Similar Posts
Telehealth’s emergence and the keys to security in 2021
ByKayne
Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits.
Unfortunately, bad actors have shown a lack of morality in their pursuit of illegal profits and have continued to attack medical organizations. Ransomware attacks, for example, can cripple a hospital’s abilities to provide high-quality patient care by denying access to key computer systems, which would force medical professionals to have to treat patients based on memory and paper-based records.
The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.
ICS security challenges and how to overcome them
ByKayne
One of the biggest security challenges, however, might be IT/OT convergence — the merging of information technology with operational technology. IT teams are no strangers to infosec, but their OT counterparts working among industrial control systems (ICSes) have generally never worked in internet-connected networks. Yet, as the benefits of IoT and industrial IoT (IIoT) become apparent, more ICSes and OT environments are becoming connected — bringing multiple benefits but also creating multiple security threats. Compounding the risk is that IT teams don’t know how to handle threats in such environments, leaving many IT and OT teams unsure exactly where the security responsibility lies.
Here, Institute of Electrical and Electronics Engineers Inc. (IEEE) member Kayne McGladrey outlines the challenges of ICS security and explains how OT environments can counter such threats while still reaping the benefits of IoT.
FBI warns of ‘devastating’ cyber attacks on IoT networks
ByKayne
As Kayne McGladrey, the Director of Information Security Services at Integral Partners, the cyber security, access and identity management specialist company headquartered in Boulder, Colorado, says, “IoT security remains one of the most challenging security vulnerabilities to businesses and consumers. The Mirai and Reaper botnets are results of threat actors leveraging poor security controls on IoT devices, building attack infrastructure out of those devices, and using that stolen infrastructure to attack organinations. Companies and organisations purchasing IoT/IIoT devices should treat them the same as any other endpoint device connecting to the corporate network.”
Vigilance and Planning: Experts Share Their IT and Data Security Strategies
ByKayne
Kayne McGladrey (@kaynemcgladrey), security architect/strategy and GRC practice lead at Ascent Solutions, recommends following the Cybersecurity Maturity Model Certification 2.0, which was developed by the U.S. Department of Defense. It offers a framework that incorporates “Zero Trust tenets that will help companies maintain regulatory compliance and ensure that data are adequately protected against evolving threats from nation states and advanced persistent threats,” he says.
Thinkers360 Predictions Series – 2020 Predictions for IoT
ByKayne
The Internet of Things is a dumpster fire and upcoming regulatory controls aren’t going to put it out. Putting a sticker on a box with a username and random password and providing an updated privacy policy that consumers ignore isn’t adequate, although it is compliant. Manufacturers need to invest in user behavior analysis, require multi factor authentication, and to force patching of IoT devices. Otherwise, threat actors will continue to violate the privacy of people’s homes and nation states will built botnets as part of battlespace preparations.
Critical Infrastructure Requires Modernization
ByKayne
“The monetization and weaponization of digital threats was comparably new when the critical infrastructure components that manage our modern world were being designed for reliability a decade or two ago,” said IEEE Senior Member Kayne McGladrey. McGladrey says that it’s time consuming to patch security flaws in many of these older components, some of which were designed to run uninterrupted for decades.