Zero Trust
The Purdue Model has long served as a foundation for securing OT environments, but its limitations in addressing modern cyber threats are evident. Zero Trust enhances OT security by enforcing strict access controls, continuous monitoring, and micro-segmentation.
Community banks play a vital role in local economies, yet they face increasing cybersecurity challenges. Unlike larger financial institutions, they often struggle with limited resources, outdated technology, and complex regulations.
Let’s clear something up right away: Zero Trust does not mean we don’t trust people. It means we don’t blindly trust the digital traffic moving through our networks. And yes, that distinction matters, a lot.
As the year draws to a close, it’s time to reflect on the past 12 months and make plans for the year ahead. For those of us in cybersecurity, the question is clear: what did we do to strengthen our security posture this year, and how can we do even better next year?
Some CISOs fear auditors more than they fear actual hackers… Compliance has become a crucial focus with the implementation of regulations like the GDPR, CCPA, and various global data privacy directives. But whilst many organizations have rightfully turned their focus to said compliance, does it actually ensure better (cyber)security?
With cybersecurity still a hot topic, news alerts about the latest data breach or security incident are hard to miss. Yet, even whilst being bombarded with these types of news items, many companies still think that they’re somehow immune to such threats.
This optimism bias tends to come in three different flavors.
Threat InTEL
Once a primarily technical position, the role of Chief Information Security Officer (CISO) now comes with a range of new responsibilities. Executives increasingly rely on CISOs; but this can be risky.
The rapid technological advancements of the past few years (or decades, depending on how far back you want to scroll) are only picking up speed, and the threats we face will keep evolving just as fast.
But what does that actually mean for 2025?
Though the recent Baltimore bridge collision wasn’t a cyber-attack, it did showcase a serious vulnerability in ship systems. A vulnerablity that could’ve easily been exploited by hackers, highlighting a truth that can no longer be denied – ships are easy targets for cybercriminals.
In these cyber warfare episodes of Threat Talks, we explore whether or not we stand a chance in this continuous arms race in cyber technologies, what Advanced Persistent Threats (APTs) are, and how these modern threats can affect literally everyone.
PwC’s Dutch CEO Survey shows that 56% of Dutch CEOs are very concerned about cyber risks. The Allianz Risk Barometer lists cyber incidents as the biggest worry for companies globally and Gartner’s 2023 Top Cybersecurity Trends reports that business leaders are recognizing cybersecurity as a top business risk, yet organizations still struggle with implementing the necessary measures to mitigate risks.
If you’ve read any cybersecurity articles lately, you’ve likely come across the term ‘ever-evolving cyber threat landscape.’ It’s one of those phrases that gets thrown around a lot – especially in AI generated content – almost to the point of sounding cliché. But here’s the truth: as cliché as it may sound, it’s not just a buzzword.
Business & Technology
We challenge you to look at cybersecurity assessments through a different lens. IT and executive leaders alike should recognize assessments for the sanity check they are, as well as a way to build trust within the organization. Not as some sort of score card or grading system, but as a way to figure out where to start and where to go next.Â
Even if you’re an IT professional feeling a bit skeptical about the board’s intentions, you can still see that their involvement is a great chance to align security measures with the company’s broader goals. It’s all about framing this as a partnership, not a critique. One of the best ways to do that is through a cybersecurity assessment that actually makes sense.
Though Zero Trust is here to stay, that doesn’t mean implementation is easy. Rob Maas is one of the leading Zero Trust consultants and the Field CTO at ON2IT. In this second part of his blog series he answers the question: what part does business alignment play in cybersecurity implementations?
A Cyber Security Incident Response Team is the emergency room of cybersecurity. You don’t want to need one, but once something bad happens, the ER doctors might just save your life. You don’t want to need critical incident response, but once a cyber incident occurs, you’ll be glad you have a team ready.
One of the most notable data breaches this year was the MGM Resorts attack, which not only caused serious disruptions to MGM’s business, but also had far-reaching implications for their supply chain.
Although Log4j and follow-up attack vectors are still a real threat for many organizations, it’s certainly not too early to draw lessons learned from this episode. What made Log4j different from other ‘classic’ 2021 vulnerabilities such as Citrix, Kaseya, and Hafnium (Exchange) is the fact that it was much harder for organizations to pinpoint if they were vulnerable.
