While there are plenty of unknowns when it comes to protecting the OT attack surface, there are some things that are undeniably true.

We know that the frequency of attacks will continue to increase.

We know that it’s not if your ICS will be probed, but when.

And we also know that asset and connection visibility is an ongoing challenge due to the implementation of more automated technology.

Finally, we also know that one of the most important aspects of any cybersecurity plan is the portion that lays out the response.

One of the most effective ways to address these concerns can be the use of attack simulations. In this episode we tap in to the expertise of Tom Marsland, VP of Technology for Cloud Range, a leading provider of live-fire cybersecurity exercises and training. Watch/listen as we discuss:

• All the little things that are continuing to pose challenges to industrial cybersecurity.
• Why state-sponsored hacker groups in China are getting more of his attention lately.
• Why successful incident response is about the people, not the tools.
• The importance of "training like you fight."
• His role with VetSec, and the role it can play in filling cybersecurity talent gaps.
• How to bring IT and OT together and why the onus on strengthening these bonds might fall more on IT.
• Why the culture of security needs to permeate throughout the entire organization.
• How AI can help make the most of your people.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

Maybe you’re sick of hearing about phishing schemes and the way hackers are using this strategy to infiltrate your networks, access intellectual data, shut down production, or hold your assets for ransom. If that’s the case, then you’ve made a lot of hackers very happy.

And based on Proofpoint’s 2024 State of Phish report, protecting against phishing schemes is simply not being reinforced or given the proper priority. For example,

• 71% of surveyed users admitted to taking a risky action, and 96% knew they were doing something risky when interacting with email or text messages.
• 85% of security professionals said that most employees know they are responsible for security, but 59% of employees weren’t sure or claimed that they’re not responsible.
• Furthermore, 24% admitted to responding to emails or text messages from someone they don’t know, and 19% clicked on links in emails from people they don’t know.
• Finally, 73% of surveyed companies reported a business email compromise, but only 29% are actively teaching users about BEC attacks.

To address these and other phishing attack dynamics, I sat down with Craig Taylor, co-founder of Cyberhoot, a leading provider of phishing prevention solutions. Watch/listen as we discuss:

• How hackers are going after session tokens to steal valuable credential data.
• Why phishing prevention training spends too much time on avoiding the click instead of positive reinforcement of proper actions.
• The need for worker training to go beyond any impact to the company, to the individual cyber risks as well.
• How adding "friction" to email could be a solution.
• The bad password advice that many high-level organizations continue to distribute.

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

So, my daughters like to give me a hard time about growing old.

Said another way, I’m a legacy asset - just like most of the devices many of you observe, manage and secure every day. Your machines are still in place because they work. While the technology around these assets has evolved, their core functionality and value to the production process has remained constant.

But as sensors, network connections and access parameters have been upgraded to improve output, these highly prized pieces of equipment are showing their age from a cybersecurity perspective. The challenges they present are reinforced with findings from Fortinet’s 2024 State of Operational Technology and Cybersecurity Report.

A couple of key takeaways include findings that show nearly one-third of respondents experiencing six or more intrusions in the last year. Additionally, fewer respondents claimed 100 percent OT system visibility – with that number decreasing from 10 to five percent. On the bright side, we’re getting better in some areas, with 20 percent of organizations establishing visibility and implementing segmentation, up from only 13 percent the previous year.

Joining us to discuss these and other trends is Jon Taylor, Director and Principal of Security with Versa Networks, a leading provider of digital transformation and edge security solutions. Watch/listen as he discusses:

• Why the Purdue model might re outdated and preventing many from using new strategies like SASE.
• Why he believes visibility is security - "you have to see it do defend it," and how AI could be the solution.
• The need for OT to look at vulnerabilities from a network or architecture perspective, not by device or connection point.
• How air gapping help feed the division between IT and OT.
• The weaponizing of OT networks stems from the lack of an adaptive network strategy fed by archaic infrastructure.
• Instead of Security by Design, we need to implement Patching by Design.
• Why the industrial sector needs to be more vocal about the need for embedded security and embedded micro-segmentation.
• How state-sponsored hackers are helping elevate the industrial sector's response and prioritization of cybersecurity.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can a

As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.