Tangible Security

Manufacturers are embracing digital transformation, powered by AI, IoT, the cloud, robotics, and more. Yet this transition has also led to new security issues. Tangible Security can help https://lnkd.in/gWAJiMhQ Specific issues in cybersecurity for manufacturers include: - Complex international supply chains with multiple vendors that can contain unknown vulnerabilities. - Connected IoT devices such as sensors, cameras, and smart machinery that can be potential targets for attackers if they are not properly secured. - Manufacturing facilities that rely on ICS/OT systems for critical processes, which may be insecure. Tangible Security helps manufacturing companies protect their infrastructure and stay resilient. Our customers range from multibillion-dollar manufacturers of intelligent building solutions to makers of fire and safety solutions to medical device manufacturers. We understand the needs of manufacturers, from secure development of IoT to ICS/OT, and will ensure that security in your organization becomes tangible. Whatever your security needs, our team of experts can handle it, from the physical security of staff workstations to IoT devices to large legacy systems. We can make your organization more secure and compliant.   Learn more: https://lnkd.in/gWAJiMhQ #cybersecurity #IoT #AI #manufacturing

Misconfigurations are a frequent cause of cloud security incidents, particularly permissive access settings for system resources. Our Cloud Security Assessment service can help: https://lnkd.in/gSzC7jTE Our expert team conducts thorough security assessments of configurations, security policies, and compliance for cloud infrastructure platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). We also assess cloud productivity platforms, including Microsoft Office 365 and Google Workspace. We identify vulnerabilities and misconfigurations that could expose your organization to cyber threats and provide actionable recommendations to fortify your cloud security and mitigate risks. Our assessment includes: Policy and Controls Review. Our experts conduct a thorough review of your security policies and controls, starting with established baselines such as CIS Foundations Benchmarks, along with other best practices. We use both manual and automated tools to assess critical aspects of cloud security. Configuration Review. We deploy both automated scanning tools and manual analysis to identify misconfigurations in your cloud infrastructure. Our experts analyze your cloud infrastructure configurations for identity and access, encryption, storage, network security, version control, logging, backup, patching, and more. Compliance Review. According to the requirements of your organization, we can evaluate your cloud infrastructure security against regulatory frameworks and requirements including CCPA, CMMC, FERPA, FINRA, GDPR, HIPAA, HITRUST, PCI DSS, SOC 2, SOX and other industry-specific requirements. Get started:  https://lnkd.in/gSzC7jTE   #infocsec #cloudsecurity

Need to schedule that pentest for Q4?  Need to rotate vendors? Tangible Security can help.  Learn more: https://lnkd.in/gHRcVp9U Our expert team of penetration testers can help you get a better understanding of your security posture and test the strength of your defenses. Tangible Security offers a full range of penetration and security testing services, including: ·     AI application assessment applies a robust testing methodology to identify vulnerabilities specific to AI-based technologies, such as prompt injection attacks, insecure output handling, and sensitive information disclosures. ·     Network vulnerability assessment and penetration testing provides you with a comprehensive evaluation of your internal and/or external network security, including wireless access. Our team identifies vulnerabilities, weaknesses, and potential entry points that could be exploited, making your network more secure and resilient. ·       Application assessment and penetration testing assesses the security of a wide variety of software, including desktop applications, web applications, web services, and APIs. We deploy an array of methodologies, tailored to each customer’s needs, to conduct comprehensive assessments. ·       Mobile app assessment and penetration testing provides a comprehensive evaluation of the security of your mobile applications. Our expert team identifies vulnerabilities and potential entry points for attackers targeting mobile platforms. ·       Embedded/IoT assessment and penetration testing offers comprehensive security evaluations for a wide range of products, including embedded devices and IoT infrastructure to identify vulnerabilities and misconfigurations that could be exploited by attackers. Get started: https://lnkd.in/gHRcVp9U

This week, the SEC announced it has charged four companies for what the agency determined was an intentional effort to minimize the impact of the hack to their systems because of the 2020 Solar Winds breach. https://lnkd.in/eGMFn3M2 Vulnerabilites in your IT supply chain can cause long-lasting damage – not just to your systems and data, but to your reputation as well. You need visibility into the components of your supply chain and to understand your risk. Tangible Security offers a comprehensive set of secure supply chain services, including program assessments, program development, third-party questionnaire support, and vendor management solutions. Our team of consultants will work closely with your stakeholders to develop your supply chain security program. We conduct an exhaustive inventory of all critical vendors within the supply chain, their roles, and the associated risks. We then review existing supply chain security documentation, policies and procedures and make a set of recommendations to ensure that these policies align with industry best practices and address your unique security needs. Learn more: https://lnkd.in/gyjPz9D4

Are concerns about safety holding your organization back from deploying generative AI? While many AI concerns are overblown, we have some thoughts on the real risks associated with AI, and how you can mitigate them. Learn more: https://lnkd.in/g-kSczsv The rapid rise of powerful, breakthrough AI technologies like ChatGPT has generated a lot of excitement in the IT world, but also concerns about threats to security and privacy. Some tech leaders have even publicly voiced concern that AI poses a “risk of human extinction” and called for a pause on AI development. How does one separate Siri from Skynet? We shouldn’t fear that AI will try to replace humanity any time soon. We should, instead, keep in mind some dangers posed by how humans utilize them. Some of the legitimate ways that bad actors can use generative AI to do harm include: ·       Using AI to generate or translate phishing or scam e-mails that are difficult to distinguish from legitimate communications. ·       Using voice-generating AI to emulate the voice of known officers of an organization to trick employees into divulging sensitive information or to take damaging actions. ·       Using image-generating AI to create false documentation for purposes of fraud or to create false evidence of wrongdoing. Read the rest of the blog post: https://lnkd.in/g-kSczsv

In the Bay Area and need help from experienced cybersecurity professionals? Come see us this Friday at the #OfficialCybersecuritySummit at the Santa Clara Marriott: https://lnkd.in/eMyK8RDK This year’s summit will include briefings from government and industry thought leaders on the newest cybersecurity threats and security trends. One critical issue facing many industries is the shortage of cybersecurity professionals. A new study found the US needs an additional 265,000 cybersecurity workers, as there are only enough qualified workers to fill 83% of the available cybersecurity jobs.  https://lnkd.in/gGD6xkR3 The shortage of qualified cybersecurity professionals is straining many small and medium-sized businesses (SMBs), which are struggling to keep up with implementing and managing the latest security technologies in an ever-changing cybersecurity environment. Tangible Security offers an array of services that let SMBs leverage cutting-edge security technology orchestrated with the knowledge and experience of seasoned security professionals without the need for a full-time, in-house expertise, enabling cost-effective and efficient security.  Learn about our full array of services here: https://lnkd.in/gDz7Y-tC and stop by our booth at the #OfficialCybersecuritySummit. #cybersecurity

Ransomware attacks are ramping up. A new report showed that nearly 400 US healthcare institutions were impacted this year, putting patients at risk. What can organizations do? On our blog, we outline four critical steps companies can take: https://lnkd.in/g_Ds8hXH Ransomware attacks are widespread, with nearly half a billion attacks occurring in 2023 alone. The average downtime incurred from a ransomware attack was 22 days, highly disruptive and costly for most any organization. No matter the size of your organization, it’s critical to dedicate enough resources to be prepared for these attacks and defend your infrastructure and assets. Four Steps You Can Take to be Prepared for Ransomware Attacks 1. Maintain a suitable backup. Ensure that your security professional maintains an appropriate schedule of backups, lessening the gap between contamination and discovery. 2. Assess your security program. A maturity assessment of your security program using recognized standards such as the NIST Cybersecurity Framework or ISO 27001 can identify areas where your security program is performing well, and where improvements are needed. 3. Ensure all systems are fully patched. Failure to patch hardware and software leaves systems vulnerable. When your system is patched you can utilize updated features, fix bugs, and stay secure. 4. Implement security awareness training. Ransomware attacks are often initiated through phishing or social engineering. Read the rest of the blog post: https://lnkd.in/g_Ds8hXH

Cyberattacks from state actors are increasing. We can help you get prepared. If you’re in the Bay Area, hear government security briefings and then visit our booth at the #OfficialCybersecuritySummit at the Santa Clara Marriott on October 25. https://lnkd.in/eMyK8RDK State-sponsored hacking of telecom companies, political campaigns, and strong encryption are getting a lot of attention in the security industry. So, it’s important to regularly review your security policies and programs and perform regular penetration testing. For over 25 years, Tangible Security has protected customers from some of the most security-conscious government agencies to state and local city governments. Our sole focus is on providing full-service cybersecurity, enabling us to offer a tailored experience for each client. Our team of leading experts applies an attacker’s mindset and innovative methodologies to uncover and remediate security issues, vulnerabilities, misconfigurations, and process weaknesses. We provide end-to-end protection of assets from physical security to the cloud, IoT, AI services, and beyond. Visit our booth and learn about our full range of services from penetration testing and risk assessments to staff training, compliance assessments, and staff augmentation such as fractional CISOs. Learn more: https://lnkd.in/gUfsqv5x

If you’re in the Bay Area, don’t miss the #OfficialCybersecuritySummit at the Santa Clara Marriott. Stop by and see us at our booth and learn how our cybersecurity services can help you: https://lnkd.in/eMyK8RDK This year’s summit will include briefings from government and industry thought leaders on the newest cybersecurity threats, security trends, and regulatory compliance developments. Visit our booth and learn about our full range of services from penetration testing and risk assessments to staff training, compliance assessments, and staff augmentation such as fractional CISOs. Our sole focus is on providing full-service cybersecurity, enabling us to offer a tailored experience for each client. Our team of leading experts applies an attacker’s mindset and innovative methodologies to uncover and remediate security issues, vulnerabilities, misconfigurations, and process weaknesses. We provide end-to-end protection of assets from physical security to the cloud, IoT, AI services, and beyond. Learn more at https://lnkd.in/gUfsqv5x

Compliance obligations for the use of AI technologies are accelerating worldwide. Are you prepared? We’ve got resources: https://lnkd.in/gbubzA4H Important developments in just the last two weeks included: ·       The US Department of Commerce’s Bureau of Industry and Security (BIS) announced plans to introduce mandatory reporting requirements for developers of advanced AI models and cloud computing providers. https://lnkd.in/gfAPgpbQ ·       The European Commission announced working groups tasked with drawing up the EU AI Act’s “code of practice”, which will spell out how exactly companies can comply with the wide-ranging set of laws, with compliance assessments set to begin in August 2025. https://lnkd.in/g62WNKYq To help you get started, we’ve got resources – our eBook, Preparing for AI Compliance: https://lnkd.in/gbubzA4H  and an accompanying webinar by our CISO, Anthony Bolan that you can view here: https://lnkd.in/gFM2yFMS Preparing for AI Compliance provides an overview of the current compliance environment for AI, and how this will lead to new compliance obligations. Important new standards include the NIST AI Risk Management Framework and ISO/IEC 38507, 24028, 23894, and 22989. Discover the common themes in these new standards, and the practical steps you should be taking now to get ready. You can also learn about our AI application vulnerability assessment and penetration testing service here: https://lnkd.in/gG6n2_2S