Phosphorus's Cyber-Physical System (CPS) Protection Platform Matches CISA Mitigation Guidance for Top Misconfiguration Risks Amid Rise in ICS Threats
NASHVILLE, Tenn., Dec. 07, 2023 (GLOBE NEWSWIRE) -- Phosphorus, the leading provider of unified security management and breach prevention for the xTended Internet of Things (xIoT), urges all organizations with Cyber-Physical Systems (CPS) to address key misconfiguration issues that leave them vulnerable to attack by sophisticated state-sponsored and criminal cyber-threat groups.
Recently, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA) highlighting the most common cybersecurity misconfigurations in large organizations. Among the agencies’ list of the Top 10 most common misconfigurations were many risks which both Phosphorus and its research wing Phosphorus Labs have been warning about since bringing its Gartner-recognized CPS Protection Platform to market. These include default configurations, insufficient monitoring, poor patch management, poor credential hygiene, and more.
“Misconfigurations are extremely common in Cyber-Physical Systems, from IoT to operational technology and industrial control systems,” said Sonu Shankar, Chief Strategy Officer of Phosphorus. “With the growing risk of state-sponsored attacks, and the surge in criminal groups targeting Cyber-Physical Systems, it is absolutely critical for all organizations to assess their current level of risk and to take proactive measures now to mitigate these vulnerabilities before it is too late. Over the next year, we expect to see more disruptive cyber attacks targeting CPS assets in corporate and industrial systems. This can have a devastating impact on companies, their partners and shareholders, supply chains, and even the broader economy.”
Just since September of this year, CISA has released more than 50 Industrial Control Systems (ICS) Advisories covering a broad spectrum of mission-critical OT, ICS, and IIoT Cyber-Physical Systems (CPS). At the same time, a growing number of state-sponsored and criminal threat actors are now targeting CPS assets, such as the recent attack on Unitronics PLCs by the Iranian threat group, CyberAv3ngers. Over the past year alone, researchers have discovered advanced operations by such groups as Fancy Bear, Cozy Bear, Chernovite, NTC Vulkan, Mint Sandstorm, and Volt Typhoon to infiltrate these systems in high-value companies, critical infrastructure operators, and other organizations. Ransomwareattacks on industrial infrastructure have also increased by 87%.
NSA and CISA Recommendations for Network Defenders
The short but precise list of recommendations includes the following:
Nearly all of the critical recommendations that NSA and CISA encouraged companies to implement represent capabilities that Phosphorus has long addressed through its best-of-breed Unified xIoT Security Management & Breach Prevention Platform. It is the industry’s only CPS Protection Platform covering the entire security and management lifecycle for xIoT devices–including OT/ICS, IoT, IIoT and IoMT Cyber-Physical Systems.
How the Phosphorus Platform Addresses These Critical Risks
Phosphorus’s Unified xIoT Security Management & Breach Prevention Platform provides seamless, full-scope coverage through its unique ability to directly communicate with all xIoT devices in their native protocols.
This allows organizations across every vertical to safely and easily find, fix, monitor, and manage their CPS estates – without agents, complexity, or infrastructure dependencies.
To learn more about Phosphorus’s CPS protection capabilities, visit https://phosphorus.io/ or check out the company’s “Spies, Saboteurs & Scoundrels” talk at select upcoming conferences.
Phosphorus Cybersecurity® is the leading CPS Protection Platform delivering a proactive approach to security management and breach prevention for the exploding IoT, OT, IIoT, and IoMT attack surface. Designed to find and secure the rapidly growing, unknown, and often unmonitored world of Cyber-Physical Systems across the xTended Internet of Things landscape, our Unified xIoT Security Management Platform provides unmatched security management and breach prevention across every industry vertical—delivering high-fidelity discovery and risk assessment, proactive hardening and remediation, and continuous monitoring and management. With patented xIoT Intelligent Active Discovery and risk assessment, Phosphorus automates the mitigation and remediation of the most significant IoT, OT, IIoT, and IoMT device vulnerabilities – including unknown and inaccurate asset inventory, default credentials, out-of-date and vulnerable firmware, risky configurations, banned and end-of-life devices, and expired or self-signed certificates. Follow Phosphorus on LinkedIn, Twitter, Threads, and YouTube, and learn more at www.phosphorus.io.
Contact: Michael Sias Firm 19 [email protected]