Security Breach – Details, episodes & analysis

Send us a text

While I’ll resist drawing comparisons about industrial cybersecurity to butterflies and bees, producing this episode did remind me of another great Muhammad Ali quote: "The hands can't hit what the eyes can't see.”

This could provide an easy segue into the ongoing challenges about asset visibility, but really, it goes a bit deeper than that. In addition to being able to see all the things we need to defend against, we also have to understand what to look for in establishing those defenses. 

In this episode, we discuss  these challenges and solutions with Bryson Bort, the founder and CEO of SCYTHE, a leading provider of Adversarial Exposure Validation (AEV) solutions. Watch/listen as we also discuss:

• The increasing impact of hacktivists.
• The rise of ransomware gangs.
• What AEV is all about.
• Why there is no such thing as an accidental hack.
• The human impact on cybersecurity and why it is rarely the human's fault.
• How his former military life has impacted his cybersecurity career.
• Why supply chains could be the most important threat landscape going forward.

To check out the work he and his colleagues are up to, you can go to scythe.io, as well as icsvillage.com.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

Uptime. 

It’s the lifeblood of manufacturing and the precise target of industrial sector hackers. By knocking systems offline, stealing credentials, holding data for ransom, or crippling supply chains, the bad guys know their ultimate goals of disruption or extortion will be realized.

And as we’ve discussed numerous times here on Security Breach, keeping these bad actors out has become more and more difficult as new technology, connectivity and endpoints are added to the OT landscape.

Hackers are getting smarter and more complex, but the good news is so are the tools and strategies for the good guys. Here to offer some perspective on dealing with the leading threats targeting the people, systems and data of the industrial sector is a collection of experts focused on minimizing disruptions and preparing you to react and respond to cyberattacks.

Watch/listen as:

• Max Clausen, senior VP of Network Connectivity at Zayo dives into the factors and strategies driving DDoS or distributed denial of service attacks.
• John Carse, Field CISO at SquareX discusses the ongoing impact of developing and legacy vulnerabilities, as well as some of the novel strategies hackers are using to introduce new strands of highly disruptive malware.
• Amit Hammer, CEO of Salvador Tech talks about lessons learned from the recent Jaguar Land Rover attack and how response strategies will continue to play a key role in minimizing attack-related downtime.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

I’m always tempted to start out each episode by talking about a problem, and then setting up our guest as the solution to that problem. It’s formulaic and a bit redundant, but it’s also effective. So I’ll apologize in advance because I’m about to do that very thing again. 

The difference is that Howard Grimes, the CEO of the Cybersecurity Manufacturing Innovation Institute (CyManII) is looking to help provide a lot of solutions for manufacturers. As we discuss workforce challenges, secure-by-design, an evolving threat landscape and the ongoing struggles with legacy OT infrastructure, I’ll challenge you to find something that the Institute couldn’t help you and your organization jumpstart, solve or streamline.

Watch/listen as we discuss:

• The most significant vulnerabilities still impacting manufacturing.
• Why the industrial sector struggles to find OT cybersecurity specialists, and strategies that are helping to fill this gap.
• The growing prominence of secure-by-design and how the responsibilities for these strategies are shifting.
• The areas where legacy OT technology are hampering cybersecurity efforts the most.
• Why the "Ostrich Approach" can no longer be tolerated.
• The new focal points of attackers and how these are shifting based on hacker resources.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

One of the biggest challenges surrounding industrial cybersecurity is the size of the attack surface that must be monitored, assessed, and constantly updated in order to evolve with the rising number of complex threat actors. Throw in a growing number of connection points, APIs and new and legacy network component combinations, and the complexity only grows.

This makes improving visibility within the OT system not only vitally important, but a seemingly enormous concern.  Dragos recently reported that up to 80 percent of OT security personnel lack complete OT system visibility.

Our guest for this episode, Moty Kanias, VP of Cyber Strategy and Alliances at NanoLock Security, has seen firsthand the type of catastrophic results this lack of visibility and OT-specific security expertise can create.

We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

The industrial sector continues to be a hot target for hackers. Ransomware, malware and phishing attacks all continue to escalate in both frequency and potency. The on-going mixture of new technologies with legacy systems invites attention, and the reality is that it continues to pay dividends for hackers and ransomware groups.

However, there are solutions. One of which is to work with good guys who can think like the bad guys. It's an approach this episode's guest,  Andra Zaharia, Head of Content & Community at Pentest-Tools.com, has used to help some of the largest manufacturers in the world.

We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

Perhaps the only topic that solicits a uniform response is when my guests are asked about the most important part of a cybersecurity plan. The common mantra is that there has to be buy-in throughout the organization for any plan to be successful, and it starts at the top.

Obtaining C-level support is obviously vital when it comes to loosening the corporate purse strings for software, penetration testing and training resources. But beyond that, corporate leadership can set the overall tone for a company’s attitude towards cybersecurity and the threat it presents throughout the organization, not just for IT or OT personnel.

This comes as no surprise to this week's guest. Frank Riccardi is he author of Mobilizing the C-Suite – Waging War Against Cyberattacks.

We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

As we continue to see an increase in attacks targeting the ICS, it’s about more than just the industrial sector creating cyber defense plans, cataloging connection points and shoring up vulnerabilities. The reality is that it’s going to take a communal effort to keep manufacturing – the largest single contributor to our country’s GDP – safe and secure.

As we’ve learned from a legacy of attacks spanning the last decade, the tactics used and organizations behind them continue to evolve, and we’ll need some help in order to prevent and respond to attacks that impact the livelihoods of thousands up and down stream of the initial intrusion. 

We welcome Kimberly Cornwell, an applications engineer at Siemens to discuss how the industrial community is working to meet new and evolving industrial cybersecurity challenges.

We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

The latest high-profile hack of Dole Foods reinforces the need to upgrade operational technology security, and not just for the manufacturer. The distributors, logistics providers, retailers and end-users that rely so heavily on the role manufacturing plays are beginning to understand how critical and far-reaching the effects of a production-ceasing hack can be.

And so do the bad guys.

According to a survey from Nozomi Networks, 63 percent of respondents classify current cybersecurity threats targeting industrial control systems as high, severe or critical. This would support findings from Fortinet that 93 percent of manufacturers responded to at least one OT intrusion between 2021-2022, and 78 percent dealt with more than three such incidents. Additionally, the firm found that 61 percent of intrusions targeted OT assets.

On this episode we're joined by Carlos-Raul Sanchez, Director of Operational Technology at Fortinet, a leading provider of OT Cybersecurity solutions to discuss these challenges.

We’re excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

Joining the ranks of high-profile ransomware attacks at Nissan, Colonial Pipeline, JBS Foods, Schneider Electric and even Foxconn, is Dole Foods.

The global food processor was the victim of a ransomware attack in early February that led to shutting down production systems throughout North America, and halted shipments to numerous retailers and distributors.

As if this wasn’t enough to help illustrate the continuing rise in ransomware attacks on the manufacturing sector, Dragos recently reported that such attacks surged 87 percent in 2022.

Joining us to discuss the Dole Foods attack, and lessons learned from it, is Travis Wong, VP of Risk Engineering and Client Services at Resilience Insurance, a leading provider of cyber risk management solutions.

We're also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Send us a text

While the growth of ransomware, phishing schemes and other nefarious cyber activities are obviously not positive developments for the industrial sector, the resulting exposure and fallout from high profile events like Colonial Pipeline, JBS and, most recently, Dole Foods, have mandated a need for more data on attack surfaces, hacker tactics and the bad actors themselves.

In this episode, we'll be taking a closer look at all of these topics via findings from IBM Security’s most recent Threat Intelligence Index as we sit down with John Dwyer, Head of Research for IBM Security’s X-Force.

We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com.

For more information on the work IBM Security X Force is doing, you can go to www.ibm.com/security.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, reach out at jeff@ien.com.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.