10 Reasons Why Cyber Policy Exclusions Aren’t What You Think
In today’s hyper-connected world, organizations are constantly striving to fortify their cyber defenses. From firewall configurations, network segmentation, to intrusion detection systems, there’s a myriad of tools and techniques at our disposal. However, a common practice among many teams is to implement broad cyber exclusions in their security tools, either to reduce false positives or enhance system performance. While the intent is often noble, this approach can unwittingly weaken an…
Pertinent Issues Concerning Penetration Tests and Vulnerability Assessments in OT
Recently, my experiences in the ICS/OT cybersecurity space have compelled me to address a few pertinent issues concerning penetration tests and vulnerability assessments. Through this post, I hope to shed light on some common misconceptions and underscore the genuine value behind these activities. The Frustrations of Premature Penetration Testing It’s not uncommon for organizations to jump onto the penetration testing bandwagon and without truly understanding its prerequisites. I have frequently…
Vulnerability Assessment vs. Penetration Test
Vulnerability assessments and penetration tests both provide valuable insight on vulnerabilities found within organizations and are important proactive tactics to help reduce the risk of a cyberattack. Because of these resemblances, vulnerability assessments are often confused with penetration tests. Although similar, the analysis of a vulnerability assessment and the simulated attacks of a penetration test are very different. A vulnerability assessment looks at the organization as a whole and identifies attack paths…