Cyber Security

US Cybersecurity budget proposal stands at $10.9B (FY2023), while cybercriminals made $6 trillion in 2021 One can decipher the importance of cybersecurity and at the same notice the bridge between spending and losing in that stat. A quantum future is already in the making, and tech giants are already in the race. One research estimate put quantum computers to be a million times faster than classical computers. Such great computing power can reform the way we see and interact with technology. To be a part of such an experience, one needs to rethink cybersecurity, novel threats, and challenges posed in the ever-increasing digital space. Every enterprise, irrespective of its size and nature, allocates a certain chunk of its IT budget toward cybersecurity. These figures roughly land anywhere between 2% to 10.7% or just around 0.2% to 0.9% of their revenue. This roughly equals the (proposed) US Cybersecurity budget – around 0.45% of their GDP.  In a space where black hats (criminal hackers) are intimidating even the top tech giants, one has to reassess their Cybersecurity budget, and simultaneously look after cybersecurity budget optimization to achieve the best price to performance ratio. Does your Cybersecurity budget address these key areas? A cybersecurity budget breakdown should be able to define a company’s viewpoint and direction in adopting cybersecurity practices. Our experts at Sectrio curated the four areas, where you should exclusively focus upon: 1. Reactive vs Proactive The first and the most vital step in cybersecurity is being proactive, and not reactive. By the time a security breach is discovered and acted upon, the enterprise might end up losing credibility, business, and reputation. Many enterprises only work on implementing preventive measures and miss upon securing critical data and infrastructure. A proactive approach includes building cybersecurity from a hacker’s point of view and trying to penetrate the systems. An enterprise can hire blue/red hat experts to carry out penetration exercises and ramp up its cybersecurity.   Also Read: Why IoT Security is important in today’s networks? 2. Leveraging SOAR technologies SOAR (Security Orchestration, Automation, and Response) technologies may not be coming at takeaway prices, but surely their ROI can justify their costs. The in-house cybersecurity team is often overwhelmed by the quantum of alerts thrown up by security systems. Collecting, assessing, and identifying false positives is a herculean task for the security team. Where speed and efficiency are vital, these challenges can be daunting. This is where SOAR technologies help in building automated responses to low-level threats. This leaves the cybersecurity teams more time to work on tasks that require human intervention and deeper analysis. 3. Protection of infrastructure & data In a digital space, data is the key to success. Protecting every bit of that data is vital to an enterprise’s success. The following should be a part of every company’s annual cybersecurity budget breakdown: Detection tools, micro-segmentation, and encryption technologies Network monitoring solutions – Intrusion prevention systems, intrusion detection systems, web scanners, and packet sniffers Secure Email gateways to counter phishing and social engineering attacks Access and authentication technologies Robust data protection plan – Data sharing, tracking, portability, and breach notification Regular data backup and replication – This protects against data loss during ransomware attacks 4. Improving cybersecurity culture Cybersecurity is not only the cybersecurity team’s job but everyone’s. Awareness programs, skill development, basic identification and reporting, and security awareness training should be a part of the cybersecurity budget of any enterprise. This prevents a considerable number of phishing cyber-attacks. What is Cybersecurity budget optimization? Everything needs to be optimized. Your phone battery, your hard disk memory, your grocery budget, and even the nation’s budget. Similarly, even a company requires a thorough cybersecurity budget optimization to make the best use of the resources available. It is of utmost significance that a company knows where it is overspending, underspending, and where it needs to be spent optimum. This helps in minimizing costs escalating due to unnecessary or otherwise unimportant factors and spending more on areas that require time and value. Maybe you are overspending here! Our experts have decoded the four areas of overspending from a company’s typical cybersecurity budget breakdown. Make sure you address the following four areas to curb your overspending: 1. Handling Technology bloat In a company driven by technology, it is apparent that applications bloat over time. While few of them might be important, many of them can be simply pulled out of the regular workflow. Doing so will reduce time and money. Companies should deploy Technology Rationalization periodically to assess and eliminate tools and applications deemed unnecessary. 2. Legacy Systems Running processes on legacy systems is one area many enterprises are stuck with. While the individual costs don’t pop up in the annual balance sheets, these costs compound with time and become start bruising before one realizes it. It is best advised to move to modern IT infrastructure that gives better cybersecurity support. 3. Protecting all data equally Data type and nature vary greatly. While personal identification details, credit card numbers, and phone numbers can be very sensitive, policy documents and other in-house documents hardly have value. Depending on the type and nature of the data, protection tools must be deployed. This helps in bringing down the costs by a large margin with time. 4. Traditional Preventive Tools Hackers find novel ways to leverage the latest technology and tools to intrude into a system. Deploying heavy traditional tools may not be the right way to go ahead in the future. A thorough risk assessment can help in identifying the high likelihood of the type of risks and deploy cloud-based solutions accordingly. How to optimize your Cybersecurity budget? Spending more does not mean more protection. Only when you spend wisely, your protection improves. It is vital to know where to focus and how to prioritize spending across various aspects. 1. Technology that serves your purpose need not be the best More often than not, most hackers try to gain access to your enterprise’s network for financial gain.

Every 2nd breach in 3 involves some form of failure involving an employee. This is a reality that has been accepted by CISOs and senior management of businesses. Without employee engagement and involvement, there is no way that a cybersecurity program can succeed. With digital transformation and large-scale automation, the stakes are now higher than ever. Is there a way in which businesses can secure digital transformation efforts across the organization by letting employees lead the way? Read on to find out. What is broken? As digital transformation efforts involve multiple stakeholders, teams, and objectives, the security aspects often get neglected or are willingly ignored in favor of outcomes that may appeal more to the board and other important stakeholders. Other than this, here are some aspects that are currently in various states of disrepair when it comes to digital transformation cybersecurity: These are just some of the challenges that we came across during our interactions with industry leaders. There are many more out there. The impact What kind of impacts do such issues lead to? Here are a few outcomes: So what can be done to empower employees to turn them into cybersecurity champions and defenders of digital transformation gains? Digital transformation security on your mind? Talk to our cybersecurity experts about Sectrio’s easy-to-deploy 5-step approach to securing your digital transformation gains. Have you tried our threat intelligence feeds yet? Find out what your digital transformation project is missing, now: Sign up for FREE 15 days feeds of our threat intelligence feeds. Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

The latest to join the list of unique malware loaders is a loader called Bumblebee. It is ostensibly a new offering from the development house of the Conti malware syndicate and a replacement for the BazarLoader backdoor which seems to have outlived its utility. The rising preference for Bumblebee stands in sharp contrast to the dipping fortunes of BazarLoader which is no longer the preferred loader for sophisticated ransomware deployment operations.   Also read: What’s keeping CISOs awake at night this year? In the last few weeks, Bumblebee has been pushed widely by at least 4 groups through multi-phase campaigns involving passing ISO files, Zip, and other archive attachments with malicious. DLL files and execution shortcuts. Some of which are hosted using known public cloud service providers.   Some of the phishing campaigns intercepted by Sectrio contain some highly convincing content including LinkedIn invites and a site where you can sign up to support Ukraine. While many of the campaigns started in the week Russia invaded Ukraine, as of now there is little to no evidence to suggest that the two events were linked. Though it is possible that the Conti group could be using Bumblebee to create a new wave of confusion and distraction while it works on new and more potent malware. The shrinking development cycle for new malware loaders is another cause for concern.    Here are some of the features of Bumblebee The Conti group is working with at least one APT group to gain access to a wider set of network assets to target. The switch from Bazarloader to Bumblebee was sudden and abrupt. Two threat actors that were actively pumping Bazarloader suddenly switched over to Bumblebee. Such a rapid switch indicates high level of confidence in the loader as also a need to move away rapidly from old loaders that could no longer be as potent or useful as enterprises could have started deploying countermeasures. Also read: Why IoT Security is important for today’s networks? With rising threats in cyberspace, you need to ensure that you stay in the game by evading hackers and bad actors. Talk to Sectrio’s IoT and OT cybersecurity experts today to learn about the latest in threat detection and neutralization and you also get to try out our IoT and OT focused threat intelligence feeds for free. Don’t wait up, reach out to Sectrio now.   Explore our malware reports here: Malware Reports  Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

The recent exploits of the BlackCat ransomware group have underscored many factors that are worrying cybersecurity teams across verticals and law enforcement agencies. The sudden spike in the number of victims of this ransomware clearly points to the emergence of new operational models that hackers are using to spread the ransomware and target more entities. Let us examine how this group was able to scale its operations so quickly and turn into a significant threat to cyberspace in a short period of time. How does the BlackCat Ransomware group operate? The BlackCat group has been operating in one form or other since September 2021 when we first lifted a few digital prints of the group as a distinct entity from an attack on a powerplant in the Middle East. This was one of the earliest attacks attributed to the group. The breach was not successful but yet, the power plant operator got multiple ransom demand notes and calls from around the world.     The group began by modifying a code it inherited from another ransomware group. Since then, the group has revised its playbook to recruit new ‘affiliates’ to spread the malware thereby turning into a ransomware-as-a-service shop that lends its tools to other groups for a monetary consideration. The BlackCat group perfected the playbook to such an extent that today it has a unique approach which is an offshoot of its core model wherein the hacker(s) borrowing ransomware from it can pay a small amount upfront and later pay a percentage (30-50 percent) of the ransom collected from a victim as a commission. Also Read: Why are Chinese APT groups increasing their global footprint and cyber attacks? So in a way, the group collaborates with its affiliates to spread its ransomware while earning proportionately from the ransom received. Affiliates are recruited aggressively with groups that have worked with other ransomware groups previously being preferred by it.  Such affiliates are paid a bigger slice of the ransom collected. It is also possible that the group is also training some of its affiliates as well. There are also indications that the group uses a unique vetting process to remove non-serious affiliates or potential law enforcement teams that are trying to spy on it, its affiliates, and its activities. It has also developed its own payment and effort validation methods to ensure that all its affiliates report the right earning numbers to it (this is specifically for affiliates who have opted for the revenue share model. Why the BlackCat group is growing to be a bigger threat than imagined? In order to incentivize early payments, the group has now started offering discounts to victims who pay up early. This is another tactic that the group is deploying to ensure early payment of ransom by victims. The group also threatens to release sample data in batches to key stakeholders of the victim’s businesses to put added pressure on the victims. If this threat doesn’t work, then a threat of a massive DDoS attack is made. On the technical side, the ransomware is written using Rust which is memory safe and reduces the chances of creation of bugs that security researchers can exploit. It is designed for faster deployment and encryption. It can also target multiple OS eco-systems by being compatible with Windows and Linux. The malware also bears a low detection signature and is potentially undetectable especially when it comes to static analysis tools. From the FBI report on the ransomware and the group’s activities and Indicators of Compromise, it also seems that the ransomware is actually designed to steal data including user credentials before it targets key systems. This is an example of what we call a gain of features, capabilities, and function over the parent variant of this ransomware which was primarily developed to exfiltrate data.     Also Read: Why IoT Security is Important for Today’s Networks? Overall, the malware seems to be architected to target as many victims as possible in the shortest possible time before they appear on the law enforcement radar. The malware is also built to appeal to a larger set of players including affiliates, rookies, and revenge hackers. The level of focus on monetization of its ransomware shows how hacker groups have evolved to create specific malware that meets diverse requirements of not just the developers and users but also of other groups that may use the source code to develop more potent variants in the future. Explore our malware reports here: Malware Reports  Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

For the last couple of weeks, we have been hearing about increased Chinese APT activity in APAC. One of the APT groups involved is Deep Panda (a.k.a. purple ghost, Kungfu Kitten), and the countries affected are India, Australia, and Vietnam.  Deep Panda is among the older APT groups and has been around in one form or another since 2011. The group was among the first ones to be trained to target high-value targets and complex installations such as those connected with governments, telecom, defense, and parts of critical infrastructure. Deep Panda’s primary mission is to snoop on official channels to exfiltrate data of importance to the group’s sponsors. Deep Panda is also known to maintain a very high level of interest in intercepting communication between various government departments including state secrets and data such as those linked to Covid-19 numbers (sometimes it harvests and transmits terabytes of data to global C&C servers which is handed over to a team that sorts the information manually). It has known links with other Chinese APT groups and has collaborated on at least one project with the notorious North Korean APT group Lazarus Also read: Why IoT Security is Important for Today’s Networks? Deep Panda uses a wide array of tools including multi-phase RATs and also uses various Zero Day exploits to push malware into target networks. Recently we came across many instances of the group trying to infect servers with the Fire Chili rootkit. Deep Panda’s expertise lies in running complex social engineering campaigns to lure multiple victims in the target organization to activate more lines of data interception. In the last two weeks alone, Sectrio’s research team has come across Deep Panda’s footprints in our honeypots across Europe, Asia-Pacific, and North America. Cicada (a.k.a. APT10, Stone Panda) and Mustang Panda (a.k.a. Temp.Hex, HoneyMyte, TA416, or RedDelta) are the other Chinese APT groups that have become very active in the last few weeks.  Mustang Panda is currently running an espionage campaign to target diplomatic missions, think tanks, and NGOs in several countries.  Why are the Chinese APT groups becoming more active of late? In 28 of the 77 active honeypots run by Sectrio, a Chinese APT group activity was recorded. Some groups are also trying to access control systems linked to OT deployments as well as firmware connected with IoT devices. The increased wave of activity indicates rising sponsor interest in espionage and long-term reconnaissance on targets in addition to disruption. In India, the activity of Deep Panda was logged against attacks on utility infrastructure. We first detected Deep Panda’s reconnaissance activity in November 2019 when the group launched an attempt to penetrate a power grid and a New Delhi-based think tank (later in June 2020). The group also ran a campaign to target Indian missions in a few countries through a phishing campaign using emails that were engineered to appear to have come from India’s External Affairs ministry. This group has been maintaining a very high level of interest in India, Vietnam, and Australia since at least 2014. The increase in Chinese APT activity is connected to the ongoing retreat of Russian APT groups from cyberspace. Russian APT groups are now focusing only on a few sectors unlike earlier when they used to go after all critical infrastructure projects in target countries. Russian APT actors are now focusing more on energy infrastructure along with water and wastewater treatment plants and Maritime sectors. Russian groups are also bogged down by a huge spike in inbound cyberattacks on Russian targets and it does seem that their sponsors have now moved some of the APT groups to focus on either defending infrastructure or going after groups that are attacking Russia in cyberspace.    This has opened the door for Chinese APT groups to step in and increase their operations and these groups are exploiting the opportunity and replacing Russian APT groups in cyberspace. Going by the increase in the scale of operations, one can guess that the sponsors of Chinese APT groups are also providing these groups with more funds and manpower to continue their efforts and ramp up their operations. It is only a matter of time before these groups diversify their operations and start logging more success. Enterprises and governments have to act with caution and diligence to keep such groups at bay.   Amplifying the voice of CISO Haven’t filled up the CISO Peer Survey form yet? If not, you are missing a lot. Over 270 CISOs have already filled up this survey form. Fill up today and you will get a pre-release copy of the survey report complete with information, analysis, and commentary on areas such as: Cybersecurity budgets The latest strategies to keep threats at bay What tools are CISOs leveraging to secure their businesses? What has changed since Feb 24? How are organizations responding to emerging cybersecurity challenges To make your opinion count, fill up the uniquely designed form here: CISO Peer Survey 2022 Try our threat intelligence feeds for free to identify the threats your SIEM is missing out on. Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Talk to our cybersecurity experts today to get to know more about our IT-IoT-OT cybersecurity solutions and threat intelligence. Book here. We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will enable us to turn the survey into a more participative and comprehensive effort: CISO survey 2022 Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

In the last two weeks, several U.S. government agencies issued multiple joint alerts warning businesses and critical infrastructure operators about the discovery of malicious cyber tools that could be used to gain access to industrial control systems. While the important alert from the Energy Department, the Homeland Security Department, the FBI, and the National Security Agency (NSA) did not specifically identify the actor behind the malware, what has caught the attention of these agencies is the sheer sophistication of the malware involved. The APT group behind the malware created it specifically to target liquified petroleum gas and electric power targets in the USA.   Operating in the background In the last decade, APT groups have managed to gain Gigabytes of data on critical infrastructure operators across the globe through reconnaissance attacks. Such attacks have either gone unnoticed or have not been taken up for action or analysis by the impacted cybersecurity teams. This has resulted in a situation where bad actors have gained tons of data that could be used in an actual cyberattack or for the development of crafted malware. This includes data relating to: Security frameworks and incident response depths and capabilities related to critical facilities Supply chain entry points for loading malware to target entities downstream Ways to keep malware latent for prolonged periods of time. This includes periods of facility shut down, renovation, change of components, etc. Methods to infiltrate malware through non-conventional means including designating specific CI employees as targets for multi-stage phishing campaigns Identifying disgruntled employees who could be targeted more easily Further, through contaminated firmware residing in less than complex IoT systems such as smart surveillance, data and credentials have either been exfiltrated or copied onto other systems for exfiltration. The data gleaned is then used for creating modified malware variants that are often more effective in breaching the target networks than non-modified variants. Such malware are then deployed through the same route used during the reconnaissance attack (if the malware loader is still available or if the exploit is still unattended to). What does this translate into for cybersecurity teams? More targeted attacks and breaches that could lead to more loss of information or a huge ransom demand Malware evolution cycles have shrunk to months and weeks from years Malware can be repeatedly tweaked for improving its effectiveness by evading defenses This would increase the success rate for malware developers and bad actors who can then build on this success IoT deployments and OT-based critical infrastructure face an immediate threat Want to learn more on how to deflect targeted attacks? Learn more about our adaptive cybersecurity solutions today. Try our threat intelligence feeds for free and block over 18 million cyberattacks each day.   Talk to our cybersecurity experts today to get to know more about our IT-IoT-OT cybersecurity solutions and threat intelligence. Book here. We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will enable us to turn the survey into a more participative and comprehensive effort: CISO survey 2022 Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

While many critical infrastructure segments such as oil pipelines, offshore refineries, utility companies, and water treatment plants were registering a spike in cyberattacks, the number of background attacks on shipping companies and assets quietly rose to an all-time high yesterday. When analyzed in the context of growing attacks on global supply chains, this does present many reasons for cybersecurity planners to not just worry about securing their assets but also act to improve cybersecurity across the Maritime industry. After almost two-quarters of decline, cyberattacks on maritime assets started rising in February this year. The rise was not a steep one but instead, the volume kept rising till touching an all-time high of 1,09,333 as of noon yesterday. One of the attacks isolated by Sectrio’s researchers involves the use of info stealers The sequence of events is triggered by a phishing mail that invites the user to download ‘clearance certificates’ from various multilateral agencies for port operations. The document hosted on shady websites does indeed contain a fake certificate. On preview, it shows the viewer a portion of the document that looks authentic. When downloaded, the document asks the user to enable parts of the content that relate to malicious macros.   Also Read: Maritime Cybersecurity: Rising cyber threats The macros then start assembling multiple payloads from various sources on the web. Once the final payload is assembled on the victim system, the payloads start executing and mopping up all kinds of information from the infected machine in addition to using the machine as part of a wider botnet. Top 5 reasons why the Maritime sector is being attacked     With global sea commerce rising, hackers feel shipping companies may be easy targets when it comes to paying a ransom Many of the systems across OT and IoT have not been patched since 2020 or even earlier this has given bad actors a chance to access networks and resources using security gaps that have emerged since Bad actors may be trying to disrupt global supply chains to push the prices of commodities even higher Some of these attacks could be motivated by geopolitical factors Some of the major ports are also key target cities for APT groups and other sophisticated hackers Also Read: Why IoT Security is Important for Today’s Networks? Top 5 impacts Hackers are targeting navigation systems and this could cause a major accident on the high seas or even when the ships are returning to their ports Delay in economic recovery if some of these attacks succeed Loss of commodities could lead to a rise in prices Supply chain attacks could create challenges downstream as a delay in the arrival of input components may cause an escalation of costs or a temporary shutdown of production lines An ecological disaster could potentially result from a successful cyberattack on a shipping vessel So how can Maritime companies defend themselves against such attacks? Sectrio’s cybersecurity solutions and threat intelligence can help maritime companies operate with adequate levels of security by detecting threats and risks early and mitigating them. We are among the few companies with a solution deployed on ships and onshore maritime infrastructure. Talk to our cybersecurity experts today to get to know more about our IT-IoT-OT cybersecurity solutions and threat intelligence. Book here. We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will enable us to turn the survey into a more participative and comprehensive effort: CISO survey 2022 Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

As the pandemic eases its grip on the global economy and business imperatives, new organizational priorities are fast emerging on the horizon. The last two years have forced businesses to pay more attention to cybersecurity and risk management practices and priorities across managed and unmanaged environments while revisiting resource allocation, staffing, and board attention. Businesses and cybersecurity leaders are also taking a closer look at their operational threat envelope and risk exposure with regulatory cybersecurity advisories coming in almost on a weekly basis.   Some of the new cybersecurity challenges that have emerged in the last two years include:  More regulatory attention on critical infrastructure operators and businesses connected with supply chains   Regulatory bodies are streamlining reporting requirements to remove ambiguity and to ensure that all events are reported within a stipulated period of time. Regulatory bodies and governments are also incentivizing better cybersecurity measures   Reduction in visibility into various networks because of the sudden increase in the number of connected assets   Over 700 percent (as per the findings of Sectrio’s 2022 IoT and OT Threat Landscape Assessment and Analysis Report) increase in sophisticated cyberattacks and complex phishing and data theft activity    Targeted attacks on OT and IoT devices, networks, and on facility-level infrastructure    Security Operations Center fatigue triggered by a huge spike in false positives in threat detection   Institutional threat hunting capabilities have not kept pace with the growth in threats  Significant rise in undetected and unaddressed vulnerabilities   Discipline in patching devices was lost during the initial days of the pandemic which has led to trojans becoming embedded in various parts of the digital infrastructure   Rise of supply chain attacks emerging from entities that are loosely connected with downstream businesses   Rise of APT trained independent actors who are widening the threat spectrum and exposing businesses to new threats   Access and privilege management challenges caused by the use of multiple devices by employees     With these changes, CISOs are having to juggle multiple priorities, ensure nod from the board at all times, and keep investors and shareholders assured while having to do more with less. With such a roster of responsibilities, it is no wonder that CISOs in many organizations are driving innovation, efficiency, and optimization of assets and solutions used to get things done faster.    What’s really keeping CISOs up at night?  We are sure that you can relate to these challenges. But what about your peers in the industry?  What new challenges are they dealing with? How are they managing the new regulatory mandates, shortage of skilled staff, and expansion of threat surfaces tied to digital transformation endeavors? Has the new level of scrutiny that they are being subject to from within and outside the organization opening up doors for improvement or are they getting bogged down in some way?   Sectrio’s CISO Peer Survey 2022 will offers answers to these questions and provide deep insights into the strategies and tactics cybersecurity leaders are working with to address such challenges.   A chance to win  We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will enable us to turn the survey into a more participative and comprehensive effort.   Participate in this quick survey and get a chance to win a $100 voucher along with lifetime access to Curated Regulatory Compliance Kits from Sectrio.  Every respondent will also get a complimentary copy of the survey report once it is published in May 2022. The survey report will analyze the findings segregated as per various verticals and geographies and will also have suggestions and inputs from prominent cybersecurity leaders on dealing with these cybersecurity challenges. Begin the survey now! Don’t wait up. Book a free and no-obligation slot with our IT, IoT, and OT cybersecurity analysts and consultants to learn more about complying with the new recognition scheme. Book here. Learn more about our IoT, IT, and OT cybersecurity solution through an interactive demo. Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days