Your IT guy retiring? Time for an IT team.
Discover leading Managed IT Service Providers across USA, Canada & the United Kingdom.
- 100s of leading MSPs
- Find a MSP near you
- Latest IT news for SMBs
AI-Powered Cyber Threats and Water Utilities: What Public-Sector Leaders Need to Know
Water and wastewater organizations have long been considered part of the nation's critical infrastructure, but recent developments highlight how the threat landscape is evolving faster than many public-sector entities can adapt. New findings from both the U.S. Government Accountability Office (GAO) and industrial cybersecurity firm Dragos underscore a common message: water utilities must strengthen cybersecurity programs, improve visibility across operational technology (OT) environments, and prepare for increasingly sophisticated attacks. For utility leaders, these reports offer valuabl
Water and wastewater organizations have long been considered part of the nation's critical infrastructure, but recent developments highlight how the threat landscape is evolving faster than many public-sector entities can adapt. New findings from both the U.S. Government Accountability Office (GAO) and industrial cybersecurity firm Dragos underscore a common message: water utilities must strengthen cybersecurity programs, improve visibility across operational technology (OT) environments, and prepare for increasingly sophisticated attacks. For utility leaders, these reports offer valuable insight into both systemic cybersecurity challenges and emerging threats that could impact essential services. GAO Highlights Ongoing Cybersecurity Challenges for Water Systems In recent congressional testimony, the GAO warned that water and wastewater systems continue to face significant cybersecurity risks. According to the agency, several factors are contributing to a growing attack surface: Operational technology (OT) systems are becoming increasingly connected to enterprise networks and the internet. Aging infrastructure often lacks modern security controls. Workforce shortages make it difficult to maintain and secure critical systems. Cyber threats targeting critical infrastructure continue to increase in sophistication. While the testimony was not tied to a single cybersecurity incident, it reinforces concerns that many water utilities are managing complex operational environments with limited resources. As digital transformation initiatives continue, organizations must balance modernization efforts with cybersecurity resilience. For public-sector and utility leaders, the message is clear: cybersecurity can no longer be viewed solely as an IT concern. Protecting operational systems that support water treatment, distribution, and monitoring has become an essential component of business continuity and public safety. The First Public Example of AI-Assisted Targeting of Water Infrastructure A separate report from industrial cybersecurity firm Dragos provides one of the first publicly documented examples of an adversary using commercial artificial intelligence tools to support activities against a municipal water utility. According to Dragos, investigators analyzed an intrusion involving a municipal water and drainage utility where attackers attempted to move from a compromised enterprise IT environment toward operational technology systems. The significance of the incident is not that attackers successfully compromised operational systems—Dragos reported no evidence that OT systems were breached—but rather that AI tools were used to accelerate intrusion planning, environment mapping, reconnaissance, and identification of OT-adjacent assets. Their findings demonstrate how commercially available AI technologies can help threat actors: Analyze complex environments more quickly. Identify high-value infrastructure assets. Generate and refine attack pathways. Scale common offensive techniques with greater speed. According to Dragos, the incident illustrates how AI can make OT environments more visible to adversaries already operating within an organization's IT network. Why This Matters for Water Utilities Historically, specialized knowledge created a barrier between traditional cybercriminal activity and operational technology environments. Emerging AI capabilities may lower that barrier by helping attackers identify industrial systems and understand potential pathways between IT and OT networks. As a result, water utilities should evaluate whether existing cybersecurity programs adequately address both enterprise IT systems and operational environments. Areas that warrant attention include: IT and OT network segmentation Identity and access management controls Multi-factor authentication Remote access security Continuous monitoring and logging Incident response planning Asset inventory and visibility across critical systems Many of these practices are reflected in water-sector cybersecurity guidance and templates used to support utility cybersecurity programs. For example, water system cybersecurity frameworks emphasize secure remote access, monitoring network activity, maintaining asset inventories, managing OT access privileges, and regularly reviewing cybersecurity controls. Building Cyber Resilience in Critical Infrastructure While AI-assisted attacks are still emerging, the broader lesson is not necessarily about artificial intelligence itself—it's about preparedness. Threat actors continue to evolve their methods, and public-sector organizations must evolve their defenses accordingly. Strong cybersecurity fundamentals remain critical: visibility, access controls, network segmentation, monitoring, governance, and incident response planning continue to form the foundation of an effective security program. Water utilities that proactively address these areas will be better positioned to reduce risk, meet regulatory obligations, and maintain the reliability of the essential services their communities depend on. How Sourcepass GOV Helps Sourcepass GOV works with water districts, municipalities, and other public-sector organizations to strengthen cybersecurity programs through risk assessments, security advisory services, governance support, incident response planning, tabletop exercises, compliance oversight, and dedicated vCISO services. These services are designed to help organizations identify vulnerabilities, improve resilience, and build a practical roadmap for managing cyber risk. Learn More To read the full Dragos analysis, visit: AI in the Breach: How an Adversary Leveraged AI to Target a Water Utility Sources: Dragos, https://www.gao.gov/
Read full post on blog.sourcepass.comMSPdb™ News
HIPAA-Compliant VoIP for FL Medical Practices 2026
What makes a VoIP phone system HIPAA compliant for Florida medical and dental practices — BAA requirements, call recording standards, and which platforms qualify.
What makes a VoIP phone system HIPAA compliant for Florida medical and dental practices — BAA requirements, call recording standards, and which platforms qualify.
Read full post on simplyit.biz
What Does Managed IT Cost in San Antonio? (2026 Pricing Breakdown)
By Stephen Sweeney, President & CEO, Uprite Services TL;DR. San Antonio businesses with 10 to ... Learn More
By Stephen Sweeney, President & CEO, Uprite Services TL;DR. San Antonio businesses with 10 to ... Learn More
Read full post on uprite.com
Microsoft Teams Phone for FL Small Business 2026
Microsoft Teams Phone for Florida small businesses — what it costs, which M365 plan you need, Direct Routing vs Calling Plans, and whether it beats a standalone VoIP system.
Microsoft Teams Phone for Florida small businesses — what it costs, which M365 plan you need, Direct Routing vs Calling Plans, and whether it beats a standalone VoIP system.
Read full post on simplyit.biz
How to Stop Someone From Sending Email in Your Company’s Name
Without any special tools or technical skill, a stranger can send an email that appears to come from your company. Your domain in the From line. Your logo in the body. A short, reasonable request: pay this invoice, or update the account we send payments to. That is email spoofing. It is one of the
Without any special tools or technical skill, a stranger can send an email that appears to come from your company. Your domain in the From line. Your logo in the body. A short, reasonable request: pay this invoice, or update the account we send payments to. That is email spoofing. It is one of the
Read full post on harmony-msp.com
The Most Dangerous Phishing Email Is the One That Looks Perfect
It’s 2:47 PM on a Friday. A controller at a manufacturing firm in El Segundo gets a voicemail. It’s her CEO’s voice: his cadence, his slight impatience, even the way he clears his throat. He needs a vendor payment pushed through before the bank’s wire cutoff. The email with updated account details is already in
It’s 2:47 PM on a Friday. A controller at a manufacturing firm in El Segundo gets a voicemail. It’s her CEO’s voice: his cadence, his slight impatience, even the way he clears his throat. He needs a vendor payment pushed through before the bank’s wire cutoff. The email with updated account details is already in
Read full post on crimsonit.com
We all know MFA is important, but many users are expressing symptoms of “MFA fatigue”
Multi-factor authentication, commonly called MFA, has become one of the most important protections a business can put in place. It helps stop attackers from getting into company accounts even when
Multi-factor authentication, commonly called MFA, has become one of the most important protections a business can put in place. It helps stop attackers from getting into company accounts even when
Read full post on valleytechlogic.com
How to choose an EHR conversion vendor
Who this is for: You’re switching EHR systems and trying to figure out what the conversion process should look like Your group is acquiring practices that will need to be brought onto the same platform You’re a practice administrator who wants to know what separates a smooth transition from a difficult one You’re an EHR
Who this is for: You’re switching EHR systems and trying to figure out what the conversion process should look like Your group is acquiring practices that will need to be brought onto the same platform You’re a practice administrator who wants to know what separates a smooth transition from a difficult one You’re an EHR
Read full post on focushcs.com
Top Cybersecurity Threats Facing Ottawa Businesses Today
Cybersecurity risks continue to grow as Ottawa businesses rely more on digital tools and online platforms. These threats can cause serious damage, from financial loss to reputational harm. Understanding the biggest cybersecurity risks is essential for local businesses to protect themselves and their customers. This post explores the main threats Ottawa companies face and offers practical advice to reduce their exposure. Ottawa business server room showing network hardware Phishing Attacks: A...
Cybersecurity risks continue to grow as Ottawa businesses rely more on digital tools and online platforms. These threats can cause serious damage, from financial loss to reputational harm. Understanding the biggest cybersecurity risks is essential for local businesses to protect themselves and their customers. This post explores the main threats Ottawa companies face and offers practical advice to reduce their exposure. Ottawa business server room showing network hardware Phishing Attacks: A...
Read full post on cleverdogit.com
Texas Data Storage Compliance Deadline: A Checklist for Texas SMBs
By Stephen Sweeney, President & CEO, Uprite Services Texas SB 2610 took effect September 1, ... Learn More
By Stephen Sweeney, President & CEO, Uprite Services Texas SB 2610 took effect September 1, ... Learn More
Read full post on uprite.com
Navigating the Cybersecurity Landscape
Cybersecurity Pressure Is Not Slowing Down—It’s Compounding Cybersecurity is no longer an afterthought. For most organizations, it has become a constant, board-level conversation. Leadership teams now expect IT and security leaders to drive innovation, support growth, and defend against threats simultaneously. The challenge isn’t just the number of threats—it’s the speed of evolution. Attackers are using automation, AI-driven tactics, and increasingly targeted campaigns. Ransomware operations have matured into full-scale business models. Phishing attempts are harder to detect. Even smaller org
Cybersecurity Pressure Is Not Slowing Down—It’s Compounding Cybersecurity is no longer an afterthought. For most organizations, it has become a constant, board-level conversation. Leadership teams now expect IT and security leaders to drive innovation, support growth, and defend against threats simultaneously. The challenge isn’t just the number of threats—it’s the speed of evolution. Attackers are using automation, AI-driven tactics, and increasingly targeted campaigns. Ransomware operations have matured into full-scale business models. Phishing attempts are harder to detect. Even smaller organizations are now prime targets due to perceived weaker defenses. At the same time, many organizations still treat IT operations and cybersecurity as separate disciplines. This outdated approach creates avoidable risk. When performance and protection operate independently, gaps inevitably emerge, especially when different tools, vendors, or teams are involved.
Read full post on lbmctech.com