Achieving web application security

Adopting web application security can help optimize workflow, drive efficiencies and meet agency missions.

The post Achieving web application security appeared first on CyberScoop.

Continue reading Achieving web application security

New security threats target industrial control and OT environments

A new Dragos report highlights recent threats targeting industrial control systems and operational technology environments and identifies strategies to address them.

The post New security threats target industrial control and OT environments appeared first on CyberScoop.

Continue reading New security threats target industrial control and OT environments

New security threats target industrial control and OT environments

A new Dragos report highlights recent threats targeting industrial control systems and operational technology environments and identifies strategies to address them.

The post New security threats target industrial control and OT environments appeared first on CyberScoop.

Continue reading New security threats target industrial control and OT environments

How to improve threat detection in ICS environments

A challenge in industrial control systems (ICS) cybersecurity is the lack of detection and collection capability within most ICS environments. Security leaders can struggle to piece together the complete attack chain in actual ICS incidents because the environments cannot collect the required evidence. A new report, “2021 MITRE Engenuity ATT&CK Evaluations for ICS,” produced by Dragos, evaluates the ICS threat detection market and shows a realistic demonstration of an attack against an operational technology environment. This report details the purpose of the ATT&CK evaluations for ICS and the lessons learned from the evaluation results, including: How the MITRE ATT&CK for ICS framework was developed A breakdown of the ATT&CK Evaluations for the ICS scenario, including the emulated attack approach and the ICS environment The ATT&CK Evals results and how Dragos performed Benefits to the ICS cybersecurity community Learn more on the ATT&CK Evaluations and how to accelerate digital transformation securely to manage growing risks to protect core business operations. This article was produced by CyberScoop […]

The post How to improve threat detection in ICS environments appeared first on CyberScoop.

Continue reading How to improve threat detection in ICS environments

Overcoming key business and operational challenges with XDR

Improving detection of advanced cyberthreats is a high priority in any security operation. However, a lack of visibility in an ever-expanding attack surface coupled with too many siloed security tools can overwhelm security teams with alerts and false positives. In addition, investigating broader malicious operations requires a complex workflow and staffing with domain expertise, a new report says. According to security experts at Cybereason, extended detection and response (XDR) provides security analysts with better visibility into the attack surface and the ability to act quickly across multiple security layers. They recently released a guide to help practitioners better understand AI-driven XDR platforms and those capabilities that help organizations to predict, understand and defend against attacks. The guide outlines in detail how to: Reduce false positives Improve threat hunting and intelligence management Boost productivity from unified investigations Increase automated response capabilities Read more in the Definitive Guide to Achieving 10X the Security […]

The post Overcoming key business and operational challenges with XDR appeared first on CyberScoop.

Continue reading Overcoming key business and operational challenges with XDR

Cyber measures gain momentum at federal agencies

Last year’s White House Executive Order on Cybersecurity has had a catalytic effect in focusing increased attention on holistic cybersecurity practices, according to a new survey of federal IT officials. Half of agency IT and security officials polled in the survey described the executive order as “greatly needed” — and another 30% called it “game-changing” — in getting agency leaders to commit resources toward critical cybersecurity projects. Three-quarters of survey respondents reported that their fiscal 2022 IT security budgets had been increased to meet White House requirements, and 44% said that those budgets had increased by more than 10%. The study, conducted by FedScoop and CyberScoop and underwritten by Lookout, also found that 3 in 4 federal IT executives surveyed reported that their agency had developed 75% or more of the IT and cybersecurity strategies required of them by the executive order. The findings are based on the completed responses […]

The post Cyber measures gain momentum at federal agencies appeared first on CyberScoop.

Continue reading Cyber measures gain momentum at federal agencies

Trends that shaped ransomware – and why it’s not slowing down

Ransomware isn’t showing signs of slowing down in the new year. It’s staked its claim as a major element of the cybercriminal ecosystem and potentially one of the costliest and damaging malware attacks, according to a new report. What we are seeing over the past 18 months, however, is a shift in tactics: Threat actors are targeting ever-larger organizations, and the business model that dictates how ransomware attacks occur is evolving. It’s up to IT professionals to proactively deal with these trends to meet the challenges just on the horizon and beyond. Enterprises can successfully defend themselves from threats when there is a balance between detection and prevention, says a new report produced by SophosLabs and the Sophos Managed Threat Response, Sophos Rapid Response and SophosAI teams. The report covers: The future of ransomware The impact of Ransomware-as-a-Service The expanding threat of extortion-style attacks How misuse of “threat emulation” tools […]

The post Trends that shaped ransomware – and why it’s not slowing down appeared first on CyberScoop.

Continue reading Trends that shaped ransomware – and why it’s not slowing down

New research analyzes industrial cybersecurity maturity

As the frequency and severity of cyberattacks on industrial organizations increase, defenders struggle to keep ahead of threats. Security leaders know that a unified IT and operational technology (OT) approach is key to protecting the safety and availability of operations but are faced with cultural and technical differences between IT best practices and OT. A new report, “The 2021 State of Industrial Cybersecurity,” produced by the Ponemon Institute — sponsored by Dragos — reveals key challenges industrial organizations face today and provides actionable solutions on how they can mature their cybersecurity strategies. The report covers: Cybersecurity maturity level for industrial control systems (ICS) and OT How organizations secure their ICS/OT OT cybersecurity investment, priorities and accountability The cause and consequences of an ICS/OT ransomware and cybersecurity incident Learn more on building a unified strategy that secures both IT and OT environments.  This article was produced by CyberScoop for, and sponsored by, […]

The post New research analyzes industrial cybersecurity maturity appeared first on CyberScoop.

Continue reading New research analyzes industrial cybersecurity maturity

Using evolutionary game theory to mitigate ransomware risks

Ransomware attacks on enterprise IT systems — especially those that are integrated with operational technology (OT) — can cause major disruptions for critical industry sectors, cautions a new cybersecurity whitepaper. Not only does ransomware create unusable file systems, but these attacks disrupt production and distribution of goods, and services and end up costing industries millions of dollars in total losses. The whitepaper, produced by Dragos, describes how IT security leaders can apply evolutionary game theory (EGT) to the complex series of events that lead to a ransomware attack. The paper proposes a mathematical approach to predict behaviors and understand how relationships between a system’s parts give rise to its collective behaviors. “Ransomware has become the primary attack vector for many industrial organizations during 2021,” shares the white paper, and “incidents like Colonial Pipeline, Honeywell and JB Foods showed the world that even when industrial control systems, which are integrated with […]

The post Using evolutionary game theory to mitigate ransomware risks appeared first on CyberScoop.

Continue reading Using evolutionary game theory to mitigate ransomware risks