Save the Date: Nexus Conference 2024: Sept. 10-12

Topics:

The UK's National Cyber Security Centre (NCSC) reacts to growing cloud implementations for operational technology, SCADA, and industrial control systems. The shift to cloud computing has caused the NCSC to be concerned that organizations aren't properly managing the new connectivity, including security boundaries and access control mechanisms.

Risk Management

Cyber Resilience

Operational Technology

UK NCSC Urges OT/ICS Operators to Secure Cloud Migrations

George V. Hulme

Cyber Resilience

Operational Resilience

Risk Management

Think Like an Attacker: Be Frogger

The U.K.'s enhanced Cyber Assessment Framework is designed to help critical infrastructure organizations comprehensively assess and improve their ability to defend against, and respond to, cyberattacks.

Cyber Resilience

Operational Technology

Operational Resilience

UK Critical Infrastructure Sectors Brace for Enhanced Cyber Assessment Framework

George V. Hulme

See all in Cyber Resilience See all in Articles

A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.

Cybersecurity Insurance

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme

Avoid these seven pitfalls when seeking cybersecurity liability insurance; ensure you understand policy terms and conditions, conduct due diligence, and involve the proper stakeholders, among other things.

Cybersecurity Insurance

Cybersecurity Liability Insurance Pitfalls to Avoid

George V. Hulme

Navigating cybersecurity insurance in a recession requires diligence about systemic cybersecurity risks that can cause premiums to rise or insurers to consider an organization uninsurable.

Cybersecurity Insurance

Risk Management

Navigating Cyber Insurance in a Recession

George V. Hulme

See all in Cybersecurity Insurance See all in Articles

Cyber Resilience

Risk Management

Blunting the Risks of Private-Sector Ownership of CI

ADM. Michael S. Rogers, USN (Ret.)

The “Report to the President: Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World,” reaffirms that cyber-resilience-by-design should be the standard and urges a coalition of government leaders and private sector critical infrastructure asset owners and operators to refocus their energies to build resilient cyber-physical systems (CPS) that are designed to withstand attack.

Cyber Resilience

Risk Management

Applauding A Codified Strategy for CPS Resilience

See all in Federal See all in Articles

Cyberattacks against the food and beverage industry are opportunistic and leverage the growth in digitization to exploit previously unmanaged vulnerabilities to disrupt operations.

Food & Beverage

On the Menu: Cybersecurity Risks in the Food and Beverage Industry

George V. Hulme

See all in Food & Beverage See all in Articles

Vulnerability Management

Risk Management

FDA Sets Sights on Medical Device Vulnerability Management

George V. Hulme

The U.S. Dept of Health and Human Services Cybersecurity Performance Goals sets expectations on healthcare delivery organizations to protect their data and technology environments.

Operational Resilience

Risk Management

What HHS's New Cybersecurity Performance Goals Mean to Healthcare Organizations

George V. Hulme

Cyber Resilience

Managing Clinical Engineering Supply Chain Risk, Part 2

See all in Healthcare See all in Articles

Typical OT network

Operational Technology

The Purdue Model's Risky Blindspot

George V. Hulme

Operational Technology

NSA's ELITEWOLF Signatures Detect Malicious Activity in OT Environments

George V. Hulme

Operational Technology

Operational Resilience

Overcoming Inherent Design and Security Limitations of OT Devices

Juan Piacquadio

See all in Industrial See all in Articles

Cyber Resilience

Operational Resilience

Risk Management

Think Like an Attacker: Be Frogger

The U.K.'s enhanced Cyber Assessment Framework is designed to help critical infrastructure organizations comprehensively assess and improve their ability to defend against, and respond to, cyberattacks.

Cyber Resilience

Operational Technology

Operational Resilience

UK Critical Infrastructure Sectors Brace for Enhanced Cyber Assessment Framework

George V. Hulme

Expert Dan Ricci explains how IT security and operational technology engineers and asset operators must collaborate to properly address risk within industrial environments.

Operational Technology

Risk Management

Operational Resilience

Three Ways to Foster Collaboration, Understanding Between IT, OT Security, Part 2

See all in Operational Resilience See all in Articles

The UK's National Cyber Security Centre (NCSC) reacts to growing cloud implementations for operational technology, SCADA, and industrial control systems. The shift to cloud computing has caused the NCSC to be concerned that organizations aren't properly managing the new connectivity, including security boundaries and access control mechanisms.

Risk Management

Cyber Resilience

Operational Technology

UK NCSC Urges OT/ICS Operators to Secure Cloud Migrations

George V. Hulme

The U.K.'s enhanced Cyber Assessment Framework is designed to help critical infrastructure organizations comprehensively assess and improve their ability to defend against, and respond to, cyberattacks.

Cyber Resilience

Operational Technology

Operational Resilience

UK Critical Infrastructure Sectors Brace for Enhanced Cyber Assessment Framework

George V. Hulme

Expert Dan Ricci explains how IT security and operational technology engineers and asset operators must collaborate to properly address risk within industrial environments.

Operational Technology

Risk Management

Operational Resilience

Three Ways to Foster Collaboration, Understanding Between IT, OT Security, Part 2

See all in Operational Technology See all in Articles

Resilience, Recovery Strategies to Combat Ransomware and Extortion

ADM. Michael S. Rogers, USN (Ret.)

Ransomware may be past its hey-day, and it is a malware threat that will not fade away. But are attackers ready to move past it to more human attack vectors?

Cyber Resilience

Is Ransomware Still Sexy?

A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.

Cybersecurity Insurance

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme

See all in Ransomware See all in Articles

The UK's National Cyber Security Centre (NCSC) reacts to growing cloud implementations for operational technology, SCADA, and industrial control systems. The shift to cloud computing has caused the NCSC to be concerned that organizations aren't properly managing the new connectivity, including security boundaries and access control mechanisms.

Risk Management

Cyber Resilience

Operational Technology

UK NCSC Urges OT/ICS Operators to Secure Cloud Migrations

George V. Hulme

Vulnerability Management

Risk Management

FDA Sets Sights on Medical Device Vulnerability Management

George V. Hulme

Cyber Resilience

Operational Resilience

Risk Management

Think Like an Attacker: Be Frogger

See all in Risk Management See all in Articles

Technical debt broadly refers to having old technology in place that causes problems later on, such as increased maintenance, lower productivity, and software or system reliability.

Operational Technology

Technical Debt in OT Environments: How It's Different and Why it Matters

George V. Hulme

See all in Technical Debt See all in Articles

Vulnerability Management

Risk Management

FDA Sets Sights on Medical Device Vulnerability Management

George V. Hulme

Understanding the nuances of OT cybersecurity vulnerabilities becomes imperative for IT cybersecurity teams to develop comprehensive defense strategies that safeguard both IT and OT environments.

Operational Technology

Operational Resilience

Vulnerability Management

Risk Management

What IT Cybersecurity Teams Need to Know about OT Vulnerabilities (Part 1)

Risk Management

Vulnerability Management

Operational Technology

A Strategic Necessity: Compensating Controls in ICS, OT

George V. Hulme

See all in Vulnerability Management See all in Articles

Risk Management

Vulnerability Management

Operational Technology

A Strategic Necessity: Compensating Controls in ICS, OT

George V. Hulme

Behavioral Identity as the New Perimeter

Implementing a zero-trust architecture for operational technology environment ensures additional security around cyber physical systems processes that are essential to our way of life.

The Zero Trust for OT Imperative

George V. Hulme

See all in Zero Trust See all in Articles

Cyber Resilience

Internet of Things

Nexus Conference

Vulnerability Management

Srinivas Tummalapenta on the Cybersecurity Potential of AI

Srinivas Tummalapenta, Distinguished Engineer & CTO, IBM Consulting Cybersecurity Services, discusses the applications of AI and cybersecurity, in particular…

Nexus 2023 in Miami

Relive the highlights of Nexus 2023, Claroty's annual cybersecurity conference for CISO and security leaders responsible for the safety of cyber-physical…

Food & Beverage

Operational Resilience

Michael Rogers on Managing Risk and Digital Transformation

Michael Rogers, CISO and Director of Information Security and Compliance, at Hormel explains how his role as a security leader has changed as digital…

See all in Videos

Cyber Resilience

Vulnerability Management

Nexus Podcast: Greg Garcia on the Change Healthcare Cyberattack

Researcher Ryan Pickren explains a new web-based attack against programmable logic controllers (PLCs) that uses malicious JavaScript to attack the front end of an embedded web server prevalent in modern PLCs.

Operational Technology

Vulnerability Management

Internet of Things

Nexus Podcast: Ryan Pickren on New Web-Based PLC Malware Research

In this episode of the Claroty Nexus podcast, Hormel Foods CISO and Director of Security and Compliance Mike Rogers explains that CISOs should understand their level of exposure in the event of a cybersecurity incident and proactively seek personal liability protection.

Risk Management

Food & Beverage

Operational Resilience

Nexus Podcast: Mike Rogers on CISO Exposure During Incidents

See all in Podcasts

Podcasts

Recent podcasts

Cyber Resilience

Vulnerability Management

Nexus Podcast: Greg Garcia on the Change Healthcare Cyberattack

Researcher Ryan Pickren explains a new web-based attack against programmable logic controllers (PLCs) that uses malicious JavaScript to attack the front end of an embedded web server prevalent in modern PLCs.

Operational Technology

Vulnerability Management

Internet of Things

Nexus Podcast: Ryan Pickren on New Web-Based PLC Malware Research

In this episode of the Claroty Nexus podcast, Hormel Foods CISO and Director of Security and Compliance Mike Rogers explains that CISOs should understand their level of exposure in the event of a cybersecurity incident and proactively seek personal liability protection.

Risk Management

Food & Beverage

Operational Resilience

Nexus Podcast: Mike Rogers on CISO Exposure During Incidents

Team82’s Noam Moshe discusses state actor targeting of OT, why it’s so challenging to develop ransomware for OT and industrial control systems, and the mitigation strategies available to defenders of cyber-physical systems.

Internet of Things

Operational Technology

Vulnerability Management

Nexus Podcast: Team82 Answers More of your Cybersecurity Research Questions

Juan Piacquadio, chief information officer of Phlow Corp., describes the innovative and competitive edge the implementation of Pharma 4.0 brings to the industry, and how to best secure it.

Risk Management

Internet of Things

Nexus Podcast: Juan Piacquadio on Securing Pharma 4.0

Carrix security executive David Elfering joins the Nexus podcast to discuss cyber liability insurance, including whether carrier cybersecurity requirements align with risk reduction, some of the red flags that can imperil coverage or claims, and how cyber insurance providers are looking at geopolitical conflict.

Risk Management

Cybersecurity Insurance

Nexus Podcast: David Elfering on CISOs and Cyber Liability Insurance

Claroty Team82 Director of Vulnerability Research Sharon Brizinov and Vulnerability Researcher Noam Moshe discuss their research process, the technical resources at their disposal, and the threat landscape.

Operational Technology

Vulnerability Management

Nexus Podcast: Team82 Answers Your Questions

Mandiant and Google Cloud Head of Emerging Threats and Analytics Nathan Brubaker joins to discuss his team's findings and provide more context on the growing capabilities of Sandworm and its targeting of OT.

Operational Technology

Cyber Resilience

Nexus Podcast: Mandiant on Sandworm APT OT Attacks in Ukraine

Cutaway Security's Don C. Weber joins the Claroty Nexus podcast to discuss ICS cybersecurity training from his experience as a SANS certified instructor and understanding of where automation organizations are struggling and succeeding with cybersecurity.

Cyber Resilience

Operational Technology

Nexus Podcast: Don Weber on Security Culture in Control Environments; STAR Methodology

A new extension to the open source Caldera adversary emulation platform tailored for threats to operational technology (OT) called Caldera for OT features plugins for dnp, Modbus, and BACnet, three popular OT protocols that are prevalent in many commercial products regardless of industry.

Operational Technology

Nexus Podcast: MITRE on Caldera for OT

Retired Pfizer chief information security officer Jim LaBonty describes the need for a specialized OT security stack that feeds into a converged IT SOC.

Operational Resilience

Cyber Resilience

Nexus Podcast: Jim LaBonty on Building an OT Security Stack

Stephen Reynolds, a partner at the law firm of McDermott, Will, and Emery, discusses the personal, criminal liability that can attach to individuals and executives during investigations, and offers some practical advice for CISOs.

Risk Management

Nexus Podcast: Protecting the CISO During Incident Investigations

1