NTT Application Security released its six-month trend findings in its AppSec Stats Flash Vol. 7, reporting on the current state of application security and the wider threat landscape, including Window of Exposure (WoE), Vulnerability by Class, and Time to Fix.
WhiteHat Security published their latest installment of the AppSec Stats Flash report and podcast, surveying the current state of the application security and wider threat landscape.
In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cybercriminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.
In 2017, the financial impact of cyberattacks reached $5 billion and the monthly attack rate was 10-times the rate of attacks in 2016. The industrial and personal reliance on the U.S. power grid makes the impact of a successful attack troubling.
Joshua Dean, Director of Security for San Antonio Water System (SAWS), is in charge of keeping assets safe and secure, so that the 1.8 million people in the region don’t have an interruption to their water and sewer services.
“Water is the most precious resource in the world. You can live without food for a while, you can live without electricity, you can live without transportation, you can live without internet (despite what my kids say), but you cannot live without clean water. And that’s what makes my position so challenging,” says Scott Starkey, Security Manager for Birmingham Water Works.
In order to achieve more while reducing costs, many enterprises’ security leaders have turned to automation. By adding thermal cameras as part of a larger intrusion detection system, security departments can reduce false alarm rates and even bring operational value back to the enterprise. Off the coast of Venezuela, there is a cluster of oil platforms.