profile ransomware attacks at Nissan, Colonial Pipeline, JBS Foods, Schneider Electric and even Foxconn, is Dole Foods. The global food processor was the victim of a ransomware attack in early February that led to shutting down production systems throughout North America, and halted shipments to numerous retailers and distributors. As if this wasn’t enough to help illustrate the continuing rise in ransomware attacks on the manufacturing sector, Dragos recently reported that such attacks surged 87 percent in 2022. Joining us to discuss the Dole Foods attack, and lessons learned from it, is Travis Wong, VP of Risk Engineering and Client Services at Resilience Insurance, a leading provider of cyber risk management solutions. We're also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Air Gap Lie and The Spectrum of Extortion 39:37
39:37 Play Later Play Later Lists Like Liked39:37
Play Later Play Later Lists Like LikedWhile the growth of ransomware, phishing schemes and other nefarious cyber activities are obviously not positive developments for the industrial sector, the resulting exposure and fallout from high profile events like Colonial Pipeline, JBS and, most recently, Dole Foods, have mandated a need for more data on attack surfaces, hacker tactics and the bad actors themselves. In this episode, we'll be taking a closer look at all of these topics via findings from IBM Security’s most recent Threat Intelligence Index as we sit down with John Dwyer, Head of Research for IBM Security’s X-Force. We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com . For more information on the work IBM Security X Force is doing, you can go to www.ibm.com/security . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , reach out at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Latest Ransomware Attacks Educate, then Humiliate 27:03
27:03 Play Later Play Later Lists Like Liked27:03
Play Later Play Later Lists Like LikedOne of the on-going topics that we cover here on Security Breach is ransomware attacks. The risk of continually discussing a topic is that it can become like white noise – always present, but in the background and potentially easier to dismiss. Well, if that’s the case, recent findings from Dragos 2022 Cybersecurity Year in Review report should help to re-orient your perspective. The report indicates that ransomware attacks against industrial organizations increased 87 percent last year, and over 70 percent of all ransomware attacks were directed towards manufacturers. And Dragos is forecasting that 2023 will see more new ransomware groups materialize. Joining us to discuss some of the new concerns (Ransom House), and solutions, surrounding ransomware attacks is Wil Klusovsky, Avertium's Chief Security Architect. Avertium is a leading provider of cybersecurity strategy, response and compliance solutions. We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
When it comes to securing the industrial enterprise, a great deal of focus is being paid to what might seem like the little things – such as passwords, logins or credentials that are used to limit access to networks or data platforms. The problem has been the continued use of weak, easy to remember passwords and login workarounds that have created vulnerabilities, and contributed to numerous, successful malware, phishing and ransomware attacks. The response has been the infusion of protocols meant to strengthen these soft spots, but measures such as double-factor authentication and zero trust access have been met with resistance and the aforementioned workarounds. Capterra, a provider of software selection guides, found that restricting data access without impacting workflows, the ability to develop new security policies, and selecting zero trust vendors continue to be significant obstacles in adopting zero trust strategies. So, the tools are there, but we need to figure out more effective ways of using them. We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com Joining us to discuss some potentially new and better strategies is Tom Sego, CEO & Co-Founder of BlastWave. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Hacker's Insight: 'How Can I Make Stuff Worse' 26:46
26:46 Play Later Play Later Lists Like Liked26:46
Play Later Play Later Lists Like LikedThe potential of smarter factories driven by advanced technologies and greater connectivity is exciting … but equally daunting. That’s because in our enthusiasm to embrace all the time and cost savings associated with the machines, automation and data associated with these advancements, the industrial sector often pushes one of the most important aspects of all this connectivity into the realm of tomorrow’s problems. Well, tomorrow is here. There are over 20 billion connected devices in the industrial sector – and that’s a number projected to nearly double in the next five years. Joining us to discuss what all these connected devices will mean to cybersecurity planning is Jason Kent, Hacker in Residence at Cequence Security , a leader in API protection solutions. We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 When Seeing the Attack Isn't Enough to Stop It 25:46
25:46 Play Later Play Later Lists Like Liked25:46
Play Later Play Later Lists Like LikedWe’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com According to a recent report from security provider Barracuda Networks, 94 percent of the industrial organizations they surveyed have reported a security incident since July 2021, with 60 percent of these enterprises saying their most significant incident resulted in downtime of at least two days, with some extending longer. Couple this with previous data from IBM placing average recovery times at close to three months, and the financial and production losses alone, saying nothing of the potential IP and data loses resulting from these hacks, should be making buy-in from executives easier to obtain. And as the number of IoT-related connections, software integrations, AI-powered processes and expanded automation applications continue to grow, the need for smarter OT security tools and strategies will continue to escalate. Joining us to discuss this situation is Pete Lund, VP of Products for OT Security at OPSWAT, a leading provider of cybersecurity and infrastructure defense. For more information on the work OPSWAT does, you can go to www.opswat.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com, and if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
I usually start each episode by listing off a number of escalating and intentionally frightening statistics about the rising number of cybersecurity threats facing the industrial sector. The goal is to get your attention and reinforce how your data, operations and all of your vital assets continue to be so vulnerable. Today’s guest, however, would argue that our strategies also need to acknowledge the human factor of cybersecurity. Instead of tailoring our strategy to focus exclusively on what’s at risk, we also need to remember the people that will play such a crucial role in carrying out these strategies. The hackers are focused on people and their activities, and according to Ken Fanger at On Technology Partners, so should we. He shares a number of personal experiences about a wide range of hacks, and the personal impact of them all. For more information on the work On Technology does, you can go to www.ontechpartners.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
The numbers continue to roll in, and they’re not getting better … yet. Ransomware attack payouts continue to grow, with the average topping out at $4.5 million in 2022. Similarly, malware attacks continue to escalate and response times, due to smarter phishing schemes and harder-to-detect dormant infiltrations, are taking companies more than nine months to detect and another three months to contain. This is resulting in lost data with immeasurable value, lost business opportunities worth over $1.5 million, and additional costs associated with controlling the data breach reaching upwards of $5 million per attack. These are all stats sourced from IBM’s recent Data Breach Costs report. However, there are solutions being developed for the industrial marketplace. And joining us today to discuss some of them is Erik Gross, Redzone’s VP of Security & Application Support. Redzone is a leading provider of remote operations software and data storage and security. For more information on the work Redzone does, you can go to https://rzsoftware.com/ To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore, you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
As the world of cybersecurity continues to spawn new threats and present the industrial sector with increasingly complex prevention, detection and response needs, we’re seeing similar advancements on the white hat side of things. In an effort to combat the tactics of hackers and ransomware scammers, technology providers are stepping up with new tools and strategies. An example is Automated Control Concepts, and their AiRAID OT Cybersecurity Device. AiRAID is described as a cyber-physical security device designed specifically for industrial OT systems. I was able to catch up with Daniel Ward, Director of Cybersecurity and IIoT at the Rockwell Automation Fair last November. In addition to taking about AiRAID, we discussed some of the biggest trends impacting industrial cybersecurity and why Daniel feels the industrial sector’s state of cyber defense would pull a D+ grade. ACC is a Rockwell Gold System integrator, and if you’d like to learn more about the company, you can go to automated-control.com . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Protecting Against 'Dormant Footholds' and Knowing You're a Target 37:48
37:48 Play Later Play Later Lists Like Liked37:48
Play Later Play Later Lists Like LikedThere’s a reason the term industrial-grade is used to express the highest levels of reliability and durability for products. After all, if a material, technology or tool can handle the rigors and demands of manufacturing, chances are it can meet the needs of any other application. We’ve been through these facts before, but they’re worth repeating. IBM has cited manufacturing as the number one target for cyberattacks. The FBI is expecting a 400 percent increase in phishing attacks. The average ransomware attack demand has nearly tripled in the last two years. It’s fair to say that these attacks will continue to get more complex and occur even more frequently. So, the strategies and software successfully implemented by manufacturing could serve as a model for countless other industries, institutions and individuals to emulate. One of the companies looking to enhance all these vitally essential cybersecurity protocols for the most important sector of our global economy is Rockwell Automation. And joining us today from Rockwell is Quade Nettles, Cybersecurity Product Manager at Rockwell Automation. For more information on the work Rockwell does, you can go to rockwellautomation.com . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
As the saying goes, it’s the little things that kill. And in cybersecurity, that little thing can be as innocent as a singular mouse click on the wrong URL from a familiar-looking email. A recent report from Trend Micro shows that 75 percent of all cyberattacks start with phishing emails – or messages made to look like a non-threatening communication from a colleague, vendor or trusted source, but containing links meant to abstract vital personal data. Additionally, research from Cybertalk.org states that about 90 percent of data breaches are the result of phishing schemes, and the FBI is projecting a year-over-year increase of 400 percent for these types of attacks. Finally, cybersecurity software and services provider Mimecast found that 96 percent of respondents to their survey acknowledged having faced some form of phishing attack in the past year. The key is to not associate the tool too closely with the evil intentions of hackers. Email remains a highly efficient and vitally important communication tool – but one that requires greater diligence than in the past. Joining us to discuss this situation is Fleming Shi, Chief Technology Officer at Barracuda Networks, a leading provider of data security products and services. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach us at jeff@ien.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
The MIT Technology Review Insights recently reported that midsize companies, which would mean manufacturing enterprises with annual revenues of between $200 - $700 million, were almost 500 percent more likely to be targeted now, than just two years ago. Similarly, Fortinet has released findings indicating that 93 percent of manufacturers have had to respond to at least one intrusion targeting operational technologies within the last 12 months, and 78 percent have experienced multiple attacks. Remember, if U.S. manufacturing were its own country, it would have the eighth largest GDP in the world, and the lifeblood of this sector is the small and midsized manufacturer. Keeping these businesses running without operational disruption, intellectual property theft or employee data theft has never been more important as we continue to struggle with inflation, logistics challenges and supply chain disruptions. Joining us to discuss this situation is Jeff Engle, Chairman and President of Conquest Cyber, a leader in industrial cybersecurity solutions and services. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 A Little Social Engineering Goes a Long Way 20:32
20:32 Play Later Play Later Lists Like Liked20:32
Play Later Play Later Lists Like LikedRecent data from cybersecurity software and services provider Mimecast offers some depth on the rising concerns presented by phishing attacks, with 96 percent of respondents acknowledging that their organization has faced some form of phishing attack in the past year. Additionally, this tactic is believed to be responsible for 36 percent of data breaches – with 84 percent of U.S. organizations have reported phishing or ransomware attacks in the past 12 months. And speaking of ransomware, the average payment climbed to $570,000 during the first half of 2021, up more than $200,000 from the previous year. Analysts predict that the frequency of these attacks will rise to one every two seconds. Joining us to discuss what industrial organizations can do in response to these growing threats is Joe Tibbets, Senior Director of Technology Alliances & API at Mimecast. For more information on the work Mimecast does, you can go to mimecast.com. If you’ve got a cybersecurity story to share or topic you’d like to have us cover, feel free to contact me at jeff@ien.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Embracing The Devil Inside to Stifle Hackers 20:53
20:53 Play Later Play Later Lists Like Liked20:53
Play Later Play Later Lists Like LikedOne of the mantras that I’ve clung to from my childhood is drawn from one of my favorite toys and shows – GI Joe. Duke, Snake Eyes and the rest of the Joes always reinforced that “Knowing is half the battle.” If that’s truly the case, then the industrial sector still has a ways to go in fully combatting the impact of cyber attacks, and shoring up their cyber security strategies. Insurance provider Travelers has unveiled their most recent Risk Index Survey, with cybersecurity ranking as the single biggest business concern. Included in their findings was that 57 percent of respondents think an attack is inevitable – with their biggest fears, in order, being a security breach, system glitch or ransomware attack. Joining us to discuss these ongoing concerns and some of the simple solutions to help ward off these attacks, is Kirstin Simonson, Technology Lead at Travelers. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 No Place to Hide When You Have Money and Data 21:46
21:46 Play Later Play Later Lists Like Liked21:46
Play Later Play Later Lists Like LikedOn a daily basis I see a tremendous amount of data and research flow through my inbox, but a recent report from Rackspace Technology really caught my attention. According to a recent survey performed by this provider of multi-cloud services and security, two of the top cybersecurity challenges facing companies is a shortage of workers with cybersecurity skills – listed by 39% of respondents, and a lack of visibility of vulnerabilities across all infrastructure – listed by 42% of respondents. While skills gap issues permeate throughout all sectors of the manufacturing landscape, it’s simultaneously encouraging and chilling to see that nearly 2 in 5 companies know they need more cybersecurity expertise, but are unable to find it. Similarly, there are some positive takeaways from seeing that enterprises are aware of their lack of knowledge to key vulnerabilities, but concerning that such a higher percentage are dealing with this kind of problem. Both findings help reinforce the dangerous times in which the industrial sector continues to operate. Joining us to discuss this situation is Gary Alterson, Vice President of Security at Rackspace Technology. For more information on the work Rackspace does, you can go to rackspace.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 From Attacking ISIS to Industrial Controls - Is GhostSec a Hacktivist or Threat? 22:12
22:12 Play Later Play Later Lists Like Liked22:12
Play Later Play Later Lists Like LikedGhostSec describes itself as a hacktivist group. Formed around 2015, the organization’s initial focus was shutting down ISIS websites and infiltrating their social media platforms. Recently, the organization has been linked to politically-motivated attacks involving PLCs and other industrial controls in Israel, Iran and Russia. All of which have focused on vulnerabilities found within industrial equipment controls. The biggest question for the industrial community is if GhostSec can show others how relatively simple it is to take control of industrial control systems – will those learning from GhostSec take it to another level? Joining us to discuss this situation is Matan Dobrushin, VP of Research at OTORIO. Based in Israel, the company is a leader in industrial cybersecurity solutions and services. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Darknet Diaries Host Lifts the Veil on Cyberattack Secrecy 28:01
28:01 Play Later Play Later Lists Like Liked28:01
Play Later Play Later Lists Like LikedIronically enough, one of the biggest challenges surrounding cyber defense in the industrial sector is a lack of data – data about the attacks, the attackers, their tactics and how they were able to successfully orchestrate the onslaught of ransomware, phishing and malware schemes that are costing manufacturers millions of dollars and priceless amounts of downtime. Working to overcome the lack of transparency is the focus of today’s guest. Jack Rhysider is the host and founder of the Darknet Diaries podcast, where he takes listeners on a journey through the world of hacking, data breaches, and cybercrimes. He’s talked to hackers, phishing scheme experts, NSA agents, penetration testers and just about any other player you can imagine. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
Welcome to Security Breach. Today we’re going to discus a vulnerability within the industrial sector that is essentially a product of progress. The enhanced data sharing capabilities and operational efficiencies that have been realized in establishing an estimated 20 billion device connections in manufacturing enterprises around the globe have come at a price for some. In the sector’s zeal to push forward with digital transformation plans and realize the benefits of automation, software and data-driven production schemes, all of these connection points offer a soft spot for hackers to probe and pinpoint in launching various types of attacks. Joining us to discuss this evolving situation and offer some in-depth analysis from his company’s recent report – The API Security Disconnect - is Filip Verloy, Technical Evangelist at Noname Security. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Today we’re going to discuss an evolving vulnerability in the industrial sector – the security of cloud data and networks. We’re obviously talking about the use of IT infrastructure that’s not physically located within the plant or facility. It’s a platform that is continuing to see an uptick in use. In fact, Netwrix , a leading cloud network security solutions provider, recently cited in their latest Cloud Data Security Report, that organizations expect to increase the amount of work done in the cloud from 41 percent to 54 percent by the end of 2023. More specifically, this means an increased reliance on cloud storage for corporate financial information and intellectual property. And while this is good news to cloud service providers, they’re apparently not the only ones enjoying this trend. Netwrix also cited that 53 percent of those surveyed suffered a cyberattack targeting their cloud network within the last 12 months. But perhaps the most frightening statistic from the report is that despite these findings, 78 percent said they were satisfied with their cloud security. Joining us to discuss these findings and the current state of industrial cybersecurity is Dirk Schrader, VP of Security Research at Netwrix. For more information on the work Netwrix does, you can go to netwrix.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 When Cyber Gangs 'Get Loud' - Responding to Dynamite Panda, LockBit and Others 23:57
23:57 Play Later Play Later Lists Like Liked23:57
Play Later Play Later Lists Like LikedWhen discussing the industrial sector’s threat landscape, we often detail events that result from vulnerabilities discovered by hackers probing for soft spots within an organization’s networks, connected infrastructure or data storage centers. However, taking a look at Nuspire’s latest Threat Landscape Report reiterates the need for manufacturers to keep their defenses up even when working with documents, files or websites that would appear to have limited interest from hackers and no connection points to outside parties. Nuspire reported a 28 percent increase in malware attacks – or about 52,000 detections a day during the second quarter of 2022. While many are being detected and blocked before being seen by the user, some are getting through by disguising themselves as add-ons or support tools for Microsoft Office documents. Once the user clicks for additional information within these software programs, which contain embedded on-line connections in providing legitimate support and downloadable tools, the malware is downloaded, providing a gateway to any and all of that user’s network, cloud, system and software connections. During this same period, the company reported a 100 percent increase in botnet activity – reaching a rate of nearly 20,000 attacks per day. This form of malware attaches itself to web pages and emails. Once it is unintentionally downloaded via the targeted user clicking on a link or agreeing to download a false asset, the bug can log keystrokes in stealing login and other personal information that often feeds into ransomware attacks. Joining us to discuss these ongoing threats is Mike Pedrick, VP of Cybersecurity Consulting for Nuspire – a leading managed security services provider. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Lessons Learned from DarkSide and the Solar Winds Hack 22:52
22:52 Play Later Play Later Lists Like Liked22:52
Play Later Play Later Lists Like LikedWhen the Eastern European hacker group DarkSide shut down the Colonial Pipeline in May of 2021, the ramifications were felt across numerous landscapes. In addition to impacting air travel and triggering panic over gasoline availability, the six-day interruption of fuel to much of the Eastern United States led to one of the highest profile ransomware payments in recent history. Although law enforcement was able to track down and recover more than half of the $4.4 million in Bitcoin that Colonial paid the ransomware attackers, two critical points had been made: the U.S. industrial sector was vulnerable, and they were willing to pay to restore operations. In support of the increasing concerns facing the industrial sector’s cybersecurity needs, IBM recently reported that manufacturing overtook financial institutions and insurance providers in becoming the most targeted industry by cyber criminals in 2021. Joining us to discuss this ongoing threat is Eric Ervin, Global Director for Utilities and Manufacturing at 1898 & Company, a leading provider of data management and business consulting services. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Growing (and Frightening) Complexity of Ransomware Groups 16:27
16:27 Play Later Play Later Lists Like Liked16:27
Play Later Play Later Lists Like LikedTenable recently released their Ransomware Ecosystem white paper. So we sat down with Satnam Narang, a research engineer focused on security response at the company, to discuss some its findings, including: The FBI estimates that between 2013 and 2019, ransomware groups collectively earned over $144 million. That number skyrocketed in in 2020 with these groups reportedly raking in $692 million collectively. According to U.S. government data, the first half of 2021 saw ransomware payments reach just under $600 million in the first six months, which included a record amount of $40 million paid out by an insurance company. And you can probably guess that these reported amounts are a fraction of the true total being paid to ransomware attackers and groups. Additional data is available by downloading the white paper here . For more information on the work Tenable does, you can go to www.tenable.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
A great deal of cybersecurity attention, and rightfully so, is paid to the role of defending against and responding to outside attackers. However, just as important to establishing and reinforcing cyber plans is ensuring that internal vulnerabilities are not created or made easier to detect through systems, networks and new technologies that are introduced to the industrial infrastructure, albeit with the best of intentions. However, the influx of handheld devices and mobile computing power can lead to the unintentional injection of numerous cybersecurity issues. One only needs to look at the history of the Stuxnet virus for proof of how something as simple as a USB stick can lead to massive and often irreparable damage. To help lend some insight on such potential security issues is Todd Greenwald. He serves as the president of Heartland – a McHenry, Illinois-based company that works with the industrial sector to improve business operations through technology integration, process implementation and network redesign. Heartland’s specialties include wireless infrastructure, network security, mobile computing, automated data collection systems, and more. For more information on the work Heartland does, you can go to www.heartland-usa.com. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Latest Tools of Choice for Hackers: Raspberry Robin and BlackCat 12:03
12:03 Play Later Play Later Lists Like Liked12:03
Play Later Play Later Lists Like LikedWhat else can we say as it relates to the industrial sector and the cybersecurity threats that continue to present themselves, other than – the battle wages on. The value of the sector’s IP, the plethora of personal information and the vital need to maintain uptime makes manufacturing a favorite target of hackers. And as those in the financial and healthcare markets know all too well, recognition of the threat only seems to spur the creation of new and better weapons focused on wreaking havoc. So, joining us today to discuss some of the latest threats to hit the industrial sector is Lauren Podber – she’s a Principal Intelligence Analyst at Red Canary, firm that specializes in managing cybersecurity endpoint detection, planning and response. They were also among the first to assess the first threat we’re going to discuss – Raspberry Robin. For more information on the work Red Canary does, you can go to www.redcanary.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Preventing Ransomware Attacks Through Cyber Maintenance 18:11
18:11 Play Later Play Later Lists Like Liked18:11
Play Later Play Later Lists Like LikedThere were a lot of trends emanating from the mid-1980s that thankfully died out over time, but one of them has not only persisted, but thrived. Although there were numerous samples of malware impacting early computer networks, the one that captured both headlines and the admiration of cyber criminals was the PC-Write Trojan virus. Iterations would follow, with perhaps the best known example of industrial malware – Stuxnet – being introduced about 25 years later. It would be topped by WannaCry Ransomware just seven years after that. In all these cases, bad actors were able to probe vulnerabilities, identify weak spots, and exploit these lapses in erasing data, eliminating access, or promising more extensive damage if their monetary demands were not met. These viruses, worms and malicious coding is still present today, and those armed with this malware have gotten smarter, their attacks more complex, and their search for victims more intense. The industrial sector and municipal utilities, with their combination of lucrative IP, essential production models and lagging security protocols, have become a favorite target. Joining us today to help navigate this minefield of bad actors is Marty Edwards. He’s the Vice President of OT Security at Tenable – a leading provider of infrastructure and cloud network software and security solutions. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Cyber Hygiene and Putin's Army of Criminal Hackers 18:00
18:00 Play Later Play Later Lists Like Liked18:00
Play Later Play Later Lists Like LikedThe rise in ransomware attacks throughout the industrial sector has led to a surge in another, related activity – the purchasing of cyber insurance to help soften the blow of these attacks. But today’s guest emphasizes that beyond just insurance to cover the costs of these intrusions, the manufacturing sector needs to implement more proactive strategies that encompass prevention and recovery. I’m pleased to welcome Allen Jenkins, VP of Cybersecurity Consulting at InterVision to this episode of Security Breach. InterVision is a leading provider of services focused on enterprise network security. For more information on the work InterVision does, you can go to www .intervision.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Revisiting the JBS Ransomware Attack One Year Later 14:57
14:57 Play Later Play Later Lists Like Liked14:57
Play Later Play Later Lists Like LikedJBS Foods is a $30B meat processor that most people didn’t know about until they paid ransomware attackers REvil $11M last June in order to get plants in the U.S. and Brazil up and running, and prevent what is believed to be up to 5 TB of data from being leaked. According to SecurityScorecard.com, the hackers obtained leaked credentials from employees in Australia and began probing the company’s network and extracting data three months prior to issuing their demands. SecurityScorecard estimates that over 20 percent of food companies have a known vulnerability, and nearly 400 have suffered a breach and/or attack. To help shed some light on these vulnerabilities, and how to prevent or respond to them, we’re excited to welcome Matt Parsons, Director of Network and Security Product Management at Sungard Availability Services to the program. Sungard is a leading provider of network and cloud computing security services. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Security Breach: 'The Edge Always Goes to the Attacker' 49:35
49:35 Play Later Play Later Lists Like Liked49:35
Play Later Play Later Lists Like LikedEmbracing the 'not if, but when' mindset. Cybersecurity solutions provider Trellix recently unveiled their 2023 Voice of the CISO report. Among other topics, it explored the top 5 challenges cited by Chief Information Security Officers who responded to the Trellix survey. In order, they included: Too many different sources of information. A growing attack surface created by remote workers, increasingly complex supply chains and other social and business factors. Changing regulatory mandates. Difficulties retaining and recruiting staff with the necessary security skills. A lack of buy-in from other parts of the company. These results not only help shine a light on the universal complications of defending IT and OT environments, but the importance of having such conversations in the light of day. Proactive measures and universal support needs to be a priority in order to accurately respond to the evolving regulatory and business continuity efforts that surround industrial cybersecurity. Joining us to discuss these and other topics is Karan Sondhi, Trellix’s Chief Technology Officer. Trellix is a leading provider of Extended Detection and Response strategies. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
How a global manufacturer learned from past attacks, and the most critical benefit of security tools. IBM research shows a 33 percent increase in cyberattacks against manufacturing companies between 2021-2022. Of those, according to IBM, 44 percent occurred because industrial companies failed to apply the appropriate software patches. With this in mind, it’s not a surprise that additional data from The 2023 OpenText Cybersecurity Threat Report found that manufacturing is the leader in terms of rate of malware infection – coming in at a rate that is more than 55 percent higher than the average for all industry verticals, including healthcare, banking and education. A lack of endpoint protection via patching, simple firewalls and additional security protocols continue to be issues throughout the industrial sector. Randy Powell, director of cybersecurity at Rheem Manufacturing, a leading provider of HVAC equipment and hot water heaters, discussed all this and more on our latest episode of Security Breach . To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Growing Problem of 'Insecure by Design' 41:30
41:30 Play Later Play Later Lists Like Liked41:30
Play Later Play Later Lists Like Liked"It just boggles the mind that things that are so important to how our world works are so shockingly unprotected." According to ABI Research, less than five percent of critical industrial infrastructure is monitored for threats. The company also reports that by 2030 industrial environments will house more than 1.2 billion connection points for machines and production systems. So, while it’s impossible to be in all places at all times, this growth in connectivity will place a greater strain on security resources even after prioritizing data and network assets, and focusing on the most pressing potential vulnerabilities. Throw in data from Rapid, the largest API hub in the world, showing that over 60 percent of API users are in manufacturing, and it becomes easy to understand how the industrial attack surface continues to expand and create new opportunities for the bad guys. These are dynamics that our guest for today’s episode knows all too well. Huxley Barbee is the Security Evangelist at runZero, a leading provider of cyber asset management solutions. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Netskope Threat Labs , a leading provider of threat analysis and cyber defense strategies for cloud-based vulnerabilities, recently published their most recent Threat Labs Report. Findings specific to manufacturing include: Cloud-delivered malware increased from 32 percent to 66 percent in the past twelve months, led by downloads from popular apps like Microsoft OneDrive, Google Drive and Gmail. The report showed that 94 percent of users downloaded data from an average of 17 different cloud apps each month. Over the past twelve months, the number of users uploading to cloud apps in manufacturing increased 27 percent. Emotet, AgentTesla, and BlackBasta were among the top malware and ransomware groups targeting manufacturing in the past twelve months. Malware described as file-based exploits saw a significant uptick in use by these black hat organizations. Our guest for today’s episode is Netskope's Threat Labs Director Ray Canzanese. He offers some insight on how the industrial sector can continue to utilize the cloud without negatively impacting security. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
The latest tools and technology needed to create and defend your data fortress. A couple of recent ransomware attacks offer perspective on evolving cybersecurity concerns within the industrial sector Gentex is a Michigan-based manufacturer of electronic safety systems for the automotive sector. They were attacked by a ransomware gang called Dunghill, which is believed to be a rebranded version of the Dark Angels ransomware gang that had historically targeted the gaming and consumer electronics industry. In early May, global industrial component and infrastructure systems manufacturer ABB confirmed that it had also been the victim of a ransomware attack. The group Black Basta reportedly hit the company’s Windows Active Directory, disrupting hundreds of devices. The takeaways from these attacks are that ransomware groups continue to evolve, and in doing so are looking to hit new and more lucrative markets. The industrial sector, as you all know, certainly checks this box. These are dynamics that our guest for today’s episode, Erik Alfonso Nilsen, Chief Technology Strategist at Flexxon, knows all too well. We’re excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Vital defensive tactics that go beyond the attacker. The sensor and communication technology associated with remote monitoring has proven to be both a time-saving and productivity enhancing tool, as well as a potentially debilitating cyber defense vulnerability for the industrial sector. The issues stem from a combination of internal failures and the evolution of highly innovative criminals, which was recently assessed in Cyolo’s State of Industrial Secure Remote Access report Their report shows that larger industrial organizations can have over 50 remote users every day. This quantity of off-site employees logging into industrial control systems reinforces the top three areas of deficiency – a lack of visibility, insufficient user training, and weak internal access controls. Our guest for today’s episode, Kevin Kumpf, Chief OT/ICS Security Strategist at Cyolo, will offer some color on these challenges, as well as some potential solutions. We’re excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Impressive and Terrifying Evolution of Ransomware Gangs 34:39
34:39 Play Later Play Later Lists Like Liked34:39
Play Later Play Later Lists Like LikedHow hackers are targeting ERP systems and automating more attacks. Adding to the data supporting a surge in cyber-criminal activity is the FBI Crime Compliant Center’s most recent Internet Crime Report. The IC3 data shows that while the number of reported complaints actually dipped by about five percent last year, the financial losses directly attributed with Ransomware, Phishing and other attacks increased by 49 percent – totaling over $10.3 billion. The report goes on to state that, “we know not everyone who has experienced a ransomware incident has reported to the IC3." The report also called out the top three ransomware groups as LockBit, Blackcat, and Hive – none of which are new to the Security Breach audience. These hacks, and the hackers involved, are all to familiar to JP Perez-Etchegoyen. He serves as the Chief Technology Officer for Onapsis, a leading provider of integrated cybersecurity offerings. In this episode he offers an in-depth look at new challenges and solutions focused on the ransomware pandemic. We’re excited to announce that Security Breach is being sponsored by Pentera . For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io. To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Humans, 'Promiscuous Devices' Creating More Threats 26:47
26:47 Play Later Play Later Lists Like Liked26:47
Play Later Play Later Lists Like LikedHow increasingly complex attacks might demand taking humans out of the cybersecurity loop. First published in 2014, the National Institute of Standards and Technology (NIST) recently announced updates to its Cybersecurity Framework (CSF). The goal of version 2.0 of the CSF is to better integrate areas like supply chain risk management and governance. All of these measures would appear tailored towards greater inclusion of the industrial sector, and many of its unique challenges. And the timing couldn’t be better. According to Proofpoint’s 2023 Voice of the CISO report, 76 percent of industrial sector chief information security officers feel their organization is at risk for a cyber attack within the next 12 months. Our guest for today’s episode is Ethan Schmertzler, CEO of Dispel, a leading provider of secure access solutions for industrial control systems. We’re also excited to announce that Security Breach is being sponsored by Pentera . For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
Credential harvesting, backdoor attacks and staying on top of who or what is logging into your networks. While more connection points can create more security soft spots for industrial enterprises, it’s no surprise that hackers would generally prefer to log in, as opposed to break in. It’s rumored that credential theft via phishing schemes is how attackers were able to infiltrate Colonial Pipeline. And as the industrial sector has added more technology, perhaps the greatest overall vulnerability is the login process. Our guest for today’s episode is Venkat Thummisi, CTO and Founder of Inside-Out Defense. He offers some first-hand expertise on the hows and whys of access abuse. We’re also excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io. To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Bad Guys Are Salivating Over Manufacturing 43:18
43:18 Play Later Play Later Lists Like Liked43:18
Play Later Play Later Lists Like LikedInside the resurgence of ransomware attacks and the rise of billion-dollar "unicorn" hacker gangs. Believe it or not, there was a time in recent history when we actually experienced a reprieve in ransomware attacks. According to a report from Black Kite, a leading provider of third-party risk management and cyber intelligence, a number of factors contributed to a flattening of ransomware attack frequency in late 2021 and into 2022. Unfortunately, the bad guys evolved and ransomware attacks have surged in early 2023, with the number of ransomware victims in March of this year coming in at nearly twice that of April 2022, and 1.6 times higher than last year’s highest monthly total. New players like Black Basta, as well as new strategies from well-known adversaries like LockBit once again brought manufacturing to the top of the list of favorite targets. According to the report, manufacturing represented nearly one out of every five attacks. Our guest for today’s episode is Jeffrey Wheatman, a Cyber Risk Evangelist at Black Kite. We’re also excited to announce that Security Breach is being sponsored by Pentera . For more information on their cybersecurity solutions, you can go to Pentara.io . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 More than Security, Cyber Defense Is 'Life Safety' 35:18
35:18 Play Later Play Later Lists Like Liked35:18
Play Later Play Later Lists Like LikedStrategies for breaking down IT silos in learning how people, devices and networks can be attacked. Providing a significant assist to transparency efforts in cybersecurity is the Strengthening American Cybersecurity Act, which was signed into law in March 2022. Unlike other regulatory efforts focused on updating network security, or mandating agencies like CISA (Cybersecurity and Infrastructure Security Agency, which falls under the Department of Homeland Security) to develop cybersecurity plans, it requires “critical infrastructure entities” to report “substantial cyber incidents” within 72 hours, and any ransomware payment within 24 hours. In addition to regulatory efforts and compliance, a bigger challenge, and one we’ve begun covering more here on Security Breach , is the significant lack of internal OT cybersecurity expertise within the industrial sector. In general, this can be attributed to too many manufacturers feeling their IT security personnel can also be used on the OT side. This happens without an appreciation for how different the technology and operating environment is, and how a cut-and-paste approach will leave too many doors open to hackers. Recent findings from Fortinet show that 67 percent of OT security leaders come from an OT engineering background. Knowing how to implement and connect OT technology does not make one an expert on keeping it secure. To discuss these and other issues, like IT/OT silos and the impacts of ransomware, we're excited to have Debbie Gordon join us on this episode of Security Breach . She's the founder and CEO of Cloud Range, a leading provider of OT/ICS cyberattack simulations and training . We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Why cybersecurity is all about ROI, and other "unsexy" stuff on which to build your defenses. In previous episodes of Security Breach , we’ve discussed penetration testing, ethical hackers, cataloging connection points, and getting a handle on all those API connections. These strategies are centered on developing defenses that reduce your attack surface, make attackers easier to spot, negate the dwell time of black hats looking to live inside your networks, and hopefully much more. While obtaining all this data is critical, the next challenge is understanding what to do with it in forming a stronger cyber defense plan. This is where it gets tricky. A lack of OT security expertise continues to permeate throughout the industrial sector. Throw in some cloudy and somewhat limited regulatory guidance, and knowing exactly what steps industrial cybersecurity leaders should take after getting all this data is even more complex. Our guest for this episode not only understands these dynamics, but confronts them on a daily basis. Brian Haugli is a former CSO and cybersecurity leader for the Pentagon, as well as professor of Cybersecurity at Boston College. He currently serves as the CEO of SideChannel , a cybersecurity services firm that offers risk assessments, virtual Chief Information Security Officers, and more. We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Hackers Want to Steal, Extort Competitive Advantages 35:27
35:27 Play Later Play Later Lists Like Liked35:27
Play Later Play Later Lists Like LikedSupply chain management has always been a priority for the industrial sector, but over the last three-plus years, its importance has been elevated for numerous reasons. The problem, from a cybersecurity perspective, is that as soon as an operational area starts to garner more attention, it also becomes a hotter target for hackers. Elise Manna-Browne, director of advisory services at Novacoast, a leading provider of cybersecurity intelligence and response solutions, is all too familiar with this dynamic. She joins the show to discuss how to prioritize risks and identify hackers like Industrial Spy and RansomHouse, while empowering employees and addressing partner pressures when facing a cyber attack on your supply chain. We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 An Unlikely Assist from Ransomware and the Looming Threats of AI 36:26
36:26 Play Later Play Later Lists Like Liked36:26
Play Later Play Later Lists Like LikedOne of the biggest challenges surrounding industrial cybersecurity is the size of the attack surface that must be monitored, assessed, and constantly updated in order to evolve with the rising number of complex threat actors. Throw in a growing number of connection points, APIs and new and legacy network component combinations, and the complexity only grows. This makes improving visibility within the OT system not only vitally important, but a seemingly enormous concern. Dragos recently reported that up to 80 percent of OT security personnel lack complete OT system visibility. Our guest for this episode, Moty Kanias, VP of Cyber Strategy and Alliances at NanoLock Security, has seen firsthand the type of catastrophic results this lack of visibility and OT-specific security expertise can create. We’re excited to announce that Security Breach is being sponsored by Rockwell Automation . For more information on their cybersecurity solutions, you can go to rockwellautomation.com To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
The industrial sector continues to be a hot target for hackers. Ransomware, malware and phishing attacks all continue to escalate in both frequency and potency. The on-going mixture of new technologies with legacy systems invites attention, and the reality is that it continues to pay dividends for hackers and ransomware groups. However, there are solutions. One of which is to work with good guys who can think like the bad guys. It's an approach this episode's guest, Andra Zaharia, Head of Content & Community at Pentest-Tools.com, has used to help some of the largest manufacturers in the world. We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com . To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
You’ve probably heard a number of reports citing ransomware as the leading attack strategy within the industrial sector. In some instances, it’s been reported that ransomware groups are focusing as much as 70 percent of their activity on manufacturing enterprises. In one report from ICS security specialist Dragos , it was reported that 65 percent of all attacks thrown at the industrial sector were of the ransomware variety. And according to this episode's guest, cybersecurity attacks like these are never a one-and-done occurrence, meaning on-going vigilance against ransomware criminals and the like require on-going security diligence. Greg Scasny is the CTO of Blueshift Cybersecurity , a provider of security solutions focused on helping small and medium-sized enterprises develop and maintain a security posture that simultaneously defends against attacks while working to preserve ongoing operations. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 'The Industry's Attack Surface Has Exploded' 18:34
18:34 Play Later Play Later Lists Like Liked18:34
Play Later Play Later Lists Like LikedThe surge in cyberattacks experienced by the industrial sector has been credited to a number of issues ranging from outdated security software to lagging protocols surrounding data access and storage. But, according to today’s guest, one of the main reasons we’ve seen an uptick in these attacks could simply be because they’re more profitable. Joel Burleson Davis is the CTO of SecureLink – a leading provider of secure access management solutions. He notes that in addition to manufacturing being the second-most targeted sector, it offers the largest average payout for ransomware attacks. So the industrial sector now faces the multi-faceted realities of attacks that are more complex, Russian hackers more emboldened by the Ukrainian conflict, and a greater number of vulnerabilities stemming from an uptick in connected devices throughout manufacturing. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 DDoS Attacks (Part 1): 'They're Super Easy and Free' 12:25
12:25 Play Later Play Later Lists Like Liked12:25
Play Later Play Later Lists Like LikedThe industrial sector knows all too well about the need to innovate product offerings and production strategies in order to stay ahead of the competition. Unfortunately, the same can be said for cyber criminals looking to either steal information or hold your data, manufacturing capabilities, or intellectual property for ransom. Just as you continue to develop new strategies to respond to hacks and protect you digital presence, these bad actors are continuing to update and enhance their schemes in order to improve the success rate of their attacks. In an effort to help counter these bad actors and stay a step ahead, NETSCOUT Systems recently unveiled their bi-annual Threat Intelligence Report. It offers insight on the continued threats presented by Distributed Denial of Service and ransomware attacks. To help walk us through the report and offer additional insight on some of the new tactics being utilized to carry out these legacy cybersecurity attacks is NETSCOUT’s Threat Intelligence Lead, Richard Hummel. For more information on the work NETSCOUT does, you can go to netscout.com . And to get a look at their recent report, you can go to https://www.netscout.com/threatreport To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 DDoS Attacks - (Part II): Preparation is Prevention 12:21
12:21 Play Later Play Later Lists Like Liked12:21
Play Later Play Later Lists Like LikedThe industrial sector knows all too well about the need to innovate product offerings and production strategies in order to stay ahead of the competition. Unfortunately, the same can be said for cyber criminals looking to either steal information or hold your data, manufacturing capabilities, or intellectual property for ransom. Just as you continue to develop new strategies to respond to hacks and protect you digital presence, these bad actors are continuing to update and enhance their schemes in order to improve the success rate of their attacks. In an effort to help counter these bad actors and stay a step ahead, NETSCOUT Systems recently unveiled their bi-annual Threat Intelligence Report. It offers insight on the continued threats presented by Distributed Denial of Service and ransomware attacks. To help walk us through the report and offer additional insight on some of the new tactics being utilized to carry out these legacy cybersecurity attacks is NETSCOUT’s Threat Intelligence Lead, Richard Hummel. For more information on the work NETSCOUT does, you can go to netscout.com . And to get a look at their recent report, you can go to https://www.netscout.com/threatreport To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
In this episode we welcome Theo Zafirakos, the Chief Information Security Officer at Terranova Security, to discuss is company's recently report indicating that the success of phishing schemes continues to escalate. Their findings include data showing that: Nearly one in every five end users (19.8 percent) who received a phishing simulation email clicked on the initial message’s phishing link. 14.4 percent of all end users failed to recognize the simulation’s resulting webpage as unsafe, and clicked on the malicious file’s download link. This means that the number of initial clickers who ended up downloading the phishing simulation’s webpage file exceeded 70 percent. The growing number of remote workers, combined with the amount of personal and enterprise-level data that can be obtained makes the industrial sector an increasingly appealing target. Going forward, the security firm feels that the industrial sector will need to do more to increase worker awareness of these attacks in understanding how to respond, or more importantly, how not to react to the messages these attackers use. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
If there’s one thing that has become very apparent in dealing with cybersecurity issues throughout the industrial sector, it’s that responding to these challenges means taking a look at things from a different perspective. Well, that’s what we have with this episode. I recently sat down with Johnny Young, a 35-year veteran of industrial IT and cybersecurity. He’s embraced his role as JohnE Upgrade and launched CyberD.TV - a streaming subscription service devoted to providing comprehensive cybersecurity training. What follows is the first of two episodes featuring JohnE. Here he talks about some of the basic, yet vitally important measures every employee can take in guarding against any number of cyberattacks. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
If there’s one thing that has become very apparent in dealing with cybersecurity issues throughout the industrial sector, it’s that responding to these challenges means taking a look at things from a different perspective. I recently sat down with Johnny Young, a 35-year veteran of industrial IT and cybersecurity. He’s embraced his role as JohnE Upgrade and launched CyberD.TV - a streaming subscription service devoted to providing comprehensive cybersecurity training. What follows is the second of two episodes featuring JohnE. Here he talks about some of steps companies can take in guarding against any number of cyberattacks. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 Ransomware, Log4J and When — not if — You're Hacked 14:01
14:01 Play Later Play Later Lists Like Liked14:01
Play Later Play Later Lists Like LikedWhether it's the infamous Colonial Pipeline ransomware attack last summer, or an ongoing number of water treatment facility hacks, there’s no doubt that infrastructure facilities have become a favorite target of cyber criminals. In fact, according to a recent report from Skybox Security , the first half of 2021 saw a 46% year-over-year increase in new OT vulnerabilities within organizations charged with running and maintaining key portions of the U.S.'s infrastructure. In this episode of Security Breach , Alastair Williams, vice president of worldwide systems engineering at Skybox Security, joins us to help break down some of the social and market factors driving these troubling cybersecurity dynamics. We also discuss ransomware attacks, Log4J challenges, and what he sees as the biggest cybersecurity trends to consider for 2022. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
Regardless of the report, survey or research, all data related to industrial cybersecurity makes one thing very clear – the last two years have presented a dangerous uptick in the number of cybersecurity attacks, and the severity of them. So, if knowing is half the battle, the other half is identifying tools to help accomplish the mission. With this in mind, we welcome David Nosibor, Platform Solutions Leads at UL – the well-known leader in global safety certification. Presented with the frightening increase in the number of cyberattacks, the organization recently launched the SafeCyber platform to help organizations improve the cybersecurity of connected products throughout the entire lifecycle. This includes identifying current and future vulnerabilities and providing guidance to some of the obstacles currently preventing these issues from being addressed. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
While rogue individuals with an agenda and advanced cybersecurity skills are still prevalent, most headline-grabbing hacks are now originating from well-organized, highly talented groups or organizations. Not only does this dynamic provide access to a greater pool of talent, but it makes stopping a multi-faceted attack more difficult. One of the most notorious of these cyber terrorist groups is BlackByte. The Ransomware-as-a-service group recently made headlines by hacking the National Football League’s San Francisco 49ers right before the league’s biggest weekend – the most recent Super Bowl. The group was able to exploit a vulnerability in the team’s Microsoft Exchange server and implement a tool called Cobalt Strike. Users were then sent hourly ransom notes via a print bomb to all printers connected to the infected machine. While the 49ers have downplayed the impact of the hack, it did result in the release of financial documents that BlackByte posted to a site on the dark web. No ransom demands were made public, but the amount of data actually stolen remains unknown. The growing reach, ability and boldness of these groups should give everyone in the industrial sector pause – regardless of your role or job title. If they can access data from a billion-dollar franchise, your IP and financial data is, at least, just as vulnerable. The good news is that we have people like Lauren Podber, Principal Intelligence Analyst at Red Canary , to help guide us in getting ahead of groups like BlackByte. Lauren and her cohorts at Red Canary specialize in managing cybersecurity endpoint detection, planning and response. She recently sat down to discuss BlackByte, the importance of having a response plan at the ready, and what hacks to look out for over the next 12-18 months. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 There's a Lot of Reasons October Could Be Terrifying 13:42
13:42 Play Later Play Later Lists Like Liked13:42
Play Later Play Later Lists Like LikedIn addition to supply chain challenges and labor shortages, one of the biggest issues emerging from the COVID-19 pandemic for the industrial sector has been the huge uptick in cyberattacks. To make things worse, the Center for Strategic and International Studies, after studying cyberattack trends since 2006, says there is a clear pattern wherein these attacks will increase during the month of October, with five offending countries or entities responsible for the majority of the incidents. Based upon analysis, it is predicted that cyberattacks originating in Russia, China, North Korea and Iran will increase this month. Joining for the first in a series of episodes discussing new and prevailing cybersecurity challenges confronting the U.S. industrial sector is Adam Kohnke from Madison, WI-based Infosec Institute - a leading cybersecurity training and education firm. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
S
Security Breach
1 The Dangerous Reality of Your Cybersecurity Blast Radius 19:40
19:40 Play Later Play Later Lists Like Liked19:40
Play Later Play Later Lists Like LikedIn this episode of Security Breach , we're joined by Brian Vecci, the Field CTO of Varonis , - a leading provider of cyber threat detection and response compliance software. Varonis recently published their 2021 Manufacturing Data Risk Report , which offered analysis on threats, trends and potential solutions for a number of market sectors – including manufacturing. Included in their findings was that manufacturing was the fifth most targeted industry last year, with the average data breach costing nearly $5M, and taking over seven months to contain. Overall, Varonis feels the industrial sector’s level of cybersecurity sophistication lags behind many of its peers in the financial and healthcare sectors. We recently sat down to discuss the report, understanding your cybersecurity blast radius, data as a production asset, password protections, and more. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
In this episode of Security Breach, we're joined by Thierry Aubry, a Sales Executive at Open Systems . Open Systems recently offered a look inside a phishing scheme and potential malware attack experienced by one of their customers. While this global manufacturer of home and commercial appliances will remain anonymous, Thierry will walk us through how the attack was instigated, how Open Systems was able to respond, and what steps you can take to avoid and respond to potential attacks against your systems and proprietary data. To catch up on past episodes, you can go to Manufacturing.net , IEN.com or MBTmag.com . You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach , you can reach me at jeff@ien.com . To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Similar to Security Breach
Babbage is our weekly podcast on science and technology, named after Charles Babbage—a 19th-century polymath and grandfather of computing. Host Alok Jha talks to our correspondents about the innovations, discoveries and gadgetry shaping the world. Published every Wednesday. If you’re already a subscriber to The Economist, you’ll have full access to all our shows as part of your subscription. For more information about Economist Podcasts+, including how to get access, please visit our FAQs pa ...
…
continue reading
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
2k2k
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
America is divided, and it always has been. We're going back to the moment when that split turned into war. This is Uncivil: Gimlet Media's new history podcast, hosted by journalists Jack Hitt and Chenjerai Kumanyika. We ransack the official version of the Civil War, and take on the history you grew up with. We bring you untold stories about covert operations, corruption, resistance, mutiny, counterfeiting, antebellum drones, and so much more. And we connect these forgotten struggles to the ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
