It has always been clear, even before the Colonial Pipeline attack, that the energy sector is a prime target for not only criminal threat groups, but also nation-state actors. After all, halting fuel and energy supplies can quickly bring a region to a halt and thus require the highest level of cyber and physical security possible.

Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge. The need for the highest level of security has never been greater.

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts.

The Canadian, US, and UK governments issued a series of recommendations in their just-released security alert Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity, which mirror my own insights on the important topic. The alert notes that all three governments are aware of pro-Russia hacktivists targeting and compromising small-scale OT systems in North American and European Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture sectors.

Using open-source code exposes organizations to a tremendous amount of risk, yet this point is treated like a dirty little secret that nobody talks about. So, let’s live on the edge and take a minute to talk about the problem. Open-source code is an oddity. Generally, open-source code is often placed in small packets tucked inside massive programs that corporations use to run their most important processes or it is adopted as a whole program and tasked with running some part of a business.

Trustwave has been positioned in the Leaders Category in the IDC MarketScape for Worldwide Emerging Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc #US50101523 April 2024).

For the second consecutive year, Cyber Defense Magazine honored Trustwave with a 2024 Global InfoSec Award for Best Solution Managed Detection and Response (MDR) Service Provider.

This is Part 10 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. Identity protection is one of the most important topics in cybersecurity. It is often complex in its configuration and operation. Over 80 percent of all security incidents result from poor identity access controls. Consider the following recommendations when developing a comprehensive Identity Management strategy.

An offensive security strategy is a sophisticated and dynamic approach that extends beyond mere testing. It's a comprehensive plan that aligns with an organization's core mission, transforming security from a passive shield to an active spearhead. After all, in any fight, a combatant can only block punches for so long before striking back.

If the UK is serious about digitizing the economy, then cybersecurity is priority number one and the first step should be to take a hard look at the UK Government's recently released draft code of practice for cybersecurity governance. Whilst governments around the globe have been kicking around the metaphorical can of AI regulation, something has been going on in the background: something tangible, incredibly dangerous, and increasingly more frequent: cybercrime.