Ed Gawlik

In December 2015, more than 200,000 Ukrainians found themselves without power during a blackout cause by a cyberattack launched from within the Russian Federation. The attack was carried out by a spear-phishing campaign that was used to install malware on energy company computers. The malware, dubbed BlackEnergy, was specifically designed for use against industrial control…

If you don’t talk to your business units about the Internet of Things, who will? IT history shows why that’s not a glib question. Over the past decade, many enterprises suffered embarrassing security breaches and hefty noncompliance fines because their business units signed up for a cloud service without IT’s blessing or even knowledge. Why?…

Last year, nearly 40 percent of industrial control systems worldwide experienced attacks from external sources, according to a Kaspaersky analysis. That’s a sobering statistic, especially when coupled with evidence that cyberattacks were involved in crippling power outages in the Ukraine in late 2015. The following year, closer to home, U.S. cybersecurity officials accused Iran of…

Over the years, I’ve seen a remarkable shift in the way organizations approach their cybersecurity strategies. After the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS) debuted, most security programs focused on compliance issues. Organizations scrambled to ensure their operations were up to par before the…