Making IT happen
Author: Chase Snyder, Sr. PMM, Xage Security
Every month in the Risk Roundup we recap a set of the top stories that had actionable cybersecurity lessons for security pros, or otherwise strong signals about the future of cybersecurity across enterprise and critical infrastructure contexts. Let’s dive in!
The world has been reacting to Ivanti VPN vulnerabilities for over a month now, but new revelations keep dropping. If the Cybersecurity and Infrastructure Security Agency of the U.S. can get hacked via the exact mechanism they warned everyone else about, how can businesses be expected to do any better?
Cybersecurity continues to be a competitive advantage. If you can show your customers that you’re not vulnerable to the Ivanti VPN vulnerabilities, or the Citrix Netscaler ones, or the CISCO ASA ones, or any of the enterprise edge security gaps, you’ll get more, better customers and make more money. Companies that can’t do this will die either due to a cyberattack, or due to loss of business as enterprise buyers get stricter on holding their vendors accountable for cybersecurity. Have you locked in a VPN replacement yet?
We’ve been on the cybersecurity-in-space beat for a while, and the visibility of this topic is only increasing. Politico wrote up this great piece on the Biden administration’s increasing attention on cybersecurity for satellite systems, with input from Xage’s own CRO, Darron Makrokanis.
The Biden administration has also issued an executive order to improve maritime security, particularly in our nation’s ports, which make heavy use of ship-to-shore cranes manufactured in China.
“To safeguard against evolving threats, we must establish a standardized level of proactive defense and move beyond just monitoring and detection. Taking control of the supply chain for both software and hardware that powers our maritime infrastructure and other critical industries is a big step in the right direction.” said Xage CRO Darron Makrokanis
Space and Sea aren’t the only realms where cybersecurity is an issue. Freight trucks have been found vulnerable, via their network connected activity logging systems, to wormable threats that could spread through an entire fleet, as reported by The Register.
This was a huge month for cyber risk in decentralized systems and critical infrastructure. The power grid is no exception. Xage Co-founder Roman Arutyunov published an article in PowerGrid International on how cyber challenges create a barrier to clean energy adoption.
Given the level of vulnerability that has been revealed in widespread enterprise security and access products, from Ivanti to Citrix to Cisco, every enterprise should be closely scrutinizing their cyber risk and taking steps to mitigate it. This work is never done. Xage CEO Geoffrey Mattson published guidance in Forbes for steps to take to stay ahead of risk in 2024.