Insights

Cybersecurity insurance has become an increasingly important consideration for businesses in today's digital age. With data breaches and cyber-attacks becoming more frequent and sophisticated, companies need to ensure that they have adequate protection in place. This new reality has cybersecurity insurance providers reevaluating the market and their position in providing coverage, which means coverage is not being renewed or premiums are increasing. Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021 (CNBC). Insurance companies are not afraid to say no to new coverage requests or renewals if an organization's defenses are lacking or data recovery plans are inadequate. Cyber Insurance companies are now circulating screening documents and checklists to help determine the overall risk that covering an organization poses. Part of that questionnaire requires detection and response capabilities. While cyber insurance can provide valuable protection and support…

Watch the news lately? We are seeing random attacks on Electric Membership Cooperatives (EMCs) substations, their property, and equipment storage facilities and more. Following the Critical Security Controls best practices helps EMCs discover why it is important to have a plan to protect their assets and increase the overall security posture. Inventory and control of enterprise assets is important for several reasons. First, EMCs need to actively manage all their assets, including power generation and distribution equipment, vehicles, buildings, and other property. This includes management and maintenance of all assets, not just those things connected to the internet. This information is critical for budgeting and planning as well as for identifying potential risks and vulnerabilities. Second, maintaining inventory and control of assets also helps EMCs comply with regulatory and industry compliance. For example, conducting regular audits and reviews of certain types of equipment, and accurate asset information is necessary to…

There has been a great deal of discussion of late regarding "Automated Penetration Testing" and "Manual Penetration Testing". Despite the encouragement by many vendors, automated penetration testing does not exist. The actions they describe are very close to what you would expect from "Vulnerability Scanning". This is important, as a consumer should know exactly what to expect from a vendor. Penetration Testing is the process of discovering and identifying vulnerabilities within the systems deployed by an organization, exploiting them to understand the level of potential threats those vulnerabilities might pose, and the damages that would be caused by a successful exploitation. A successful penetration test not only identifies the vulnerabilities but also finds different ways to exploit those vulnerabilities with the goal of determining the outcome of a successful exploitation. As a result, Penetration Testing is a complex and time-consuming, painstaking process. There are many reasons why conducting a proper…

Critical Path Security is excited to announce our partnership with Ryan Vargas for the NASCAR Craftsman Truck Series. Critical Path Security specializes in cyber security with an established presence in New York, New Jersey, Atlanta, Los Angeles, San Diego, and Toronto. Critical Path serves a span of multiple industries from entertainment to defense. "I'm beyond thrilled to welcome Critical Path Security aboard for their first race in the NASCAR Craftsman Truck Series," says Vargas. "I've been fortunate to have chatted off and on with Patrick (Kelley) and his team at Critical Path Security for the last few months. Continuing this partnership from last year in the Xfinity series to our win in the eNASCAR International Series, I look forward to helping them bolster their program as well as finding new ways to showcase Critical Path's quality cyber security services." "We could not be more proud to continue our relationship with…