Apply to Attend: Nexus Conference 2024: Sept. 10-12

Topics:

Mike Ratliff, AVP Security Engineering and Operations at Providence, writes about five steps healthcare delivery organizations should take to mitigate the risk of ransomware and extortion-based attacks.

Cyber Resilience

5 Things Hospitals Can Do to Mitigate Threats of Ransomware

Healthcare delivery organizations using open-source software experience a balance of development advantages and security tradeoffs. Visibility, oversight, and tracking the use of OSS is critical to reducing risks it introduces. SBOMs, meanwhile, can be an advantage, in particular with regard to vulnerability management.

Cyber Resilience

Vulnerability Management

Risk Management

Understanding the Risks of Open Source Software in Healthcare

George V. Hulme

In OT and ICS cybersecurity, living off the land (LOTL) techniques refer to the practice of attackers using the existing tools and processes in a target system to carry out their malicious activities. This approach is particularly dangerous because it allows the attacker to blend in with everyday activities, making detection significantly more challenging.

Operational Technology

Cyber Resilience

How Living-Off-The-Land Techniques Impact OT and ICS

See all in Cyber Resilience See all in Articles

A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.

Cybersecurity Insurance

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme

Avoid these seven pitfalls when seeking cybersecurity liability insurance; ensure you understand policy terms and conditions, conduct due diligence, and involve the proper stakeholders, among other things.

Cybersecurity Insurance

Cybersecurity Liability Insurance Pitfalls to Avoid

George V. Hulme

Navigating cybersecurity insurance in a recession requires diligence about systemic cybersecurity risks that can cause premiums to rise or insurers to consider an organization uninsurable.

Cybersecurity Insurance

Risk Management

Navigating Cyber Insurance in a Recession

George V. Hulme

See all in Cybersecurity Insurance See all in Articles

Cyber Resilience

Risk Management

Blunting the Risks of Private-Sector Ownership of CI

ADM. Michael S. Rogers, USN (Ret.)

The “Report to the President: Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World,” reaffirms that cyber-resilience-by-design should be the standard and urges a coalition of government leaders and private sector critical infrastructure asset owners and operators to refocus their energies to build resilient cyber-physical systems (CPS) that are designed to withstand attack.

Cyber Resilience

Risk Management

Applauding A Codified Strategy for CPS Resilience

See all in Federal See all in Articles

Cyberattacks against the food and beverage industry are opportunistic and leverage the growth in digitization to exploit previously unmanaged vulnerabilities to disrupt operations.

Food & Beverage

On the Menu: Cybersecurity Risks in the Food and Beverage Industry

George V. Hulme

See all in Food & Beverage See all in Articles

Mike Ratliff, AVP Security Engineering and Operations at Providence, writes about five steps healthcare delivery organizations should take to mitigate the risk of ransomware and extortion-based attacks.

Cyber Resilience

5 Things Hospitals Can Do to Mitigate Threats of Ransomware

Healthcare delivery organizations using open-source software experience a balance of development advantages and security tradeoffs. Visibility, oversight, and tracking the use of OSS is critical to reducing risks it introduces. SBOMs, meanwhile, can be an advantage, in particular with regard to vulnerability management.

Cyber Resilience

Vulnerability Management

Risk Management

Understanding the Risks of Open Source Software in Healthcare

George V. Hulme

ASL Roma 1, a public health provider in Rome, has distinguished itself in the global healthcare landscape over the past two years by implementing advanced cybersecurity strategies, moving toward a hyper convergent security model, the so-called HyperSOC, in response to the growing cyber attacks in the global healthcare sector.

Cyber Resilience

The Cybersecurity Revolution at ASL Roma 1: From Traditional Solutions to HyperSOC

Stefano Scaramuzzino

See all in Healthcare See all in Articles

In OT and ICS cybersecurity, living off the land (LOTL) techniques refer to the practice of attackers using the existing tools and processes in a target system to carry out their malicious activities. This approach is particularly dangerous because it allows the attacker to blend in with everyday activities, making detection significantly more challenging.

Operational Technology

Cyber Resilience

How Living-Off-The-Land Techniques Impact OT and ICS

Typical OT network

Operational Technology

The Purdue Model's Risky Blindspot

George V. Hulme

Operational Technology

NSA's ELITEWOLF Signatures Detect Malicious Activity in OT Environments

George V. Hulme

See all in Industrial See all in Articles

If we are indeed at the full outset of Industry 4.0, the fourth industrial revolution, initiatives such as smart manufacturing will not truly succeed without keen awareness of new cybersecurity risks introduced by IT/OT connectivity and advanced technologies.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Smart Manufacturing Requires Proactive Cybersecurity

See all in Internet of Things See all in Articles

If we are indeed at the full outset of Industry 4.0, the fourth industrial revolution, initiatives such as smart manufacturing will not truly succeed without keen awareness of new cybersecurity risks introduced by IT/OT connectivity and advanced technologies.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Smart Manufacturing Requires Proactive Cybersecurity

On Nexus, former NSA Director Adm. Michael Rogers writes about the current legislative and personal liability changes that are impacting the CISO office. But Rogers urges security leaders to view these times as an opportunity to refine their business acumen and ensure cybersecurity is a priority across the enterprise.

Risk Management

Operational Resilience

Cyber Resilience

CISO Unrest is an Opportunity

ADM. Michael S. Rogers, USN (Ret.)

Operational technology’s (OT) exposure to cyber threats extends beyond the confines of technical software and firmware vulnerabilities. The supply chain and insiders are two significant areas of concern, where risks can originate from third-party vendors or suppliers with inadequate cybersecurity measures or those inside the firewall with similarly privileged access.

Cyber Resilience

Operational Resilience

Mitigating Exposures the Key to Cyber Resilience

See all in Operational Resilience See all in Articles

In OT and ICS cybersecurity, living off the land (LOTL) techniques refer to the practice of attackers using the existing tools and processes in a target system to carry out their malicious activities. This approach is particularly dangerous because it allows the attacker to blend in with everyday activities, making detection significantly more challenging.

Operational Technology

Cyber Resilience

How Living-Off-The-Land Techniques Impact OT and ICS

If we are indeed at the full outset of Industry 4.0, the fourth industrial revolution, initiatives such as smart manufacturing will not truly succeed without keen awareness of new cybersecurity risks introduced by IT/OT connectivity and advanced technologies.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Smart Manufacturing Requires Proactive Cybersecurity

Secure remote access for third parties is a growing demand within OT and ICS environments. CISOs must understand and mitigate the risk third-party access introduces by having visibility into these connections, limiting access when appropriate, and applying other mitigations.

Operational Technology

Closing the Door on Third-Party Access Risks

George V. Hulme

See all in Operational Technology See all in Articles

Mike Ratliff, AVP Security Engineering and Operations at Providence, writes about five steps healthcare delivery organizations should take to mitigate the risk of ransomware and extortion-based attacks.

Cyber Resilience

5 Things Hospitals Can Do to Mitigate Threats of Ransomware

Resilience, Recovery Strategies to Combat Ransomware and Extortion

ADM. Michael S. Rogers, USN (Ret.)

Ransomware may be past its hey-day, and it is a malware threat that will not fade away. But are attackers ready to move past it to more human attack vectors?

Cyber Resilience

Is Ransomware Still Sexy?

See all in Ransomware See all in Articles

Vulnerability Management

Risk Management

Putting SBOMs to Practical Use

George V. Hulme

Healthcare delivery organizations using open-source software experience a balance of development advantages and security tradeoffs. Visibility, oversight, and tracking the use of OSS is critical to reducing risks it introduces. SBOMs, meanwhile, can be an advantage, in particular with regard to vulnerability management.

Cyber Resilience

Vulnerability Management

Risk Management

Understanding the Risks of Open Source Software in Healthcare

George V. Hulme

CISOs remain at risk for potential securities fraud charges as public ‘security statements’ can still be used against them despite a New York judge's ruling that all but ended the SEC's case against SolarWinds and its CISO Tim Brown.

Risk Management

Judge Dismisses Most of SEC Case vs. SolarWinds; CISOs Must Remain Wary

George V. Hulme

See all in Risk Management See all in Articles

Technical debt in OT leads to increased operations costs as teams fight to maintain outdated systems, and security teams struggle to keep those same systems secure, often through compensating controls.

Operational Technology

Getting Strategic Against Technical Debt in OT

George V. Hulme

Technical debt broadly refers to having old technology in place that causes problems later on, such as increased maintenance, lower productivity, and software or system reliability.

Operational Technology

Technical Debt in OT Environments: How It's Different and Why it Matters

George V. Hulme

See all in Technical Debt See all in Articles

Vulnerability Management

Risk Management

Putting SBOMs to Practical Use

George V. Hulme

Healthcare delivery organizations using open-source software experience a balance of development advantages and security tradeoffs. Visibility, oversight, and tracking the use of OSS is critical to reducing risks it introduces. SBOMs, meanwhile, can be an advantage, in particular with regard to vulnerability management.

Cyber Resilience

Vulnerability Management

Risk Management

Understanding the Risks of Open Source Software in Healthcare

George V. Hulme

Expert Don C. Weber writes that safety devices are within scope for cybersecurity risk assessments. This includes conducting high-level risk assessments to assemble documentation for specific Systems-under-Consideration (SuC) of the safety solution, performing a vulnerability assessment of the SuC, feeding the results into the detailed risk assessment to allow the risk management team to identify and address residual risks.

Operational Technology

Operational Resilience

Vulnerability Management

Architecting Safety Using Cybersecurity Requirements and Assessments

See all in Vulnerability Management See all in Articles

Risk Management

Vulnerability Management

Operational Technology

A Strategic Necessity: Compensating Controls in ICS, OT

George V. Hulme

Behavioral Identity as the New Perimeter

Implementing a zero-trust architecture for operational technology environment ensures additional security around cyber physical systems processes that are essential to our way of life.

The Zero Trust for OT Imperative

George V. Hulme

See all in Zero Trust See all in Articles

Cyber Resilience

Internet of Things

Nexus Conference

Vulnerability Management

Srinivas Tummalapenta on the Cybersecurity Potential of AI

Srinivas Tummalapenta, Distinguished Engineer & CTO, IBM Consulting Cybersecurity Services, discusses the applications of AI and cybersecurity, in particular…

img_8610-(1)-(1).jpg

Nexus 2023 in Miami

Relive the highlights of Nexus 2023, Claroty's annual cybersecurity conference for CISO and security leaders responsible for the safety of cyber-physical…

Food & Beverage

Operational Resilience

Nexus Conference

Michael Rogers on Managing Risk and Digital Transformation

Michael Rogers, CISO and Director of Information Security and Compliance, at Hormel explains how his role as a security leader has changed as digital…

See all in Videos

In this episode of the Nexus Podcast, Alethe Denis, a senior security consultant at Bishop Fox, joins to discuss the ongoing effectiveness of open-source intelligence analysis and social engineering tactics as a precursor to larger intrusions against critical infrastructure.

Cyber Resilience

Risk Management

Nexus Podcast: Alethe Denis on Social Engineering, Red-Teaming

On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.

Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs

In this episode of the Nexus Podcast, Claroty Team82 researcher Noam Moshe explains the challenges involved in gathering attack forensic artifacts from OT devices, in this case, Unitronics PLCs that were exploited in 2023 in attacks against water facilities in the U.S. and Israel.

Operational Technology

Nexus Podcast: Noam Moshe on Extracting Forensic Data from Unitronics PLCs

See all in Podcasts

Archive

All entries

Vulnerability Management

Risk Management

Putting SBOMs to Practical Use

George V. Hulme

Healthcare delivery organizations using open-source software experience a balance of development advantages and security tradeoffs. Visibility, oversight, and tracking the use of OSS is critical to reducing risks it introduces. SBOMs, meanwhile, can be an advantage, in particular with regard to vulnerability management.

Cyber Resilience

Vulnerability Management

Risk Management

Understanding the Risks of Open Source Software in Healthcare

George V. Hulme

On the latest episode of the Nexus Podcast, Rockwell Automation Senior Network & Solution Consultant Ahmik Hindman joins to discuss patching and vulnerability management of operational technology (OT) and industrial control systems (ICS).

Operational Technology

Vulnerability Management

Nexus Podcast: Ahmik Hindman on Patching OT and ICS

Cyber Resilience

Risk Management

Vulnerability Management

Nexus Podcast: Diana Kelley on Securing AI Systems

Expert Don C. Weber writes that safety devices are within scope for cybersecurity risk assessments. This includes conducting high-level risk assessments to assemble documentation for specific Systems-under-Consideration (SuC) of the safety solution, performing a vulnerability assessment of the SuC, feeding the results into the detailed risk assessment to allow the risk management team to identify and address residual risks.

Operational Technology

Operational Resilience

Vulnerability Management

Architecting Safety Using Cybersecurity Requirements and Assessments

Cyber Resilience

Vulnerability Management

Nexus Podcast: Greg Garcia on the Change Healthcare Cyberattack

Vulnerability Management

Risk Management

FDA Sets Sights on Medical Device Vulnerability Management

George V. Hulme

Researcher Ryan Pickren explains a new web-based attack against programmable logic controllers (PLCs) that uses malicious JavaScript to attack the front end of an embedded web server prevalent in modern PLCs.

Operational Technology

Vulnerability Management

Internet of Things

Nexus Podcast: Ryan Pickren on New Web-Based PLC Malware Research

Understanding the nuances of OT cybersecurity vulnerabilities becomes imperative for IT cybersecurity teams to develop comprehensive defense strategies that safeguard both IT and OT environments.

Operational Technology

Operational Resilience

Vulnerability Management

Risk Management

What IT Cybersecurity Teams Need to Know about OT Vulnerabilities (Part 1)

Team82’s Noam Moshe discusses state actor targeting of OT, why it’s so challenging to develop ransomware for OT and industrial control systems, and the mitigation strategies available to defenders of cyber-physical systems.

Internet of Things

Operational Technology

Vulnerability Management

Nexus Podcast: Team82 Answers More of your Cybersecurity Research Questions

Risk Management

Vulnerability Management

Operational Technology

A Strategic Necessity: Compensating Controls in ICS, OT

George V. Hulme

Operational Technology

Vulnerability Management

Operational Resilience

OT Patch Management Truths

George V. Hulme

1

Latest on Nexus Podcast

See all episodes

The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.

See all episodes

In this episode of the Nexus Podcast, Alethe Denis, a senior security consultant at Bishop Fox, joins to discuss the ongoing effectiveness of open-source intelligence analysis and social engineering tactics as a precursor to larger intrusions against critical infrastructure.

Cyber Resilience

Risk Management

Nexus Podcast: Alethe Denis on Social Engineering, Red-Teaming

On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.

Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs

In this episode of the Nexus Podcast, Claroty Team82 researcher Noam Moshe explains the challenges involved in gathering attack forensic artifacts from OT devices, in this case, Unitronics PLCs that were exploited in 2023 in attacks against water facilities in the U.S. and Israel.

Operational Technology

Nexus Podcast: Noam Moshe on Extracting Forensic Data from Unitronics PLCs