Next to artificial intelligence, one of the biggest buzz terms in industrial cybersecurity right now might be SBOM, or software bill of materials. The term generates equal parts concern and eye roll as those entrusted with enterprise defense look to ensure that there are no embedded vulnerabilities amongst the data platforms they are both sourcing and utilizing within their offerings.

Perhaps most frustrating is having to essentially reverse engineer a number of established products in order to quell security concerns. However, as frustrating as these efforts might be, the growing number of zero day hacks emanating from embedded security vulnerabilities will only continue to grow as we look to embed greater levels of sensor, software and AI-driven functionality.

In this episode we hear from Marcellus Buchheit, President and CEO of Wibu-Systems USA, a leading provider of security solutions for embedded data and intellectual property. Watch/listen as we discuss:

• How vulnerabilities and risks need to be assessed beyond their expense to focus on updates, reconfigurations and the growing number of OT connection points.
• The need for SOPs that make it easier to assimilate cybersecurity into OT processes.
• Ways to more safely update the growing number of devices on the plant floor.
• Protecting IP and, more specifically, the software coding associated with it.
• The impact AI continues to have on increasing the sophistication of hacking attempts.
• Why all hacks are "highly preventable."
• The role of quantum computing and the steps to take in preparing for "Q Day".

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

Listen on: Apple Podcasts Spotify

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

We assembled some "nerds from the basement" to cover a key strategy in combatting evolving threats.

Today’s episode is going to take on a little different flavor, as we’re going to show you one particular tool that can impact a number of your security planning, training and discovery strategies.

While table top exercises are nothing new, we’re going to demonstrate how they’re evolving and can be customized according to your needs. We’re going to tackle the human element of cybersecurity by discussing communications strategies, and we’ll offer some insight on getting greater buy-in from throughout the organization, including the C-suite and those controlling the purse strings.

Joining me to discuss these topics and run through a mock exercise will be:

• Navroop Mitter, the CEO and founder of ArmorText. His firm is a leader in secure out-of-band communications.
• Matthew Welling, a partner at Crowell & Moring's Washington, D.C. office, where he works in the firm's Privacy & Cybersecurity Group.
• Timothy Chase, the director of the Manufacturing ISAC, a non-profit organization and leading provider of threat intelligence sharing solutions.

In addition to the table top exercise, we'll discuss:

• Communication challenges before, during and after an attack.
• Response strategies and the evolving dynamic of out-of-band communications.
• The ongoing challenges of addressing the Human Element of cybersecurity.
• The impact of regulatory efforts and how they're playing a bigger role in attack response plans.
• The types of tools or solutions that can play the biggest role in helping organizations respond to attacks more effectively.
• How to control the emotional responses that will undoubtedly emanate from an attack.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

Listen on: Apple Podcasts Spotify

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

For this episode, instead of tapping into one source for feedback and updates on industrial cybersecurity, we’re going to look at some of the key insights previous guests have offered on the evolving threat landscape – from increased risks emanating from technological integrations and an uptick in automation, to the more traditional adversaries responsible for next-generation malware, ransomware and phishing schemes.

To kick things off, we'll hear from:

• Tom Marsland, VP of Technology for Cloud Range as he discusses threats to our infrastructure and state-sponsored groups from China.
• (3:31) He’ll be followed by Cyberhoot’s Craig Taylor as he updates us on phishing schemes.
• (5:45) And then we’ll hear from Jon Taylor at Versa Networks as he talks about strategies bad actors are taking in targeting legacy industrial control systems.

While many of those topics are already at the top of our list of concerns, there are also a number of evolving threats that warrant an uptick in resources – from both a financial and skillset development perspective. We'll dive into comments from:

• (9:26) Corsha’s Anusha Iyer as she discusses supply chain and dwelling attacks.
• (15:33) Venafi’s Kevin Bocek and his take on embedded software vulnerabilities and how hackers are taking advantage of them.
• (22:18) Baker Tilly’s Jeff Krull offers an update on the evolving complexity of ransomware groups and how they’re targeting the industrial sector.
• (25:20) And finally, let’s wrap u

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

Listen on: Apple Podcasts Spotify

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

While there are plenty of unknowns when it comes to protecting the OT attack surface, there are some things that are undeniably true.

We know that the frequency of attacks will continue to increase.

We know that it’s not if your ICS will be probed, but when.

And we also know that asset and connection visibility is an ongoing challenge due to the implementation of more automated technology.

Finally, we also know that one of the most important aspects of any cybersecurity plan is the portion that lays out the response.

One of the most effective ways to address these concerns can be the use of attack simulations. In this episode we tap in to the expertise of Tom Marsland, VP of Technology for Cloud Range, a leading provider of live-fire cybersecurity exercises and training. Watch/listen as we discuss:

• All the little things that are continuing to pose challenges to industrial cybersecurity.
• Why state-sponsored hacker groups in China are getting more of his attention lately.
• Why successful incident response is about the people, not the tools.
• The importance of "training like you fight."
• His role with VetSec, and the role it can play in filling cybersecurity talent gaps.
• How to bring IT and OT together and why the onus on strengthening these bonds might fall more on IT.
• Why the culture of security needs to permeate throughout the entire organization.
• How AI can help make the most of your people.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

Listen on: Apple Podcasts Spotify

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

Maybe you’re sick of hearing about phishing schemes and the way hackers are using this strategy to infiltrate your networks, access intellectual data, shut down production, or hold your assets for ransom. If that’s the case, then you’ve made a lot of hackers very happy.

And based on Proofpoint’s 2024 State of Phish report, protecting against phishing schemes is simply not being reinforced or given the proper priority. For example,

• 71% of surveyed users admitted to taking a risky action, and 96% knew they were doing something risky when interacting with email or text messages.
• 85% of security professionals said that most employees know they are responsible for security, but 59% of employees weren’t sure or claimed that they’re not responsible.
• Furthermore, 24% admitted to responding to emails or text messages from someone they don’t know, and 19% clicked on links in emails from people they don’t know.
• Finally, 73% of surveyed companies reported a business email compromise, but only 29% are actively teaching users about BEC attacks.

To address these and other phishing attack dynamics, I sat down with Craig Taylor, co-founder of Cyberhoot, a leading provider of phishing prevention solutions. Watch/listen as we discuss:

• How hackers are going after session tokens to steal valuable credential data.
• Why phishing prevention training spends too much time on avoiding the click instead of positive reinforcement of proper actions.
• The need for worker training to go beyond any impact to the company, to the individual cyber risks as well.
• How adding "friction" to email could be a solution.
• The bad password advice that many high-level organizations continue to distribute.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

So, my daughters like to give me a hard time about growing old.

Said another way, I’m a legacy asset - just like most of the devices many of you observe, manage and secure every day. Your machines are still in place because they work. While the technology around these assets has evolved, their core functionality and value to the production process has remained constant.

But as sensors, network connections and access parameters have been upgraded to improve output, these highly prized pieces of equipment are showing their age from a cybersecurity perspective. The challenges they present are reinforced with findings from Fortinet’s 2024 State of Operational Technology and Cybersecurity Report.

A couple of key takeaways include findings that show nearly one-third of respondents experiencing six or more intrusions in the last year. Additionally, fewer respondents claimed 100 percent OT system visibility – with that number decreasing from 10 to five percent. On the bright side, we’re getting better in some areas, with 20 percent of organizations establishing visibility and implementing segmentation, up from only 13 percent the previous year.

Joining us to discuss these and other trends is Jon Taylor, Director and Principal of Security with Versa Networks, a leading provider of digital transformation and edge security solutions. Watch/listen as he discusses:

• Why the Purdue model might re outdated and preventing many from using new strategies like SASE.
• Why he believes visibility is security - "you have to see it do defend it," and how AI could be the solution.
• The need for OT to look at vulnerabilities from a network or architecture perspective, not by device or connection point.
• How air gapping help feed the division between IT and OT.
• The weaponizing of OT networks stems from the lack of an adaptive network strategy fed by archaic infrastructure.
• Instead of Security by Design, we need to implement Patching by Design.
• Why the industrial sector needs to be more vocal about the need for embedded security and embedded micro-se

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

Listen on: Apple Podcasts Spotify

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

While the justifications for additional cybersecurity spending is easy to explain, getting buy-in at the C-level can be difficult. However, some recent research might help you win over those controlling the purse strings.

SonicWall’s Mid-Year Cyber Threat Report found that their firewalls were under attack 125 percent of the time during a 40-hour work week. And if that doesn’t get the attention of the powers that be, it might also be worth mentioning that during these attacks SonicWall also found that, at a minimum, 12.6 percent of all revenues were exposed to cyber threats that were not covered by security tools or procedures.

Extrahop’s Global Cyber Confidence Index also reported that 31 percent of cyber and IT leaders want more budget, or more accurately, a 50 percent increase in order to effectively manage and mitigate cyber risk. That number might seem a bit inflated, but it does help illustrate how we’re seemingly fighting the cyber battle on multiple fronts.

To help sort through some of these challenges and direct our resources as effectively as possible, I recently sat down with Anusha Iyer, the Founder and CEO of Corsha, a leading provider of OT asset management and access security solutions.

Watch/listen as we discuss:

• How to retrofit new practices for legacy assets in order to optimize uptime.
• The false confidence generated by many air gap strategies.
• The importance of machine identity strategies in order to understand the best ways to secure assets and their growing number of connections.
• Increases in ICS-focused malware and live-off-the-land attacks.
• The importance of focusing on the "whys" when conducting employee cybersecurity training.
• Reinforcing the "realities of the day" in improving the entire cybersecurity community.
• Using AI to assess more connection behaviors.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

Listen on: Apple Podcasts Spotify

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

One of the most common topics we explore here on Security Breach is the ongoing challenge of asset visibility in the OT landscape. It's frustrating because it would seem that the solution starts with basic inventory management approaches, i.e. the first step in developing frameworks and plans for everything from tool selection to attack response.

Of course, this is never simple due to the increasing amount of IIoT technology and the connection demands they place on industrial systems. It’s a situation that promises to only get more complex, with Fortinet reporting that in 2023, only five percent of surveyed organizations have 100 percent visibility into their own OT activities – a number that is down from 13 percent in 2022.

To provide some insight on managing this growing number of machines, connections, access points and other vulnerable areas of the ICS, we connected with Kevin Bocek, the Chief Innovation Officer at Venafi, a leading provider of asset identity management. Watch/listen as he discusses:

• Why cyber incidents are a learning opportunity for everyone.
• The benefits of showing the C-suite all those plant floor connections when working to get proper cybersecurity funding.
• The rise in attacks that will be emanating from legacy software and coding.
• Why software assets should be managed and secured in the same manner as machines or devices.
• How manufacturing can bring Continuous Improvement strategies to OT security.
• Stuxnet's long-term impact.
• How quantum computing will dramatically alter authentication approaches and secure-by-design practices within the next five years.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

Listen on: Apple Podcasts Spotify

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.