One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2948338 |
| Date de publication | 2021-06-18 10:00:00 (vue: 2021-06-18 14:05:37) |
| Titre | Risk-based security now more important than ever for Energy and Utilities! |
| Texte | This is the third of three blogs in a series to help the energy and utility industries. You can read the first blog on Ransomware and Energy and Utilities and the second blog on Threat Intelligence and Energy and Utilities as well. Convergence of IT/OT is now a reality: Whether intentional or accidental, IT and operational technology (OT) are converging to support business outcomes of reducing costs and taking advantage of efficiencies. IT assets are being used in OT environments and with the transformation of Industry 4.0 for utilizing IoT. Given the convergence and increased attack surface, NSA has issued guidance around stopping malicious cyber activity against OT. CSA_STOP-MCA-AGAINST-OT_UOO13672321.PDF (defense.gov) Security First mindset There is a need for a mindset shift in protecting OT assets given the ineffective traditional approaches and priorities regarding how IT assets are protected. Legacy infrastructure has been in place for decades and is now being combined as part of the convergence of IT and OT. This can be challenging for organizations that previously used separate security tools for each environment and now require holistic asset visibility to prevent blind spots. Today's cybercriminals can attack from all sides, and attacks are laterally creeping across IT to OT and vice versa. Beyond technology, focus on risk and resilience It can be all too easy to deploy security technology and think you've mitigated risk to your business. Still, sadly technology investment is no guarantee of protection against the latest threats. It is critical to take a risk-based approach to security. This means that to decrease enterprise risk, leaders must identify and focus on specific elements of cyber risk to target. More specifically, the many components of cyber risk must be understood and prioritized for enterprise cybersecurity efforts. Organizations are increasingly aiming to shift from cybersecurity to cyber resilience. This means they must understand the threats they face, measure the potential financial impact of cyber exposures, compare this against the company's risk appetite level, and proactively manage cyber risks by having clear action plans based on their capabilities and capacities to protect against cybercrime. Focus on a risk-based approach The risk-based approach does two critical things at once. First, it designates risk reduction as the primary goal. This enables the organization to prioritize investment, including in implementation-related problem solving based squarely on a cyber program's effectiveness at reducing risk. Second, the program distills top management's risk-reduction targets into specific, pragmatic implementation programs with precise alignment from senior executives to the front line. Following the risk-based approach, a company will no longer "build the control everywhere"; rather, the focus will be on building the appropriate controls for the worst vulnerabilities to defeat the most significant threats that target the business' most critical areas. The risk-based approach to cybersecurity is thus ultimately interactive and a dynamic tool to support strategic decision-making. Focused on business value, utilizing a common language among the interested parties, and directly linking enterprise risks to controls, the approach helps translate executive decisions about risk reduction into control implemen |
| Envoyé | Oui |
| Condensat | focused the risk about access accidental across action activity adjust advantage adversary against aiming alignment all among any appetite approach approaches appropriate are areas around asset assets attack attacks balance based been being best beyond blind blog blogs build building business business' but can capabilities capacities challenging changes clear combined common company company's compare components control controls convergence converging cost costs creeping critical csa cyber cybercrime cybercriminals cybersecurity cybersecurity is decades decision decisions decrease defeat defense deploy designates dictates directly distills does drive dynamic each easy effectiveness efficiencies efforts elements enables energy enhanced enterprise environment environments ever everywhere evolving executive executives exposures external face financial first flexibility focus following from front fundamentally given goal gov guarantee guidance has having help helps holistic how identify impact implementation important including increased increasingly industries industry ineffective infrastructure inside intelligence intentional interactive interested investment iot issued it/ot its language laterally latest leaders legacy level line linking long longer making malicious manage management's many mca means measure mindset mitigated more most must need needed now nsa once operational optimize organization organizations out outcomes outside part parties pdf perfect perspective place plans potential power pragmatic precise prevent previously primary priorities prioritize prioritized proactively problem program program's programs protect protected protecting protection provide ransomware rather read reality: recognizes reducing reduction regarding regulations related require resilience risk risks sadly scalability second security senior separate series shift sides significant solutions solving specific specifically spend spots squarely stop stopping strategic strategically strategy support surface take taking target targets technology term than things think third those threat threats three thus today's too tool tools top traditional transformation translate two ultimately understand understood uoo13672321 usability used utilities utility utilizing value versa vice visibility vulnerabilities well where whether will worst you've your |
| Tags | Ransomware Tool Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.