EmberSec
  • Home
  • Solutions
    • Services >
      • Technical Services
      • Managed Detection & Response
      • Governance, Risk, & Compliance
    • vCISO
    • Remote Work
    • Utilities
  • Resources
    • Partner Program
    • Blog
    • Webinars
  • About
    • Why EmberSec
    • News
  • Partners
    • FireEye
    • Fortinet
    • ATT
  • Contact

Blog

3 Quick Actions to Reduce Cyber Risk

2/24/2021

 

By Bill Palifka

​The deadline is looming for medium-size utilities to begin risk and resiliency assessments, and those in the small category are encouraged to budget and begin work by the end of the year. Water and wastewater utilities provide critical lifeline services to their communities and their regions. Safe water and clean water are essential for public health, ecosystem protection and economic strength.

Read More

Grants In Cybersecurity

1/28/2021

 

By Hunter Donahue

With the constant headlines and increasingly exorbitant costs of cyber-attacks, public concern for cybersecurity has reached an all-time high. Recently SecurityBoulevard reported a 139% increase in ransomware attacks in 2020 which underscores the need for immediate action. In response to these trends, there has been a significant increase in demand for new and different ways to fund various research projects, awareness campaigns, academic and training pathways, and other related efforts and resources.

Read More

A Primer on Application Whitelisting

12/7/2020

 

By Hunter Donahue

“Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system” as defined by SearchSecurity. Essentially, permission to execute any application not specified in the “whitelist” is blocked. It works in contrast to blacklisting, in which you block specific apps from running. Both whitelisting and blacklisting serve to protect enterprises from malicious applications such as malware from executing on endpoints.

Read More

Where Does a Water System Start with AWIA Certification

11/23/2020

 

By Bill Palifka

​As defined by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA), there are 16 “critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” One of these sectors is the Waste and Wastewater Systems sector. Recent, Federal legislation was passed into law to help bolster the safety and security of this sector.

Read More

6 Metrics to Measure Your Security Posture

10/29/2020

 

By Hunter Donahue

​Defining the metrics needed to accurately evaluate your company’s security posture can be the difference between having an effective security program and having unwarranted confidence in your security program. Not only are these metrics critical in ensuring you’re well-postured to contend against malicious cyber adversaries, but these metrics are also central in communicating your resource requirements to leadership.
 
Here are a few suggestions for cybersecurity metrics that should be tracked within your organization:

Read More

Top 3 Worries of Utilities Companies with Cybersecurity

10/6/2020

 

By Hunter Donahue

The growing number of cyber-attacks against both public and private utilities in recent years has led to increasing concern for one of the globe’s most critical sectors. Due in large part to the complex nature behind the infrastructure that provides basic amenities such as clean water, sewage services, natural gas, electricity, and more, utility providers have quickly found themselves in the crosshairs of malicious actors. Utility companies and threat actors alike are seeing the immense impact that a security incident can cause, and how unprepared some utility companies can be. In this blog we will cover some of the biggest issues that are affecting the utility sector, and how companies can begin to mitigate the risk associated with inadequate cyber defenses.

Read More

Blog Series: Exploitations, Penetration Testing, and Modern Cybersecurity DefensesEvolution of Exploitation, Part 4: Modern Cybersecurity Defenses

9/29/2020

 

By Luke Willadsen

​BLUF: This blog series is written to provide an anecdotal history of the evolution of exploitation in cybersecurity, focused largely on network exploitations in an enterprise and couched as Luke’s perspective over his decade-long career in InfoSec.
 
In cybersecurity, we preach the importance of layered security. And being successful in implementing a layered security strategy is a matter of staying in tune with the white hat community.
A layered security strategy means you need to block high, and block low. You need your endpoint security and your intrusion detection systems (IDS), and you need to protect yourself from the low-tech abuse of misconfigurations, poor patching practices, and weak passwords.

Read More

Cybersecurity as Your Competitive Advantage

9/23/2020

 

By Hunter Donahue

For start-ups, small businesses, and large, multi-national organizations alike, differentiating your products and services from those of your competitors and driving home your competitive advantage to customers is crucial to success. More often than not, businesses look to promote their latest and greatest in capabilities and features when attempting to establish their competitive advantage with consumers. Yet in a time when consumer behavior is changing, the uncertainty around what can be trusted online is at an all-time high, and shoppers are constantly inundated with targeted adverts, finding or maintaining your edge in the marketplace requires new and different strategies and messages.

Read More

Blog Series: Exploitations, Penetration Testing, and Modern Cybersecurity Defenses Evolution of Exploitation, Part 3: 2015+

9/14/2020

 

By Luke Willadsen

​BLUF: This blog series is written to provide an anecdotal history of the evolution of exploitation in cybersecurity, focused largely on network exploitations in an enterprise and couched as Luke’s perspective over his decade-long career in InfoSec.
 
In the field of cybersecurity, there’s one constant: It’s a game of cat-and-mouse. As exploits and vulnerabilities evolve, so too do vendors and defenders. While the first half of the 2010s are remembered by excessive buffer overflow attacks and the rise in the use of PowerShell-based remote execution techniques, the remainder of the decade featured new and “improved” ways to perform network exploitation.

Read More

Be Prepared: Risk Assessment and Emergency Response Planning Under AWIA

8/31/2020

 

By Bill Palifka

On Oct. 23, 2018, America’s Water Infrastructure Act (AWIA) of 2018 was signed into law, essentially requiring water utilities to be better prepared for a wide range of threats. It requires water utilities to thoroughly assess their vulnerabilities to all types of natural hazards and man-made disasters and develop a detailed plan to address them.
 
Section 2013 of AWIA, through an amendment to the Safe Drinking Water Act (SDWA), introduced a new requirement for every public water system that serves more than 3,300 people to conduct a Risk and Resilience Assessment (RRA) and prepare (or revise) an Emergency Response Plan (ERP). If multiple entities are involved in water supply, treatment and distribution – such as wholesale suppliers, treatment operators and (separately owned) distribution systems – all would need to separately conduct RRAs and develop ERPs for assets under their control. Utilities are required to certify to the U.S. Environmental Protection Agency (EPA) that both have been completed by established statutory deadlines.

Read More
<<Previous

    Archives

    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019

    Categories

    All

    RSS Feed

Home 
Services 

About 
Events
​Resources
​Contact​
Contact Us
​ (703) 224-1000
info [at] embercybersecurity.com
8484 Westpark Dr.
Suite 600, McLean, VA, 22102
Home 
Services 
About

Events
Resources
​Contact​
Contact Us
​ (703) 224-1000
info [at] embercybersecurity.com
8484 Westpark Dr.
Suite 600, McLean, VA, 22102
Privacy Policy
Picture
© 2020 By Light Professional IT Services LLC. All Rights Reserved.
  • Home
  • Solutions
    • Services >
      • Technical Services
      • Managed Detection & Response
      • Governance, Risk, & Compliance
    • vCISO
    • Remote Work
    • Utilities
  • Resources
    • Partner Program
    • Blog
    • Webinars
  • About
    • Why EmberSec
    • News
  • Partners
    • FireEye
    • Fortinet
    • ATT
  • Contact