Shipping the Code That Security Rejected

Cyber Gaps in Automotive Supply

What happens when a vulnerability is discovered in a car's system after production has started, and nobody knows who's responsible for fixing it? In this episode we break down the messy world of automotive cybersecurity, where gaps in responsibility between companies can put entire systems at risk. We walk through real-world scenarios where the lack of clear agreements and ownership can lead to major problems. We argue that these gaps are not just technical issues, but also governance problems that need to be addressed. The consequences of these gaps can be severe, from compromised vehicle safety to significant financial losses, making it essential for companies to rethink their approach to cybersecurity and liability. Subscribe to our podcast to dive deeper into the complex world of automotive cybersecurity and learn how to navigate these critical issues. #automotivecybersecurity #cybersecuritymatters #supplychainrisk

When Patches Stop Production

What happens when a security patch intended to protect your system ends up being the cause of a catastrophic operational incident? In this episode we break down the nuances of patch management in industrial environments, where the stakes are high and the consequences of a mistake can be devastating. We walk through real-world scenarios where a simple patch can bring down an entire production line, and explore the delicate balance between cybersecurity and operational continuity. We argue that a one-size-fits-all approach to patching is no longer tenable. The ability to manage vulnerabilities in industrial environments has a direct impact on the bottom line, as a single misstep can result in costly downtime and damaged equipment. Subscribe to our podcast to hear more about the complexities of OT vulnerability management and how to navigate the treacherous landscape of patching and cybersecurity. #IndustrialCybersecurity #PatchManagement #OTVulnerabilityManagement

Ransomware Beyond Encryption

What if a single login credential was all a hacker needed to bring your entire production line to a grinding halt, without even touching your industrial control systems? In this episode we break down the grey zone where ransomware attacks on operational technology can have devastating consequences, and explore the often-overlooked vulnerabilities that can allow attackers to move undetected between IT and OT systems. We walk through real-world scenarios where a simple login can enable access to sensitive areas of your operation, and discuss the importance of understanding the trust, exposure, and consequence of your assets. The reality is that many organizations are unaware of the risks lurking in the spaces between their IT and OT systems, and the consequences of a breach can be catastrophic, resulting in lost production time, damaged equipment, and compromised safety. Subscribe to our podcast to stay ahead of the threats and learn how to protect your operation from these emerging risks. #IndustrialCyberSecurity #Ransomware #OperationalTechnology

Beyond Asset Coverage

Can a single overlooked device really bring down your entire network, and are you unwittingly leaving the door open to cyberattacks by focusing on the wrong security strategy? In this episode we break down the flaws in traditional network visibility programs and explore how microsegmentation can limit the damage of unseen assets. We walk through real-world examples of how IT dependencies and vendor access have led to devastating breaches, and discuss the importance of structuring conversations around asset risk and function. By the end of this episode, you'll understand why treating inventory as a containment strategy is a recipe for disaster, and how a different approach can save you from costly disruptions. Subscribe to our podcast for more insights on how to secure your network and stay one step ahead of emerging threats. #cybersecurity #networkvisibility #microsegmentation

When Containment Fails Recovery

What if your team contained a cyber incident, but the real damage was only just beginning? In this episode we break down the disconnect between IT and engineering timelines, and explore how the NIS2 directive is raising the bar for incident recovery and accountability. We walk through the implications of Articles 20, 21, and 34, and what they mean for management bodies and cybersecurity teams. We argue that a single incident command model is the key to true recovery. The ability to recover from a cyber incident quickly and effectively is no longer a nice-to-have, but a critical component of business continuity and risk management. Subscribe to our podcast for more insights on cybersecurity and operational risk, and join the conversation on how to stay ahead of emerging threats. #cybersecurity #NIS2 #incidentrecovery #operationalrisk #businesscontinuity