A SANS Institute survey found that budgets for ICS/OT security have shrunk, and advises on how to do more with less. Plus, hiring managers boost starting salaries to recruit stellar cyber pros. In addition, CISA’s Cybersecurity Awareness Month campaign challenges tech vendors to build safer products. And much more!
Dive into six things that are top of mind for the week ending October 6.
If your organization has cut its spending for securing industrial control systems (ICS) and operational technology (OT) systems, how can your ICS/OT security team make the best use of its smaller budget?
You’ll find actionable recommendations in the “SANS ICS/OT Cybersecurity Survey: 2023’s Challenges and Tomorrow’s Defenses” report, which polled 700 ICS/OT security professionals and found that ICS/OT security budgets trended down this year.
“Essentially, budgets are down in just about every category we analyzed,” the SANS Institute report reads. This includes a significant jump in respondents who said their organization has no budget for ICS/OT security at all – from 7.7% in 2022 to 21.8% in 2023.
(Source: SANS Institute’s “SANS ICS/OT Cybersecurity Survey: 2023’s Challenges and Tomorrow’s Defenses,” September 2023)
Ironically, as budgets fell, the number of organizations that rated threats to ICS/OT systems as “severe” (25%) or “high” (44%) increased. So how can you allocate your limited dollars to reduce the greatest risks? The report’s suggestions include:
SANS also recommends checking out its white paper "The Five ICS Cybersecurity Critical Controls."
Coping with tight budgets is just one of many ICS/OT security issues covered by the report. To get more details, download the report.
For more information about ICS/OT security, check out these Tenable blogs and videos:
Anatomy of a Threat: Rockwell Automation Vulnerabilities (CVE-2023-3595) and (CVE-2023-3596)
Tenable.ot Security Spotlight - The Ransomware Ecosystem
Tenable.ot Security Spotlight - Ransomware in OT Systems
Good news for cyber professionals: Cybersecurity ranked as the top technology skill for which hiring managers are willing to increase starting salaries, according to Robert Half’s “2024 Salary Guide,” published this week. Specifically, 55% of tech hiring managers polled will bump up cybersecurity salaries to land desired candidates.
(Source: Robert Half’s “2024 Salary Guide”, September 2023)
Unsurprisingly, cybersecurity pros rank among the most in-demand technology workers, along with those skilled in cloud, DevOps and AI.
So what’s the cybersecurity role with the highest starting salary? That’d be systems security manager, commanding a U.S. average ranging from about $137,000 a year for entry-level employees to almost $200,000 for the most experienced – not counting bonuses, benefits or perks. Starting salaries vary greatly depending on geography. For instance, the range for this role in San Francisco is from about $185,000 to $268,000.
Other highly compensated cybersecurity jobs include: security architect; data security analyst; network security engineer; and systems security administrator.
Regarding technology executives, CISOs ranked just below CIOs and right above CTOs, with a national average starting salary range of $176,000 to $259,000. That range climbs to around $238,000 to $350,000 in San Francisco, for example.
Overall, the hiring market in the technology sector as a whole is strong, making it a job candidate’s market. “Job gains in the tech sector outnumber losses, and the unemployment rate remains well below the national average,” reads the report's technology section.
Other key findings for the technology sector include:
To get more details, check out the report’s announcement, the full report and the report’s technology section specifically.
Technology manufacturers should build security features by design into their products and ship them with the highest security default settings, a move that would significantly boost protection for end users.
So said the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in its announcement of its Cybersecurity Awareness Month campaign “Secure Our World,” which also aims to promote cybersecurity best practices among individuals and businesses during October.
Customers shouldn’t have to constantly monitor, update and repair their systems to mitigate cyberattacks, CISA says in a campaign page aimed at tech vendors titled “Secure Your Products.”
“Design your products to minimize security flaws and sell them with default settings that make them safe ‘out of the box,’” reads the page. It’s an echo of a similar message the White House sent to tech vendors when it released the National Cybersecurity Strategy earlier this year.
Overall, the “Secure Our World” public awareness campaign aims to promote widespread adoption of four basic, foundational cybersecurity practices:
“As cyber threats continue to evolve, we encourage everyone to do their part to stay cyber-safe,” CISA Director Jen Easterly said in a statement.
To get more details, check out CISA’s:
Ransomware attackers are increasingly delivering a one-two punch to their victims, timing the second strike to hit usually 48 hours after the first. The goal? To further pressure the targeted organization to pay the demanded ransom.
That’s according to the U.S. Federal Bureau of Investigation (FBI), which detailed this trending technique known as dual ransomware in a recent advisory. Usually each dual attack combines two different ransomware variants, such as AvosLocker, Diamond, Hive and LockBit.
“This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments,” reads the five-page document. The advisory also describes new data destruction tactics used by ransomware attackers.
Mitigations detailed in the advisory include:
To get more details, read the full advisory.
Involved with cloud security? Check out CNAPPgoat, an open source tool for easily provisioning and destroying interactive sandbox environments where your team can test its cloud security skills, processes, tools and posture.
Created by Ermetic, a cloud-native application protection platform (CNAPP) innovator that Tenable acquired this week, CNAPPgoat allows security teams to simulate unsecured and vulnerable assets, as well as validate their defenses, in customized cloud environments. Launched in August, CNAPPgoat supports Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).
Provisioning a vulnerable environment with a broad range of risk scenarios opens up a variety of use cases, including:
This week, CNAPPgoat’s large library of vulnerable scenarios got bigger with a new one that lets you experiment with a technique that leverages exposure to server side request forgeries (SSRF) to trigger calls to AWS services from within an Amazon Elastic Compute Cloud (EC2) instance.
To get more details, check out:
After dominating the spotlight in June and July with its widespread exploitation of vulnerabilities in the Progress Software MOVEit Transfer tool, the CL0P gang went quiet in August, causing total ransomware attacks to fall 22% compared with July.
That’s according to data from the NCC Group’s latest “Monthly Threat Pulse” report, which also noted that although August attacks fell from the previous month, they nonetheless grew 144% year-on-year.
“After two record months for ransomware attacks, the fall in attacks in August was to be expected,” Matt Hull, Global Head of Threat Intelligence at NCC Group, said in the report, adding that CL0P’s MOVEit attacks “somewhat inflated” the June and July numbers.
“This being said, the number of recorded victims in August were still significantly higher than this time last year,” Hull added.
Lockbit ranked first among threat actors, accounting for 32% of August attacks, followed by BlackCat (11%) and 8Base (8%). CL0P was responsible for only 1% of attacks.
Among targeted verticals, industrials ranked first, hit by 31% of the attacks, as threat actors sought to steal personally identifiable information and intellectual property, as well as extort hefty ransoms from large organizations.
To get more details, read the full report.
For more information about ransomware protection:
VIDEOS
Anatomy of a Threat: MOVEIt (Tenable)
Tenable CEO Amit Yoran discusses Las Vegas ransomware attacks (CNN)
Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.