Welcome
 | 
My Account

CyberHealth News

Cybersecurity has become a critical topic to PMMI members and the packaging industry in today’s business environment.

As a result, PMMI has created CyberHealth, to assist you with your cybersecurity needs and keep you up to date on current business practices, key trends, and imminent threats. Check this page often as we will be updating the information and resources on a regular basis.

Get cybersecurity updates straight to your inbox by opting in to receive CyberHealth emails.

Non-Human Identities and Managing Privileged Access

December 6, 2024

Cybersecurity isn’t just about protecting our human users. Non-human identities like applications, APIs, and system IDs are commonly used for different purposes. Many of these identities are often given privileged access in order to fulfill their purpose. In this regard, adherence to the rule of least privilege can play a critical role in safeguarding industrial systems against evolving threats. Ignoring non-human identities and their level of privileged access can lead to devastating breaches, downtime, or even compromised safety.

It's Cybersecurity Awareness Month!

October 4, 2024

Last month, Jeremy Turner (Head of Cyber and Risk) presented to PMMI members at the 2024 Annual Meeting about the current cybersecurity threats PMMI members encounter on a daily basis. Cogility is a cybersecurity company that provides advanced threat intelligence and data-driven security solutions, specializing in continuous monitoring of internet-exposed assets, threat actor infrastructure, and potential cyber risks for commercial and government customers.

Safeguarding Your Data in Software as a Service (SaaS) Systems

August 28, 2024

Software as a Service (SaaS) platforms have become increasingly prevalent in organizations around the world. These platforms offer manufacturers scalable, efficient, and cost-effective solutions to manage everything from supply chains to operational workflows to customer relationship management, all in the cloud. However, with the growing reliance on SaaS solutions, it is crucial for manufacturers to conduct thorough due diligence when selecting and working with these vendors to safeguard their data and ensure they are safe from threat actors.

Third-Party Risk: How do you secure your supply chain?

July 2, 2024

In today's interconnected world, the strength of a manufacturer’s cybersecurity is only as robust as its weakest link. As businesses become more integrated and dependent on external vendors and supply chain partners, third-party risk management has become a critical component of a comprehensive cybersecurity strategy.

Rockwell Automation warns admins to take ICS devices offline

May 22, 2024

Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide.

What You Need to Know about Recent Industrial Cybersecurity

April 10, 2024

Recent findings reveal a stark reminder of the ever-present cyber threats in the industrial sector. A survey by Palo Alto Networks has shown that out of nearly 2,000 industrial organizations, spanning across 16 countries, a significant 25% experienced operational technology (OT) shutdowns due to cyberattacks within the last year​ (SecurityWeek)​​ (OODA Loop)​. 

CISA recommends getting rid of default passwords

January 19, 2024

Following our recent blog post about vulnerabilities in Programmable Logic Controllers, the Cybersecurity & Infrastructure Security Agency (CISA) is urging manufacturers to change or even get rid of default passwords altogether on equipment and software they manufacture. The agency went on to say that “studies by CISA show that the use of default credentials, such as passwords, is a top weakness that threat actors exploit to gain access to systems, including those within U.S. critical infrastructure”. 

CISA Warns of Unitronics PLC Exploitation

December 19, 2023

You may have seen the news last week that multiple municipal water authorities declared themselves under cyber attack. How did they get in? The answer is quite simple: by using the default credentials on Unitronics PLCs. The specific controllers that were compromised were equipped with HMIs and did not have their default passwords changed. While the attack has a multitude of geopolitical ramifications, ultimately it highlights the need to revisit security measures around interconnected devices, especially those that have not had proper security controls implemented or changed from their default settings.

Cybersecurity Threat Intelligence – Should I have one?

October 20, 2023

Cybersecurity threat intelligence services are comprehensive offerings that collect, analyze, and provide real-time insights on potential cybersecurity threats, vulnerabilities, and risks to your organization. These services monitor diverse data sources, detect threats, and identify vulnerabilities, including malware…

Tabletop Exercises – How to conduct a cybersecurity preparedness exercise

September 22, 2023

Tabletop Exercises – How to conduct a cybersecurity preparedness exercise We all know that Cybersecurity is paramount to ensuring the continuous operation of any business in today’s digital world, and responding to any type of cybersecurity incident at some point is only question of when. To safeguard your…