We spend a lot of time and effort so we can spot attackers —
and for a good reason! But without visibility into our own organizations, we’re left with too much uncertainty. So how can you use more visibility to counter the fog of war?
In this installment of the Cybersecurity and Geopolitical Podcast, Ian Thornton-Trump (CISO at Cyjax) and Tristan de Souza retrospectively look at the inaugural International Cyber Expo in London, discussing data breaches, the role of a CISO and more.
A recent surge in cyberattacks, including SolarWinds and Colonial Pipeline, has intensified a focus on cybersecurity across industrial sectors and critical infrastructure. As a result, the U.S. government and other organizations within the nation’s defense supply chain have taken action to protect the critical assets and organizations that ensure the security and prosperity of our country.
Together, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity — each can be targeted, separately or simultaneously, to result in compromised systems and infrastructure.
Given the rising attacks on critical infrastructure and the interconnected mesh of cyber-physical systems, the United States government is looking to better coordinate protection efforts that anticipate and counter criminal groups’ tactics, techniques and procedures, to help prevent attacks from reaching their intended targets.
In acknowledgment of the wide-reaching effects that damage to critical infrastructure organizations and systems can impart, Security has dedicated our October 2021 issue to Critical Infrastructure Security. This month, our features cover the challenges and risks associated with this market sector, along with solutions and best practices security leaders can take to mitigate some of those risks. Here, we cover a few simple steps critical infrastructure security leaders can take to proactively build a program of resiliency.
Tony Bryson, Chief Information Security Officer for the Town of Gilbert, Ariz.,
scaled the town's cybersecurity defenses by adopting a preventative solution through a third-party security company to help to mitigate the risks associated with supply chain attacks.
Taking a proactive approach to examining potential risks and liabilities within the supply chain in regards to human rights violations, human trafficking or other abuses, can not only save a company from financial or legal liabilities, but also help it avoid irreversible reputational damage.
To help mitigate cybersecurity risks to managed service provider customers, the Cybersecurity and Infrastructure Security Agency released a resource, providing a framework that government and private sector organizations outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk.