BLOG

September 9, 2021

Proactive Approach to Incident Response. Part 4 – Practicing your Incident Response plan

The last three articles covered the topics of an efficient and effective Incident Response plan, the importance of cross-training your IT / OT teams and the necessity of creating a Security Baseline for your OT environment. Today we will cover the topic of Practicing your Incident Response plan Just having an Incident Response plan in place is not good enough. The IR plan should be drilled to check if it is viable under the circumstances of an attack.

Small Business Cyber Resilience Improvement Guide. Part V – Using passwords to protect your data.

07.09.2021

Part 5 – Using passwords to protect your data Passwords are an important step in keeping your and your customers’ information safe and when used correctly prevent unauthorised access. Here are five tips to remember when setting and using passwords: Remember to switch on password protection Use Two Factor Authentication for ‘sensitive’ accounts Don’t use passwords that can be guessed easily – apply Three Random Words Help staff cope with too many passwords to remember Change all default passwords Remember to switch on password protection Set any of the available authentication methods on your device – password, PIN, fingerprint, or face unlock).

Proactive Approach to Incident Response. Part 3 – Establishing OT Security Baseline

02.09.2021

In previous articles, we covered the importance of an IR plan and cross-training of your IT and OT teams. Today we will focus on Establishing OT Security Baseline Baseline is the minimum-security requirements needed for the OT environment to be sufficiently protected from threats and vulnerabilities and at the same time being able to work efficiently and effectively. A good place to start working on a baseline is to take stock of your OT assets – you can only protect something you know you have.

Small Business Cyber Resilience Improvement Guide. Part IV – Keeping your mobile devices safe.

31.08.2021

Part 4 – Keeping your mobile devices safe Here are five tips to help you keep your smartphones and tablets safe: Enable PIN or password protection Tracking, locking, and wiping of lost or stolen devices Keep your device up to date – and let your staff know it is important Keep your apps up to date Don’t connect to unknown Wi-Fi Hotspots Enable PIN or password protection Having your device locked with a PIN or password is one of the best ways to prevent uninvited access to the information you store on them.

Proactive Approach to Incident Response. Part 2 – Cross-train your teams

26.08.2021

In the previous article, we wrote about the importance of the Incident Response plan for organisations’ OT infrastructure and legal obligations. Proactive IT/OT Cybersecurity Incident Response (IR) should be made up of a balance of prevention, detection, and response. The IR plans and responders must be aware of the cyber-physical consequences of OT systems. The responders’ aim is to prevent an infection from spreading out and to guarantee the intruder’s efforts to take control of the system has been recognised and eliminated so the reliability of operations can be resumed with confidence.

Small Business Cyber Resilience Improvement Guide. Part III – Protecting your organisation from Malware

24.08.2021

Part 3 – Protecting your organisation from Malware Malware is an abbreviation from ‘malicious software’ and is used to describe any software or web content that can cause harm to your organisation. Here are six tips to help you protect yourself from the effects of malware: Install (and turn on) antivirus software Only download apps from a trustworthy source Keep all your IT equipment up to date (patching) Control the use of USB drives and memory cards Switch on your firewall Harden your infrastructure Install (and turn on) antivirus software You should use antivirus software on all computers and laptops.

Proactive Approach to Incident Response. Part 1 – Introduction

19.08.2021

OT infrastructure attacks Cyber-attacks on Operational Technology infrastructure are becoming more frequent and more sophisticated in recent years. Just to refresh our memory here is a very short list of the most well publicised attacks of the recent past: Colonial Pipeline, USA – May 2021 https://www.bbc.co.uk/news/technology-57063636 https://www.dragos.com/blog/industry-news/recommendations-following-the-colonial-pipeline-cyber-attack/ Natanz Nuclear Complex, Iran – April 2021 https://www.nytimes.com/2021/04/11/world/middleeast/iran-nuclear-natanz.html Power Grid, Ukraine – December 2016 https://www.bbc.co.uk/news/technology-38573074 Power Grid, Ukraine – December 2015 https://en.wikipedia.org/wiki/December_2015_Ukraine_power_grid_cyberattack

Small Business Cyber Resilience Improvement Guide. Part II – Backing up …

18.08.2021

Part 2 – Backing up your data Data is the backbone of any business – customer details, quotes, orders, payment details are only the most obvious kind of data that a business depends upon. And as you are aware there is so much more to the kind of information organisations create, store, and use which are vital for their day-to-day business. It is therefore crucial that businesses should take regular backups of their important data.

Small Business Cyber Resilience Improvement Guide. Part I – Introduction

12.08.2021

Introduction With the recent increase in ransomware attacks around the world the question shifts from “If we will get hacked” to “When will we get hacked”. It applies to all of us who use a computer, a mobile phone or one of the many electronic devices. The next question that really should follow is “What can I do to be prepared and mitigate – if not eliminate – the consequence of a ransomware attack?

Shodan improved – advanced reconnaissance with Shodan

27.06.2021

A proper reconnaissance lays the groundwork for further offensive action during security testing. The ability to search for information and to organise it in the right way could determine whether the later stages of the process will be easy, or even feasible at all. Detecting a larger number of hosts, or services operating therein, expands the attack surface, giving the task team more leeway; it also allows the security of the analysed organisation to be verified in a more detailed manner.