Articles

Recent articles

An accurate medical device asset inventory enables security teams to ensure that devices are adequately secured and monitored. Asset visibility also helps to improve overall operations and ensure patient safety.
Healthcare
Operational Resilience

Medical Device Visibility: Tracking What Must Be Secured

George V. Hulme
NIS2 addresses limitations from NIS1 where some areas of improvement were needed to counter risk introduced by digital transformation and by evolving cyber threats, that exposed a lack of resilience within systems supporting businesses in the EU.
Risk Management
Cyber Resilience

Inside the EU's Toughened NIS2 Cybersecurity Directive

Roberto De Paolis
Cyber-informed engineering ensures the design, manufacture, and deployment of new OT and critical infrastructure assets — enough that these assets are reasonably secure from cyberattacks and remain reliable and resilient.
Cyber Resilience
Operational Technology

Cyber-Informed Engineering: A Way Toward More Resilient OT Systems

George V. Hulme
Ransomware may be past its hey-day, and it is a malware threat that will not fade away. But are attackers ready to move past it to more human attack vectors?
Cyber Resilience
Ransomware

Is Ransomware Still Sexy?

John Frushour
Vulnerable physical security components, such as door locks and control cabinets, change at such a slow rate that weaknesses are likely to go undetected or are easily overlooked in industrial and healthcare environments.
Industrial
Operational Resilience

Overlook Physical Security Risks at Your Own Peril

Don C. Weber
Compensating controls are often the only cybersecurity options available to offset risk in operational technology environments still supporting legacy technology or end-of-life industrial control systems or field devices.
Industrial
Cyber Resilience

When Compensating Controls are Your Only Security Option

Dan Ricci
In part two of Nexus' series on vulnerability remediation and patch management challenges related to industrial automation and control systems, we cover patching challenges, downtime, and the governance and oversight required to reduce risk.
Risk Management
Industrial

IT/OT Convergence Challenges, Part 2: Vulnerability Management Course of Action to Reduce Risk

Juan Piacquadio
Tim Hall
Security leaders newly introduced to OT should have a punch list of things to familiarize themselves with before challenges become overwhelming and insurmountable.
Operational Technology
Risk Management

Cybersecurity Punch List for CISOs Securing Converged IT/OT Environments

ADM. Michael S. Rogers, USN (Ret.)
Juan Piacquadio and Tim Hall explain the need for tailored patch management and vulnerability management processes that cater to the specific requirements of OT systems.
Risk Management
Industrial

IT/OT Convergence Challenges, Part 1: Managing IACS Vulnerabilities

Juan Piacquadio
Tim Hall
A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.
Cybersecurity Insurance
Ransomware

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme
The E.U.'s NIS2 directive and the U.S.'s National Cybersecurity Strategy have aligned critical infrastructure's focus on cyber resilience.
Cyber Resilience

US, EU Authorities Increase Regulatory Focus on Critical Infrastructure Cybersecurity

George V. Hulme
The Section 405(d) Task Group delivers the first Health Industry Cybersecurity Practices (HICP) update in two years, spelling out top cybersecurity threats and best practices for healthcare delivery organizations.
Healthcare

405(d) Task Group Updates HICP Document for Healthcare, Medical Device Cybersecurity

Ty Greenhalgh
Latest on Nexus Podcast