by Gary Mintchell | Apr 30, 2026 | Security
The typical cybersecurity firm releases reports. Here is one from a company called Resiliance. The unique take on this concerns linking cybersecurity technology to insurance risk. I’ve talked with people from various standards committees who believe a combination of insurance risks plus board-level concern with those insurance risks will drive management to pay more attention to the situation.
So consider this report as part of a larger management strategy.
Proprietary claims data reveal the simple practices manufacturing cybersecurity leaders should implement to limit financial risk
The best responses to change and management are the search for the simplest. Not too simple, but definitely trying to defeat overly complex processes.
Manufacturing is currently the single most targeted industry for cyberattacks. Given their critical role in the modern interconnected economy and low tolerance for downtime, manufacturers have become a prime target for threat actors looking for bigger payouts. On April 28, 2026, Resilience released The State of Cybersecurity in Manufacturing to identify the key drivers of financial losses based on real claims data and security practices that deliver measurable reductions in financial risk across its manufacturing portfolio. The report offers manufacturing security leaders, risk managers, and brokers clear, evidence-based solutions grounded in real claims.
Key findings from Resilience’s manufacturing claims data include:
- Over 90% of total incurred losses in Resilience’s manufacturing portfolio were attributable to ransomware, despite ransomware making up only 12% of claim volume among manufacturers. This shows that when attacks do happen, the losses are severe.
- Phishing and transfer fraud accounted for 30% of manufacturing claims, showing that human error is still one of the leading causes of cyber disruption.
- About 26% of all portfolio losses came from an MFA misconfiguration as the point of failure. The single most expensive event in Resilience’s manufacturing portfolio, attributed to BlackCat, was enabled by misconfigured MFA.
- Wrongful data collection caused 12% of claims, driven primarily by website tracking and pixel-related litigation, rather than operational data collection from connected manufacturing systems.
- There are five specific, implementable security controls that manufacturers can undertake to meaningfully address material risk and harden their defenses against cyber threats.
Importantly, Resilience’s new data illustrates that the controls security leaders should implement aren’t complicated. Simple adjustments are all that’s needed to strengthen their posture against cyber risk.
What security controls deliver the highest ROI for manufacturing organizations? Based on Resilience’s analysis of manufacturing insurance claims data and financial risk modeling, five controls consistently delivered the most significant identified impact on financial exposure:
- Auditing and validating MFA deployment supports consistent enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.
- Strengthening vulnerability management for external-facing systems hardens organizations from software vulnerability exploited directly linked to expensive ransomware outcomes.
- Implementing procedural controls for financial transfers can protect against phishing and transfer fraud attacks that represent the most frequent claim activity in the portfolio. This is a strategic cost-saving practice, as the average transfer fraud event costs roughly ten times more than the average email compromise.
- Extending security requirements to vendors and supply chain partners is designed to help insulate manufacturers from a distinct cause of loss in the claims data. Manufacturers should extend their security requirements to critical vendors, including contractual MFA and patching requirements, continuous monitoring of vendor risk posture, and contingency plans for disruptions to critical suppliers.
- Cyber risk quantification and transfer support the translation of cybersecurity risk into financial language that resonates with CFOs and boards to assist in securing adequate investment. Resilience’s claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings are intended to inform specific control investments and insurance coverage decisions.
by Gary Mintchell | Apr 23, 2026 | Networking, Organizations, Security
This news release falls clearly into the category of Duh!!!
Human social engineering and humans gaining unauthorized access while serving as contractors and the like have long been known to be a cybersecurity risk. But, I’m happy to note that an august group has perceived the obvious.
The Industrial Security Harmonization Group (ISHG) has released a joint industry perspective highlighting a critical truth in industrial cybersecurity: secure communication is not determined by protocols alone, but by how they are deployed and managed in real-world environments.
Or, maybe, it’s along the lines of “it’s not all our fault?”
The ISHG—comprising leading industry organizations including the FieldComm Group, ODVA, OPC Foundation, and PROFIBUS & PROFINET International—collaborates regularly to align security concepts across Ethernet and non-Ethernet communication protocol technologies. Their shared mission is to reduce complexity for end users and promote consistent, effective cybersecurity practices in industrial automation systems.
I once set at an industrial communication organization meeting where an end-user pleaded for application guidelines. He was studiously ignored.
Industrial communication protocols serve as the backbone of modern automation, enabling seamless connectivity between devices, systems, and applications across both process and factory environments. However, many widely used protocols were originally developed without cybersecurity as a primary design consideration.
It now emphasizes a more practical and realistic approach:
- Security is context-dependent — It relies on how protocols are configured, where they are deployed, and the surrounding operational environment.
- Built-in security features are not sufficient alone — Even advanced protocols require correct implementation and maintenance.
- Compensating controls are essential — Network architecture, segmentation (zones and conduits), monitoring, and physical safeguards play a critical role, especially for legacy and non-Ethernet systems.
by Gary Mintchell | Apr 16, 2026 | Automation, Security
Cybersecurity news will not wither during my lifetime. I think that is a safe prediction. Especially given all the hype around Anthropic’s latest news velocity releases. Not enough media pays attention to potential huge problems with attacking critical infrastructure. You would think they would given Russia’s attacks on the Ukraine’s infrastructure.
This news concerns another partnership of a cybersecurity vendor and a control and automation vendor. This news from OPSWAT cites a strategic collaboration expanding operational technology (OT)-safe patch management capabilities to Emerson’s Ovation Automation Platform customers worldwide.
The April 16, 2026 announcement states the two companies have announced a global strategic reseller agreement that will bring OPSWAT’s cybersecurity technologies to Emerson’s power and water industry customers. As the first initiative under this enterprise-wide agreement, Emerson will integrate OPSWAT’s scalable and safe operational technology (OT) patch management capabilities into its Ovation Automation Platform.
The new OT patch management solution further builds on the collaboration to date by securing the Ovation Platform through OPSWAT’s MetaDefender Endpoint and My OPSWAT Central Management On-Premises, part of Emerson’s purpose-built power and water cybersecurity suite of solutions.
Critical infrastructure operators, including power generation and water/wastewater utilities, continue to face increasing cyber threats, regulatory pressure, and operational risk stemming from unpatched vulnerabilities. OPSWAT’s solution for the Ovation Automation Platform delivers a modernized patch management approach designed specifically for industrial environments, addressing challenges posed by a mix of modern and legacy tools and the ongoing surge of nation-state and ransomware activity targeting the energy and water sectors.
The new strategic collaboration expands on the well-established DeltaV Alliance agreement between OPSWAT and Emerson for OPSWAT’s MetaDefender Kiosk, and MetaDefender Unidirectional Security Gateway for the DeltaV Automation Platform.
The new global partnership also underscores Emerson’s strategy to collaborate with proven and effective cybersecurity providers, a shift driven by evolving global regulations and the need for continuous response to new vulnerabilities.
by Gary Mintchell | Mar 31, 2026 | Generative AI, News, Security
Several people involved with standards have shared with me the insight that the driving force for adoption of some of these will come from company boards due to insurance and risk management pressures. Therefore, I found this paper interesting looking at trustworthy AI from the point-of-view of risk management.
Høvik, Norway, 25 March 2026 – New research from assurance and risk management company DNV has identified the foundations to achieving trustworthy artificial intelligence in the context of safety critical industrial processes. According to the paper, Assurance of AI-Enabled Systems, established risk management principles can be adapted to meet the complexity and uncertainty of AI enabled systems. While AI introduces new risks, proven assurance methods from safety critical industries already provide a robust starting point for addressing them
The paper shows that AI reshapes risk because it does not operate as a fixed, predictable component. This makes traditional one‑time assurance insufficient, and highlights the need for continuous and adaptive assurance throughout the lifecycle
Christian Agrell, Programme Director for AI Assurance at DNV, said, “Creating trustworthy artificial intelligence does not require us to start from zero. We already have strong foundations in modern assurance and risk science and our long experience managing digital technologies in high‑risk environments. Applying these principles thoughtfully allows us to build systems that remain safe and reliable, even as they evolve. Trustworthy AI depends on predictable behaviour under uncertainty, and that is exactly what these foundations help deliver.”
The research draws on DNV’s decades-long assurance and risk management experience in critical infrastructure, including the maritime and energy sectors. The foundational principals to create trustworthy AI include:
- A system model that captures the entire AI-enabled system
- This model reflects how AI interacts with humans, digital and physical components, and its operational environment. It enables understanding of emergent behaviour, unintended interactions and context specific risks that cannot be detected by examining the AI component alone.
- Taking a modular approach
- A risk model, applying uncertainty-based assessment and modular risk principles to break down complex systems with their complex and emergent risks into manageable parts across system levels.
- Linking claims to evidence
- These structured arguments connect claims such as “the system is safe” to verifiable evidence, assumptions and rationale. This provides a transparent, auditable framework for demonstrating trustworthiness throughout the lifecycle.
- Continuous, context aware assurance that adapts as AI evolves
- AI-enabled systems change over time as models are updated, data shifts and operating conditions vary. To maintain trustworthiness, assurance must be ongoing rather than a onetime check. This includes real-time monitoring, regular updates to evidence, and reevaluating risks and requirements so that confidence in the system remains valid throughout its lifecycle
“These foundations give industry a clear, actionable way to build and maintain trustworthy AI. We are already working with companies that recognize the potential of AI, as well as the risks it can pose to the critical services they deliver. I urge more organizations to join us in addressing and managing the risks associated with artificial intelligence,” Agrell added.
The position paper is part of DNV’s broader work to help industry adopt AI responsibly and aligns with the company’s recommended practice (DNV‑RP‑0671) for AI assurance.
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Mar 27, 2026 | Enterprise IT, Security
The accumulation, retention, and analysis of data continues to provide an important foundation for digital transformation, as well as, providing a threat vector for malicious hackers. News from companies combatting the problem forms a core to any coverage these days. This news contains details about launch of another IT solution.
DH2i, a leading provider of always-secure and always-on IT solutions, announced the general availability (GA) launch of DxEnterprise v26.0 and DxOperator v2, featuring high availability (HA), disaster recovery (DR), and operational resilience capabilities enhancements for SQL Server deployments across Windows, Linux, and Kubernetes environments. Together, the releases introduce meaningful advances in availability group (AG) protection, security controls, observability, and automation for both traditional and containerized SQL Server deployments.
In today’s enterprises, a perfect storm has emerged where applications have become direct revenue channels, infrastructure complexity has increased while IT staffing has not, modernization initiatives are no longer optional, security and compliance requirements are tightening, and software update velocity has accelerated. Together, these forces expose the limits of traditional HA approaches. What once worked for small, static clusters no longer scales when SQL Server deployments span hybrid, multi-platform, and containerized environments that demand continuous availability, stronger safeguards, and higher levels of automation. DxEnterprise v26.0 and DxOperator v2 address these challenges head-on.
DxEnterprise v26.0 focuses on improving cluster resilience, visibility, and administrative confidence through enhanced monitoring, stronger safeguards against split-brain scenarios, expanded credential support, and platform modernization. DxOperator v2 extends those capabilities into Kubernetes environments, giving users greater control over scale, updates, and network configuration for SQL Server AGs running in containers.
What’s New in DxEnterprise v26.0
- Deeper SQL Server and Availability Group Intelligence
- Database-level health monitoring is now enabled by default, allowing faster detection of issues affecting individual databases within an AG
- Split-brain scenarios are prevented via automatic per-availability-group quorum enforcement by demoting or shutting down replicas when quorum requirements are not met
- Improved replica connectivity alerts provide real-time notification when replicas disconnect or when SQL Server replica configurations diverge from expected cluster state
- Improved Security and Credential Resilience
- Support for secondary SQL Server backup credentials enables automatic fallback if primary authentication fails, reducing downtime caused by credential changes or expirations
- Administrative sessions are automatically disconnected when the cluster passkey changes, ensuring only authorized users with current credentials retain access
- The DxAdmin user interface now includes clearer prompts, stronger validation, and improved feedback for passkey configuration
- Greater Stability and Observability
- Core monitoring services, including DxLMonitor, DxCMonitor, DxStorMonitor, and DxHealthMonitor, have received reliability and stability improvements to reduce unexpected restarts and improve overall cluster resilience
- Basic anonymous telemetry is now available to help improve product quality and diagnostics, with opt-out configuration for customers who prefer not to participate
- Platform and Usability Enhancements
- DxEnterprise’s Linux version now runs on the .NET 8.0 runtime, delivering improved performance, security, and long-term support alignment
- Virtual hosts can now be renamed using a new rename-vhost command, simplifying cluster management and reorganization
- Additional safeguards prevent accidental overwriting of existing data stores during SQL Server high availability virtualization
- Enhancements to DxCLI and DxPS improve command-line usability, including human-readable XML output and new PowerShell cmdlets
- The DxCollect utility now includes expanded command-line options for more targeted diagnostics and log collection.
What’s New in DxOperator v2
- Flexible Scaling Up and Down
- Availability group clusters can now be expanded or reduced dynamically
- Unlike the previous version, DxOperator v2 can safely de-configure and remove replicas from a running cluster, enabling true scale-down operations
- Automated Rolling Updates
- Administrators can automate rolling updates of SQL Server or DxEnterprise container images, allowing pods to be updated one at a time without manual intervention
- Updates can also be performed manually when desired, giving operators full control over rollout strategy
- DxOperator does not automatically check for new container versions, ensuring that administrators remain in control of when and how updates are applied
- Advanced Network and Service Configuration
- Flexible service templates allow load balancers and other network services to be fully specified and automatically deployed per availability group replica
- This enables more consistent connectivity across different Kubernetes environments and cloud providers
- Redesigned Custom Resource and StatefulSet Adoption
- The custom resource definition has been redesigned for greater flexibility and now leverages Kubernetes StatefulSets
- By delegating pod creation, storage allocation, and rolling upgrades to Kubernetes, DxOperator v2 simplifies internal logic while benefiting from native Kubernetes reliability and lifecycle management
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Feb 13, 2026 | Security
Dragos has more news coming next week. In the meantime, news of a collaboration with, who else for industrial software, Microsoft. How many Microsoft mentions squeezed into one sentence—Dragos brings proven energy and industrial cybersecurity, seamlessly deployed on Microsoft Azure, integrated with Microsoft Sentinel and readily accessible through Microsoft Marketplace.
Dragos Inc., a global leader in cybersecurity for operational technology (OT) environments, announced February 3, an expanded collaboration with Microsoft to help organizations modernize and secure their cyber-physical operations amid accelerating digital transformation, cloud adoption, and AI-driven change.
This collaboration focuses on integrating Dragos’s capabilities with Microsoft’s cloud and security platforms. By deploying the Dragos Platform on Microsoft Azure, integrating with Microsoft Sentinel, and enabling streamlined procurement through Microsoft Marketplace, organizations can more tightly align IT and OT security operations while adopting robust protections purpose-built for operational environments.
The collaboration addresses Microsoft customers’ on-premises OT security needs and enables Dragos to expand its cloud reach, creating deployment flexibility that serves customers’ diverse infrastructure strategies. Importantly, Dragos, a Microsoft partner, addresses a long-standing capability gap for organizations seeking to modernize operations without introducing unacceptable operational risk.
They provide a list of benefits:
- Unified IT/OT security operations through native integrations with Microsoft Sentinel Flexible deployment options across cloud, hybrid, and on-premises environments to support diverse infrastructure strategies
- Improved visibility into industrial assets, threats, and operational impact, enabling faster, more informed response
- Reduced procurement friction via Microsoft Marketplace and alignment with customers’ Azure consumption commitments
- A future-ready foundation for securing AI-enabled, connected, and automated operations
- This integrated approach enables organizations to accelerate cloud and AI initiatives while maintaining the safety, availability, and compliance requirements essential to cyber-physical environments.
Four integration pillars:
- Flexible Deployment Options—Beginning in Q1 2026, the Dragos Platform will support SaaS deployments on Azure, in addition to on-premises and hybrid models.
- Microsoft Sentinel Integration—OT-specific telemetry, threat intelligence, and asset context from Dragos flow directly into Microsoft Sentinel, enabling unified IT/OT detection, investigation, and response.
- Microsoft Marketplace Availability—Customers can procure Dragos through Microsoft Marketplace and apply Azure consumption commitments (MACC), aligning OT security investment with broader cloud and AI initiatives.
- Looking Ahead—This collaboration establishes a scalable foundation for continued innovation, enabling deeper technical integration and coordinated go-to-market execution as OT, cloud, and AI environments become increasingly interconnected. For customers, it provides a clear, future-ready path to secure modernization, establishing Dragos’s OT-native cybersecurity as an integral capability within one of the world’s most important enterprise technology ecosystems.
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
