Fortress includes thought leaders throughout the cybersecurity industry who hold a vast range of experience and expertise of critical infrastructure security. We place great value on sharing timely and engaging insights in order to bridge the gap between vulnerability and security.
Log4j Vulnerability-Exploitability eXchange Advisories for Fortress Platform, FIA, and A2V Network
January 4, 2022 Fortress Information Security is releasing three Vulnerability-Exploitability eXchange (VEX) advisories for Fortress products File Integrity Assurance (FIA), Asset to Vendor Network (A2V), and Fortress Platform covering the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046.
GSA Polaris and the New SCRM Requirements
November 23, 2021 With the release of GSA Polaris around the corner, one looming issue remains: Contractors may lose out on an award or, perhaps worse, they may find themselves without access to task orders after granted a Polaris award due to the increasingly stringent requirements of Supply Chain Risk Management (SCRM). In this blog, Isaias “Cy” Alba, a partner in PilieroMazza’s Government Contracts Group, and John Cofrancesco, VP of Government Security Solutions at Fortress, reveal what government contractors should know now about SCRM requirements before putting their Polaris proposal at risk.
Introducing Fortress’ New Look
July 14, 2021 At Fortress, we place great value on our client communication. We firmly believe that it is not enough to possess industry expertise without a clear and successful means of using this knowledge to educate and empower our clients. As our repertoire of technological tools and security solutions expands, it has become all the more important to ensure that our messaging appropriately conveys our goals and services.
4 Key Factors to a Successful Work From Home Security Action Plan
March 24, 2020 We know that coping with a pandemic is challenging, and we want you to rest easy in the knowledge that your data remains safe and well protected. Fortress, like many other companies, has shifted to a 100% remote and work from home scenario. Here are some of the things we are doing to keep you safe.
Small Suppliers, Big Security Threats for the Grid
March 22, 2019 Electric utilities grapple with a myriad of cybersecurity challenges affecting the critical electric grid infrastructure. One area in particular that attackers have homed in on is industrial control systems (ICS). There have been increasing reports of hackers tied to nation-states burrowing into utility ICS, seeking to learn how systems operate and positioning themselves to control critical physical assets.
Maritime Cyber Threat Intelligence and Vulnerability Landscape
January 17, 2019 In recent years, cruise liners and their associated infrastructure rely more heavily on the inter-connectivity of IT systems and operational technology (OT) systems, creating a robust digital environment to successfully execute their missions. However, as ships become “smarter” and more interconnected, the risks of cyber attacks increase, which can negatively impact the business.
Cyber Attacks on US Pipelines in 2019
January 15, 2019 On March 15-16, 2018, the U.S. Computer Emergency Readiness Team (US-CERT) released a joint Technical Alert (TA), which was the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).
How to Stay Out of the GDPR Crosshairs and Demonstrate a Commitment to Data Protection and Privacy
January 14, 2019 A Fortune 500 multinational consumer organization was presented with the challenge of balancing automation of an extended global supply chain against the need to adequately protect sensitive customer data spread across markets with complex legal considerations. Compliance with the European Union General Data Protection Regulation (GDPR) by the mandated implementation date became a priority due to the potential for significant fines and penalties for non-compliant data controllers and processors, but these efforts had to be weighed against the risks and impacts to core business functions.
What Cyber Questions Should the Board Ask Prior to an Acquisition?
January 14, 2019 Verizon and Marriott International, each a leader in their respective industries, completed acquisitions over the past few years. Both companies are presently facing significant liabilities due to security breaches that occurred prior to their acquisitions. The security breaches went undetected for several years and were not identified during the acquisition due diligence process.
Consequences of Cyber Attacks on Critical Infrastructure
January 14, 2019 More than 65% of companies with critical infrastructure suffered at least one attack in the past 1 year(1). Close to 80% expect a successful breach to their Industrial Control systems within the next two years. (1). In recent news(3) we learnt that North Korean Hacking group APT37 can steal information from air-gapped networks.
What’s the Lesson from the Equifax Breach?
December 7, 2018 Major brand delivers its content at physical sites to hundreds of thousands of guests. Like many [manufacturing plants], the sites utilized a Connected Asset Ecosystem of physically accessible Internet of things (IOT), industrial technology (OT) and suppliers to deliver the guest experience. The board mandated that the risk of cyber terrorism be addressed within six months. To deliver on the board’s request, the brand decided that it would need to retain consultants to design a risk management program, hire and train a team to execute the program and acquire and purchase a variety of technologies needed to manage the program.