DirectDefense, Inc.

’s data, or even modify the applications to send sensitive data to any recipient, as we discovered first-hand when we put one client’s web app security to the test. This risk level is not all that shocking when you take into account these grim stats from a 2019 study of 38 fully-functioning web applications: Attackers can compromise user information in 9 out of 10 web applications; unauthorized access to applications is possible on 39 percent of sites; and breaches of sensitive data are a threat in 68 percent of web applications. For starters, the application didn’t require authentication to allow access to sensitive functions, giving an attacker free reign to make changes to the application data and its state without credentials. A Security Breach is Much More Costly than Fixing Your Web Application Security Many times, a company inherits a web application with security issues through mergers or acquisitions; in this case, the app wasn’t coded right to begin with.

How our team was able to drive up to a municipal water utility, join the wireless SCADA network and gain the access needed to do some major damage to the water supply – If we told you that hacking into the wireless SCADA network of a municipal utility supplying water (not only to the city but also to a nearby government facility) was as easy as sitting in your car just outside the security fence and logging in, no password needed, you might think it seemed pretty far- The cyber security group of a municipal utility that has three different SCADA systems – power, water and wastewater – enlisted the services of DirectDefense to perform a comprehensive security assessment test of the organization’s SCADA environments. The SCADA security consultants at DirectDefense focus specifically on identifying mechanisms to secure SCADA systems without a complete redesign or significant architecture changes in order to enable security controls that will protect the environment.

one critical piece being a cyber security operations center – to detect or remediate the sophisticated cyber attacks occurring today. If you use a cyber security operations center through a managed security services provider (MSSP) like DirectDefense, you will have a team of security experts conducting log management, and monitoring of traffic and data for all the technologies your organization utilizes. 24 7 Security Monitoring: Even in the dead of night, if there is a security breach or abnormality within your organization, your MSSP will detect it and provide action items for proper response and remediation. Be prepared with a SOC – and get the added benefit of complete peace of mind in your security monitoring when you utilize a MSSP for your cyber security operations center.

Major utilities like electrical power grids are at great risk of sophisticated cyber attacks that can be terrorist-level in intent and severity, which is why the North American Electric Reliability Corporation (NERC) implemented the NERC reliability standards for power supply utility compliance. The NERC standards are comprised of the Critical Infrastructure Protection (CIP) standards, which were developed specifically to protect from cyber security threats to the bulk electric system. None Critical Asset Identification and Categorization: The first of the NERC standards identifies and categorizes bulk electric system cyber assets – electronic devices that function online and hold valuable data and information – and the systems that support those cyber assets. None System Security Management: This NERC standard protects specific elements of the bulk electric system’s overall security: controlling access to ports and services; tracking, installing, and evaluating security patches; malicious code prevention; event monitoring; and system access controls.