Cybersecurity blog

News, articles and thought leadership.

Stay up to date

CyberSecurity threats

Cyberattacks on healthcare organizations can put patients’ lives and entire organizations at risk. There are numerous reasons why cyber attackers seem to favour healthcare facilities as a target: private patient information is worth a lot of money, medical devices are easy entry points, and there’s a lot of outdated technology.
There was a time when today’s tech-giant Apple faced bankruptcy. What happened, and how did Apple get to where it is now despite facing adversity?
Join us on the latest episode of Threat Talks, aptly named ‘Authentication Apocalypse.’ Our hosts, Lieuwe Jan Koning and Luca Cipriano, explore the pressing topic of authentication with Harald Bosman, a seasoned endpoint engineer from AMS-IX.
In this ‘Suppy chain – Business as usual?’ episode of Threat Talks, Lieuwe Jan Koning and Luca Cipriano dive into the escalating risk of supply chain attacks amid growing reliance on third-party and open-source software. Featuring insights from Matthijs Zwart, CIO and CISO of Vitens, the discussion explores the implications of these threats in critical sectors like water supply.
Adopting a transformative cybersecurity strategy can redefine business success. While the current adoption rate or Zero Trust – a transformative cybersecurity strategy – among large enterprises is just 1% as of January 2023, Gartner projects a growth to 10% by 2026.
DDoS attacks are orchestrated efforts where malicious actors aim to disrupt the normal flow of traffic to a specific server, service, or entire network. They flood the target with a torrent of internet traffic—much like those empty boxes in our scenario—making it impossible for legitimate traffic to get through. These attacks can cripple websites, slow down services, or even bring them to a complete halt, affecting businesses and users alike.

Zero Trust

With cybersecurity still a hot topic, news alerts about the latest data breach or security incident are hard to miss. Yet, even whilst being bombarded with these types of news items, many companies still think that they’re somehow immune to such threats. This optimism bias tends to come in three different flavors.
Palo Alto Networks published vulnerability CVE-2024-3400 that allows unauthenticated command injection (RCE) in the GlobalProtect feature of Palo Alto Networks PAN-OS software. Specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Though Zero Trust is here to stay, that doesn’t mean implementation is easy. Rob Maas is one of the leading Zero Trust consultants and the Field CTO at ON2IT. In this blog series, he’ll provide background and tips based on his years of practical experience implementing Zero Trust.
Many companies don’t stop to think about the status of their cybersecurity until a problem arises. Whether it’s a sudden transition to remote work or the abrupt implementation or alteration of compliance guidelines, the moment to then start thinking about your cybersecurity will already have passed.
In part II, John shares insights into both his experience working at Forrester and his contribution to the President’s National Security Telecommunications Advisory Committee (NSTAC) Draft on Zero Trust and Trusted Identity Management.  He also highlights an unexpected but important consequence to Zero Trust.
John Kindervag, founder of Zero Trust, was interviewed by VentureBeat to share his insights into how the adoption of Zero Trust is progressing across organizations and governments globally and what he sees as essential to its growth.

Business & Technology

A Cyber Security Incident Response Team is the emergency room of cybersecurity. You don’t want to need one, but once something bad happens, the ER doctors might just save your life. You don’t want to need critical incident response, but once a cyber incident occurs, you’ll be glad you have a team ready.
One of the most notable data breaches this year was the MGM Resorts attack, which not only caused serious disruptions to MGM’s business, but also had far-reaching implications for their supply chain.
Although Log4j and follow-up attack vectors are still a real threat for many organizations, it’s certainly not too early to draw lessons learned from this episode. What made Log4j different from other ‘classic’ 2021 vulnerabilities such as Citrix, Kaseya, and Hafnium (Exchange) is the fact that it was much harder for organizations to pinpoint if they were vulnerable.
As we start using more and more products (whether from a cloud supplier or using an on-prem solution) we also need to implement more security measures. Every separate business product has its own security requirements and solutions and the task is upon the security department to make sure that everything is used in a safe and secure manner.