Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Automation. Show all posts
Technology
Automation Cybersecurity Infrastructure Innovation Integration Manufacturing Technology

Critical Infrastructure at Risk: Why OT-IT Integration is Key to Innovation and Cybersecurity

 

As cyberattacks grow more advanced, targeting the essential systems of modern life—from energy pipelines and manufacturing plants to airports and telecom networks—governments are increasing pressure on industries to fortify their digital and physical defenses.

A series of high-profile breaches, including the shutdown of Seattle’s port and airport and disruptions to emergency services in New York, have triggered calls for action. As early as 2020, agencies like the NSA and CISA urged critical infrastructure operators to tighten their cybersecurity frameworks.

Despite this, progress has been gradual. Many businesses remain hesitant due to perceived costs. However, experts argue that merging operational technology (OT)—which controls physical equipment—with information technology (IT)—which manages digital systems—offers both protection and growth potential.

This fusion not only enhances reliability and minimizes service interruptions, but also creates opportunities for innovation and revenue generation, as highlighted by experts in a recent conversation with CIO Upside.

“By integrating (Internet-of-Things) and OT systems, you gain visibility into processes that were previously opaque,” Sonu Shankar, chief product officer at Phosphorus, told CIO Upside. Well-managed systems are a “launchpad for innovation,” said Shankar, allowing enterprises to make use of raw operational data.

“This doesn’t just facilitate operational efficiencies — it would potentially generate new revenue streams born from integrated visibility,” Shankar added.

Understanding OT and Its Role

Operational technology refers to any hardware or system essential to a business’s core services—such as factory machinery, production lines, logistics hubs, and even connected office devices like smart printers.

Upgrading these legacy systems might seem overwhelming, particularly for industries reliant on outdated hardware. But OT-IT convergence doesn’t have to be expensive. In fact, several affordable and scalable solutions already exist.

Technologies such as network segmentation, zero trust architecture, and cloud-based OT-IT platforms provide robust protection and visibility:

Network segmentation breaks a primary network into smaller, isolated units—making it harder for unauthorized users to access critical systems.

Zero trust security continuously verifies users and devices, reducing the risks posed by human error or misconfigurations.

Cloud platforms offer centralized insights, historical logs, automated system upkeep, and AI-powered threat detection—making it easier to anticipate and prevent cyber threats.

Fused OT-IT environments lay the groundwork for faster product development and better service delivery, said James McQuiggan, security awareness advocate at KnowBe4.

“When OT and IT systems can communicate effectively and securely across multiple platforms and teams, the development cycle is more efficient and potentially brings products or services to market faster,” he said. “For CIOs, they are no longer just supporting the business, but shaping what it will become.”

As digital threats escalate and customer expectations rise, the integration of OT and IT is no longer optional—it’s a strategic imperative for security, resilience, and long-term growth
Read more »
Vulnerabilities
Automation Backup Cyber Security Exploits Infrastructure Vulnerabilities

CISA Highlights Major Vulnerabilities in Critical Infrastructure Systems

 

The Cybersecurity and Infrastructure Security Agency (CISA) has released two significant advisories focused on Industrial Control Systems (ICS), urging swift action from organizations operating within vital infrastructure sectors. These advisories—ICSA-25-091-01 and ICSA-24-331-04—highlight newly discovered vulnerabilities that could pose severe threats if left unaddressed.

ICSA-25-091-01 focuses on a critical vulnerability affecting Rockwell Automation's Lifecycle Services, which integrate with Veeam Backup and Replication. This issue stems from improper deserialization of untrusted data (CWE-502)—a known risk that allows remote attackers to execute malicious code. The flaw has received a CVSS v4 score of 9.4, indicating a high-severity, low-complexity threat that is remotely exploitable.

Impacted products include:

  • Industrial Data Center (IDC) with Veeam (Generations 1-5)
  • VersaVirtual Appliance (VVA) with Veeam (Series A-C)
If exploited, the vulnerability could give attackers with admin rights full access to execute arbitrary code, potentially leading to complete system takeover.

"CISA urges organizations to take immediate defensive measures to mitigate the risk, including:
• Minimizing network exposure for all control systems and ensuring they are not directly accessible from the internet.
• Using secure access methods like Virtual Private Networks (VPNs) when remote access is necessary.
• Keeping VPNs up to date to prevent vulnerabilities from being exploited."

Rockwell Automation is collaborating with CISA to inform affected clients—especially those under Infrastructure Managed Service contracts—about available patches and remediation steps.

ICSA-24-331-04 draws attention to multiple security flaws in Hitachi Energy’s MicroSCADA Pro/X SYS600, a system widely used in energy and manufacturing sectors. These vulnerabilities include improper query logic handling, session hijacking via authentication bypass, and path traversal risks.

The most critical issue, CVE-2024-4872, carries a CVSS v3 score of 9.9, making it one of the most severe. It enables attackers with valid credentials to inject harmful code into the system, risking unauthorized access and corruption of persistent data.

Other issues include:
  • CVE-2024-3980: Lack of proper file path limitations
  • Exposure to further system compromise if not promptly patched
"Hitachi Energy has released patches for the affected versions, including a critical update to Version 10.6 for MicroSCADA Pro/X SYS600. Users are also advised to apply necessary workarounds and stay updated with security patches to protect against exploitation."

CISA strongly advises organizations using these systems to implement all recommended mitigations without delay to minimize potential risks.
Read more »
Data Analytics
Automation cyber resilience Cyber Security Cyber Security Tool cybersecurity best practices Cybersecurity Experts Data Analytics

Integrating Human Expertise and Technology for Robust Cybersecurity

 

In today’s complex digital landscape, the role of human expertise in cybersecurity remains indispensable. Two pivotal approaches — human-led security testing and human-centric cybersecurity (HCC) — have gained prominence, each contributing distinct strengths. However, these strategies often function in silos, creating fragmented defenses. To achieve comprehensive cyber resilience, organizations must integrate these methods with advanced technologies like automation and data analytics.

Human-led security testing leverages the intuition and expertise of cybersecurity professionals. Ethical hackers and penetration testers bring invaluable insights, uncovering vulnerabilities that automated tools may overlook. Their ability to simulate real-world attack scenarios allows organizations to anticipate and neutralize sophisticated cyber threats dynamically. This approach ensures tailored defenses capable of adapting to specific challenges.

On the other hand, human-centric cybersecurity (HCC) focuses on empowering end users by designing security measures that align with their behaviours and limitations. Traditional tools often burden users with complexity, leading to risky workarounds. HCC addresses this by creating intuitive, accessible solutions that seamlessly integrate into daily workflows. When users perceive these measures as helpful rather than obstructive, compliance improves, enhancing overall security frameworks.

Technology acts as a vital bridge between these human-driven approaches. Automation and data analytics provide scalability and efficiency, handling repetitive tasks and processing vast data volumes. Real-time threat intelligence and continuous monitoring enable organizations to identify and respond to emerging risks quickly. This technological backbone allows human experts to focus on addressing complex, strategic challenges.

Integrating these elements fosters a proactive security culture where people, not just systems, are central to defense strategies. Educating employees, conducting regular threat simulations, and promoting secure behaviors through incentives help build shared responsibility for cybersecurity. Research forecasts that by 2027, half of large enterprises will adopt HCC strategies, prioritizing security behavior and culture programs (SBCPs). These initiatives utilize simulations, automation, and analytics to encourage informed decision-making and enhance incident reporting.

A holistic cybersecurity approach blends human intuition, user-friendly processes, and technology-driven efficiency. Human-led testing uncovers evolving threats, while HCC empowers employees to respond confidently to risks. Automation and analytics amplify these efforts, providing actionable insights and driving continuous improvements. Together, these elements create a robust, forward-thinking cybersecurity environment capable of meeting the challenges of an ever-evolving digital world.

Read more »
System Vulnerability
Automation Jenkins malware Ransomware System Vulnerability

Critical Jenkins RCE Vulnerability: A New Target for Ransomware Attacks


Recently, the CISA (Cybersecurity and Infrastructure Security Agency) warned about a critical remote code execution (RCE) vulnerability in Jenkins, a widely used open-source automation server. This vulnerability, CVE-2024-23897, has been actively exploited in ransomware attacks, posing a significant risk to organizations relying on Jenkins for their continuous integration and continuous delivery (CI/CD) processes.

Understanding the Vulnerability

The Jenkins RCE vulnerability stems from a flaw in the args4j command parser, a library used by Jenkins to parse command-line arguments. This flaw allows attackers to execute arbitrary code on the Jenkins server by sending specially crafted requests. The vulnerability can also be exploited to read arbitrary files on the server, potentially exposing sensitive information.

The args4j library is integral to Jenkins’ functionality, making this vulnerability particularly concerning. Attackers exploiting this flaw can gain full control over the Jenkins server, enabling them to deploy ransomware, steal data, or disrupt CI/CD pipelines. Given Jenkins’ widespread use in automating software development processes, the impact of such an exploit can be far-reaching.

The Impact of Exploitation

The exploitation of the Jenkins RCE vulnerability has already been observed in several ransomware attacks. Ransomware, a type of malware that encrypts a victim’s data and demands payment for its release, has become a prevalent threat in recent years. By exploiting the Jenkins vulnerability, attackers can access critical infrastructure, encrypt valuable data, and demand ransom payments from affected organizations.

The consequences of a successful ransomware attack can be devastating. Organizations may face significant financial losses, operational disruptions, and reputational damage. In some cases, the recovery process can be lengthy and costly, further exacerbating the impact of the attack. As such, it is crucial for organizations using Jenkins to take immediate action to mitigate the risk posed by this vulnerability.

What to do?

  • Ensure that Jenkins and all installed plugins are updated to the latest versions. The Jenkins community regularly releases security updates that address known vulnerabilities. Keeping the software up-to-date is a critical step in protecting against exploitation.
  • Apply any available security patches for the args4j library and other components used by Jenkins. These patches are designed to fix vulnerabilities and should be applied as soon as they are released.
  • Limit network access to Jenkins servers to only trusted IP addresses. By restricting access, organizations can reduce the attack surface and prevent unauthorized users from exploiting the vulnerability.
  • Use strong authentication mechanisms, such as multi-factor authentication (MFA), to secure access to Jenkins servers. MFA adds an additional layer of security, making it more difficult for attackers to gain unauthorized access.
  • Regularly monitor Jenkins logs and network traffic for signs of suspicious activity. Early detection of potential exploitation attempts can help organizations respond quickly and mitigate the impact of an attack.
  • Ensure that critical data is regularly backed up and stored securely. In the event of a ransomware attack, having reliable backups can facilitate data recovery without paying the ransom.

Read more »
Vulnerability management
AI Automation Cyber Threats Technology Vulnerability management

AI and Vulnerability Management: Industry Leaders Show Positive Signs

AI and Vulnerability Management: Industry Leaders Show Positive Signs

Positive trend: AI and vulnerability management

We are in a fast-paced industry, and with the rise of technological developments each day, the chances of cyber attacks always arise. Hence, defense against such attacks and cybersecurity becomes paramount. 

The latest research into the cybersecurity industry by Seemplicity revealed that 91% of participants claim their security budget is increasing this year. It shows us the growing importance of cybersecurity in organizations.

Understanding report: An insight into industry leaders' mindset

A survey of 300 US cybersecurity experts to understand views about breathing topics like automation, AI, regulatory compliance, vulnerability and exposure management. Organizations reported employing 38 cybersecurity vendors, highlighting sophisticated complexity and fragmentation levels within the attack surfaces. 

The fragmentation results in 51% of respondents feeling high levels of noise from the tools, feeling overwhelmed due to the traffic of notifications, alerts, and findings, most of which are not signaled anywhere. 

As a result, 85% of respondents need help with handling this noise. The most troubling challenge reported being slow or delayed risk reduction, highlighting the seriousness of the problem, because of the inundating noise slowing down effective vulnerability identification and therefore caused a delay in response to threats. 

Automation and vulnerability management on the rise

97% of respondents cited methods (at least one) to control noise, showing acceptance of the problem and urgency to resolve it. 97% showed some signs of automation, hinting at a growth toward recognizing the perks of automation in vulnerability and exposure management. The growing trend towards automation tells us one thing, there is a positive adoption response. 

However, 44% of respondents still rely on manual methods, a sign that there still exists a gap to full automation.

But the message is loud and clear, automation has helped in vulnerability and exposure management efficiency, as 89% of leaders report benefits, the top being a quicker response to emergency threats. 

AI: A weapon against cyber threats

The existing opinion (64%) that AI will be a key force against fighting cyber threats is a positive sign showing its potential to build robust cybersecurity infrastructure. However, there is also a major concern (68%) about the effects of integrating AI into software development on vulnerability and exposure management. AI will increase the pace of code development, and the security teams will find it difficult to catch up. 

Read more »
Technology
AI Automation Cyber Threats Security survey Technology

AI's Rapid Code Development Outpaces Security Efforts

 


As artificial intelligence (AI) advances, it accelerates code development at a pace that cybersecurity teams struggle to match. A recent survey by Seemplicity, which included 300 US cybersecurity professionals, highlights this growing concern. The survey delves into key topics like vulnerability management, automation, and regulatory compliance, revealing a complex array of challenges and opportunities.

Fragmentation in Security Environments

Organisations now rely on an average of 38 different security product vendors, leading to significant complexity and fragmentation in their security frameworks. This fragmentation is a double-edged sword. While it broadens the arsenal against cyber threats, it also results in an overwhelming amount of noise from security tools. 51% of respondents report being inundated with alerts and notifications, many of which are false positives or non-critical issues. This noise significantly hampers effective vulnerability identification and prioritisation, causing delays in addressing real threats. Consequently, 85% of cybersecurity professionals find managing this noise to be a substantial challenge, with the primary issue being slow risk reduction.

The Rise of Automation in Cybersecurity

In the face of overwhelming security alerts, automation is emerging as a crucial tool for managing cybersecurity vulnerabilities. According to a survey by Seemplicity, 95% of organizations have implemented at least one automated method to manage the deluge of alerts. Automation is primarily used in three key areas:

1. Vulnerability Scanning: 65% of participants have adopted automation to enhance the precision and speed of identifying vulnerabilities, significantly streamlining this process.

2. Vulnerability Prioritization: 53% utilise automation to rank vulnerabilities based on their severity, ensuring that the most critical issues are addressed first.

3. Remediation: 41% of respondents automate the assignment of remediation tasks and the execution of fixes, making these processes more efficient.

Despite these advancements, 44% still rely on manual methods to some extent, highlighting obstacles to complete automation. Nevertheless, 89% of cybersecurity leaders acknowledge that automation has increased efficiency, particularly in accelerating threat response.

AI's Growing Role in Cybersecurity

The survey highlights a robust confidence in AI's ability to transform cybersecurity practices. An impressive 85% of organizations intend to increase their AI spending over the next five years. Survey participants expect AI to greatly enhance early stages of managing vulnerabilities in the following ways:

1. Vulnerability Assessment: It is argued by 38% of the demographic that AI will  boost the precision and effectiveness of spotting vulnerabilities.

2. Vulnerability Prioritisation: 30% view AI as crucial for accurately ranking vulnerabilities based on their severity and urgency.

Additionally, 64% of respondents see AI as a strong asset in combating cyber threats, indicating a high level of optimism about its potential. However, 68% are concerned that incorporating AI into software development will accelerate code production at a pace that outstrips security teams' ability to manage, creating new challenges in vulnerability management.


Views on New SEC Incident Reporting Requirements

The survey also sheds light on perspectives regarding the new SEC incident reporting requirements. Over half of the respondents see these regulations as opportunities to enhance vulnerability management, particularly in improving logging, reporting, and overall security hygiene. Surprisingly, fewer than a quarter of respondents view these requirements as adding bureaucratic burdens.

Trend Towards Continuous Threat Exposure Management (CTEM)

A trend from the survey is the likely adoption of Continuous Threat Exposure Management (CTEM) programs by 90% of respondents. Unlike traditional periodic assessments, CTEM provides continuous monitoring and proactive risk management, helping organizations stay ahead of threats by constantly assessing their IT infrastructure for vulnerabilities.

The Seemplicity survey highlights both the challenges and potential solutions in the evolving field of cybersecurity. As AI accelerates code development, integrating automation and continuous monitoring will be essential to managing the increasing complexity and noise in security environments. Organizations are increasingly recognizing the need for more intelligent and efficient methods to stay ahead of cyber threats, signaling a shift towards more proactive and comprehensive cybersecurity strategies.

Read more »
Threat Intelligence
Accountability Automation collaboration Cyber Security Cybersecurity executives Microsoft organizational changes Secure Future Initiative security governance Threat Intelligence

Microsoft to Enforce Executive Accountability for Cybersecurity

 

Microsoft is undergoing organizational adjustments to enhance cybersecurity measures throughout its products and services, focusing on holding senior leadership directly responsible. Charlie Bell, Microsoft's executive vice president of security, outlined these changes in a recent blog post aimed at reassuring customers and the US government of the company's dedication to bolstering cybersecurity amidst evolving threats.

One key aspect of this initiative involves tying a portion of the compensation for the company's Senior Leadership Team to the progress made in fulfilling security plans and milestones. Additionally, Microsoft is implementing significant changes to elevate security governance, including organizational restructuring, enhanced oversight, controls, and reporting mechanisms.

These measures encompass appointing a deputy Chief Information Security Officer (CISO) to each product team, ensuring direct reporting of the company's threat intelligence team to the enterprise CISO, and fostering collaboration among engineering teams across Microsoft Azure, Windows, Microsoft 365, and security groups to prioritize security.

Bell's announcement follows a recent assessment by the US Department of Homeland Security's Cyber Safety Review Board (CSRB), highlighting the need for strategic and cultural improvements in Microsoft's cybersecurity practices. The CSRB identified areas where Microsoft could have prevented a notable cyber incident involving a breach of its Exchange Online environment by the Chinese cyber-espionage group Storm-0558, which compromised user emails from various organizations, including government agencies.

Microsoft previously launched the Secure Future Initiative (SFI) to address emerging threats, incorporating measures such as automation, artificial intelligence (AI), and enhanced threat modelling throughout the development lifecycle of its products. The initiative also aims to integrate more secure default settings across Microsoft's product portfolio and strengthen identity protection while enhancing cloud vulnerability response and mitigation times.

Bell's update provided further details on Microsoft's approach, emphasizing six key pillars: protecting identities and secrets, safeguarding cloud tenants and production systems, securing networks, fortifying engineering systems, monitoring and detecting threats, and expediting response and remediation efforts.

To achieve these goals, Microsoft plans to implement various measures, such as automatic rotation of signing and platform keys, continuous enforcement of least privileged access, and network isolation and segmentation. Efforts will also focus on inventory management of software assets and implementing zero-trust access to source code and infrastructure.

While the full impact of these changes may take time to materialize, Microsoft remains a prominent target for cyberattacks. Despite ongoing challenges, industry experts like Tom Corn, chief product officer at Ontinue, acknowledge the ambitious scope of Microsoft's Secure Future Initiative and its potential to streamline operationalization for broader benefit.
Read more »
Technology
Artifcial Intelligence Automation Cybersecurity Ransomware SOCs Technology

Cybersecurity Teams Tackle AI, Automation, and Cybercrime-as-a-Service Challenges

 




In the digital society, defenders are grappling with the transformative impact of artificial intelligence (AI), automation, and the rise of Cybercrime-as-a-Service. Recent research commissioned by Darktrace reveals that 89% of global IT security teams believe AI-augmented cyber threats will significantly impact their organisations within the next two years, yet 60% feel unprepared to defend against these evolving attacks.

One notable effect of AI in cybersecurity is its influence on phishing attempts. Darktrace's observations show a 135% increase in 'novel social engineering attacks' in early 2023, coinciding with the widespread adoption of ChatGPT2. These attacks, with linguistic deviations from typical phishing emails, indicate that generative AI is enabling threat actors to craft sophisticated and targeted attacks at an unprecedented speed and scale.

Moreover, the situation is further complicated by the rise of Cybercrime-as-a-Service. Darktrace's 2023 End of Year Threat Report highlights the dominance of cybercrime-as-a-service, with tools like malware-as-a-Service and ransomware-as-a-service making up the majority of harrowing tools used by attackers. This as-a-Service ecosystem provides attackers with pre-made malware, phishing email templates, payment processing systems, and even helplines, reducing the technical knowledge required to execute attacks.

As cyber threats become more automated and AI-augmented, the World Economic Forum's Global Cybersecurity Outlook 2024 warns that organisations maintaining minimum viable cyber resilience have decreased by 30% compared to 2023. Small and medium-sized companies, in particular, show a significant decline in cyber resilience. The need for proactive cyber readiness becomes pivotal in the face of an increasingly automated and AI-driven threat environment.

Traditionally, organisations relied on reactive measures, waiting for incidents to happen and using known attack data for threat detection and response. However, this approach is no longer sufficient. The shift to proactive cyber readiness involves identifying vulnerabilities, addressing security policy gaps, breaking down silos for comprehensive threat investigation, and leveraging AI to augment human analysts.

AI plays a crucial role in breaking down silos within Security Operations Centers (SOCs) by providing a proactive approach to scale up defenders. By correlating information from various systems, datasets, and tools, AI can offer real-time behavioural insights that human analysts alone cannot achieve. Darktrace's experience in applying AI to cybersecurity over the past decade emphasises the importance of a balanced mix of people, processes, and technology for effective cyber defence.

A successful human-AI partnership can alleviate the burden on security teams by automating time-intensive and error-prone tasks, allowing human analysts to focus on higher-value activities. This collaboration not only enhances incident response and continuous monitoring but also reduces burnout, supports data-driven decision-making, and addresses the skills shortage in cybersecurity.

As AI continues to advance, defenders must stay ahead, embracing a proactive approach to cyber resilience. Prioritising cybersecurity will not only protect institutions but also foster innovation and progress as AI development continues. The key takeaway is clear: the escalation in threats demands a collaborative effort between human expertise and AI capabilities to navigate the complex challenges posed by AI, automation, and Cybercrime-as-a-Service.

Read more »
Subscribe to: Posts (Atom)