In support of the 100-Day Plan to Address Cybersecurity Risks to the U.S. Electric System The Biden administration’s 100-day plan to address cybersecurity risks to the U.S. Electric System includes a task to facilitate a forum to explore and examine opportunities to incentivize participation in this Initiative and the adoption of industrial control system (ICS)…

The ever-increasing onslaught of ransomware attacks has created an air of urgency to reinforce internal networks and make cybersecurity programs in the organization more resilient to this risk. Designing a system for sustaining overall operations even if parts of the system are compromised is vital. Implementing ransomware resilience requires a systemic approach. For example, companies…

The Cybersecurity Capability Maturity Model (C2M2) Version 2.0 (V2.0) was released today, the 21st of July 2021. The update addresses emerging technologies and the evolving cyber threat landscape. The update was guided by the Energy Sector C2M2 Working Group, which comprises 145 energy sector cybersecurity practitioners representing 77 organizations. The group was formed as a…

Cybercriminals are making serious bank in 2021. Some recent ransomware payments include: $40M: CNA Financial Corp $5M:   Colonial Pipeline Company $11M:  JBS Foods And these are just a few of the paying victims we know about. According to the National Security Institute, the average ransom fee requested has increased from $5,000 in 2018 to around…

Ransomware has been an ongoing cyber risk over the past years. Instead of becoming less prevalent and replaced with different attack vectors, it has evolved, adapted, and become more sophisticated and frequent. Since the start of 2021, the point of attack has sharpened its focus. Ransomware is now about creating a compromise and subsequent operational…

With the recent high-profile ransomware attack on Colonial Pipeline Co., more companies than ever before have started to think about the potentially devastating consequences of cyber attacks and how to best protect themselves from them. Cyber attacks that affect critical infrastructure can not only paralyze the targeted organization, but often have downstream impacts on the…

Axio CEO and co-founder Dave White was interviewed in this article for Quartz in response to 2021’s rapidly increasing number of cyber-attacks. White heavily stresses the importance of organizational due diligence when selecting management tools that are connected online: “We’re more and more reliant on internet-connected management tools…These tools have tremendous power and rights inside…

One of the ongoing debates amongst cybersecurity experts is whether or not victims should pay a ransom when attacked. Some argue for paying it, so as to minimize disruption in business service and potential data breaches. Others recommend holding out so as to disincentivize attackers from continuing this trend. The one constant is that without…

The United States appears on the brink of cyber catastrophe. As recent attacks on Kaseya, SolarWinds, Colonial Pipeline, JBS and others have demonstrated, the nation’s digital and physical critical infrastructure is under increasing assault from highly sophisticated cyber adversaries. The Biden Administration’s recent memoranda underscored that no company is safe from a business-crippling cyber event.  And it’s…

Boards and senior executive leaders, like the rest of us, are waking up every morning to news of another devastating ransomware attack. It’s obvious the ransomware climate is constantly changing but many are wondering how the specific changes will affect their business. Last week we hosted a webinar reflecting on the new and critical changes…

The recent Colonial Pipeline attack was a national wake up call about the physical consequences of a ransomware attack. Hackers successfully held Colonial’s billing systems hostage, resulting in the inability for the company to deliver 45% of the nation’s fuel. Cyber events like a ransomware attack are becoming more frequent, and an issue of national…

As more companies and governments worldwide struggle with cyber threats — including malware, phishing, ransomware, and denial-of-service attacks — there has never been a better time to explore the adoption of a cybersecurity framework. Cybersecurity frameworks can help organizations think through how to set up a cyber program and evaluate resiliency in the face of…