For years the security community has viewed internal resources as presenting the greatest cyber risk to an entity. In 2021, shortly on the heels of the much-publicized SolarWinds breach, as well as many other supply chain/third party cyber breaches, it can be argued that supply chain/third parties now represent a greater cyber risk than insiders. This poses an extremely difficult problem to address given the number of third parties providing technology services to critical infrastructure entities and the nature of the services provided by the third parties. Even a mid-sized electric distribution utility can have more than 30 vendors that provide critical technology services and/or have access to the utility’s key systems – greatly increasing the entity’s attack surface, and the number of potential attack vectors, which can lead to a damaging breach. Read more Supply Chain/Third Party Breaches – Your New #1 Highest Cyber Risk ›

No one can predict when a cyber attack will occur, but you can control the impact of a breach by equipping your teams with the proper steps to appropriately respond with an effective Incident Response & Recovery Plan.
Read more Incident Response & Recovery Plans ›

Managing the confidentiality of your data and the integrity of your technology systems is crucial to protecting your business and your customers. Whether released to correct a defect or to provide enhanced capability, patch and update management should be an integral component of your security management strategy.
Read more Patch Management Services ›

On July 27th, 2020, the North American Reliability Corporation (NERC) released new reference material for mapping CIP Standards to the NIST Cybersecurity Framework.