BEST PRACTICES FOR UTILITY CYBERSECURITY

whitePaper | December 6, 2022

Cybersecurity can seem overwhelming, and there’s plenty of long to-do lists. The Center for Internet Security (CIS) has the Critical Security Controls, the International Organization for Standardization (ISO) has its 27000-series publications, and ISACA manages its COBIT 5 framework. Layer those atop compliance mandates like the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act (GLBA) — and it’s often hard to know where to start.

whitePaper | December 22, 2022

Ransomware continues to be among the most critical risks facing organizations of all sizes. Attackers have perfected techniques and business models that will pose a challenge to even the best prepared organizations. While the encryption of a high volume of computers on a network can potentially be mitigated by adequate backups, ransomware actors have discovered new avenues of extortion, such as threatening to release data stolen prior to encryption. While ransomware attacks are time consuming to perform, ransomware actors have managed to achieve scale through the introduction of “ransomware-as-a-service” operations, renting out their tools and infrastructure to other attackers in exchange for a cut of the profits.

whitePaper | December 20, 2022

The Nasuni Access Anywhere add-on service delivers high-performance, VPN-less file access for remote and hybrid users, integrates an organization’s file shares with Microsoft Teams, and provides productivity tools such as desktop synchronization and external file and folder sharing to enhance user productivity and provide access to files seamlessly from anywhere on any device. This white paper outlines the security elements of the Nasuni Access Anywhere service.

whitePaper | April 29, 2021

The cyber security industry has faced two major sets of challenges over the last twelve months. The attacks and exploits affecting Solar Winds, Accellion, Microsoft and their customers have focused attention on supply chain risk, but the impact of the coronavirus pandemic has been felt more broadly across cyber security domains and disciplines.

whitePaper | April 28, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

whitePaper | October 27, 2022

Cybersecurity has changed. The attack surface has expanded, thanks to the rapid adoption of cloud applications and services, shift to remote work, and proliferation of mobile devices. Having enterprise systems, applications, and data in one location and relying on layers of security tools and controls to keep attackers out, is no longer sufficient when the bulk of data and workloads now live outside the traditional network. Attackers are also increasingly targeting credentials to appear as legitimate users.