Cybersecurity blog

News, articles and thought leadership.

Zero Trust

An image showing the title of the blog (Zero Trust: A New Year's resolution worth keeping) as well as an image of a list of 2025 resolutions.
As the year draws to a close, it’s time to reflect on the past 12 months and make plans for the year ahead. For those of us in cybersecurity, the question is clear: what did we do to strengthen our security posture this year, and how can we do even better next year?
Some CISOs fear auditors more than they fear actual hackers… Compliance has become a crucial focus with the implementation of regulations like the GDPR, CCPA, and various global data privacy directives. But whilst many organizations have rightfully turned their focus to said compliance, does it actually ensure better (cyber)security?
With cybersecurity still a hot topic, news alerts about the latest data breach or security incident are hard to miss. Yet, even whilst being bombarded with these types of news items, many companies still think that they’re somehow immune to such threats. This optimism bias tends to come in three different flavors.
Palo Alto Networks published vulnerability CVE-2024-3400 that allows unauthenticated command injection (RCE) in the GlobalProtect feature of Palo Alto Networks PAN-OS software. Specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Though Zero Trust is here to stay, that doesn’t mean implementation is easy. Rob Maas is one of the leading Zero Trust consultants and the Field CTO at ON2IT. In this blog series, he’ll provide background and tips based on his years of practical experience implementing Zero Trust.
Many companies don’t stop to think about the status of their cybersecurity until a problem arises. Whether it’s a sudden transition to remote work or the abrupt implementation or alteration of compliance guidelines, the moment to then start thinking about your cybersecurity will already have passed.

Threat InTEL

The rapid technological advancements of the past few years (or decades, depending on how far back you want to scroll) are only picking up speed, and the threats we face will keep evolving just as fast. But what does that actually mean for 2025?
Though the recent Baltimore bridge collision wasn’t a cyber-attack, it did showcase a serious vulnerability in ship systems. A vulnerablity that could’ve easily been exploited by hackers, highlighting a truth that can no longer be denied – ships are easy targets for cybercriminals.
In these cyber warfare episodes of Threat Talks, we explore whether or not we stand a chance in this continuous arms race in cyber technologies, what Advanced Persistent Threats (APTs) are, and how these modern threats can affect literally everyone.
PwC’s Dutch CEO Survey shows that 56% of Dutch CEOs are very concerned about cyber risks. The Allianz Risk Barometer lists cyber incidents as the biggest worry for companies globally and Gartner’s 2023 Top Cybersecurity Trends reports that business leaders are recognizing cybersecurity as a top business risk, yet organizations still struggle with implementing the necessary measures to mitigate risks.
If you’ve read any cybersecurity articles lately, you’ve likely come across the term ‘ever-evolving cyber threat landscape.’ It’s one of those phrases that gets thrown around a lot – especially in AI generated content – almost to the point of sounding cliché. But here’s the truth: as cliché as it may sound, it’s not just a buzzword.
How do you stop these modern bankrobbers from targeting your financial institution? In this Breaking the Bank episode of our Threat Talks podcast, our special guest and renowned cybersecurity expert Jayson E. Street shares his experiences on how he ethically “robs” banks to reveal security weaknesses.

Business & Technology

We challenge you to look at cybersecurity assessments through a different lens. IT and executive leaders alike should recognize assessments for the sanity check they are, as well as a way to build trust within the organization. Not as some sort of score card or grading system, but as a way to figure out where to start and where to go next. 
Even if you’re an IT professional feeling a bit skeptical about the board’s intentions, you can still see that their involvement is a great chance to align security measures with the company’s broader goals. It’s all about framing this as a partnership, not a critique. One of the best ways to do that is through a cybersecurity assessment that actually makes sense.
Though Zero Trust is here to stay, that doesn’t mean implementation is easy. Rob Maas is one of the leading Zero Trust consultants and the Field CTO at ON2IT. In this second part of his blog series he answers the question: what part does business alignment play in cybersecurity implementations?
A Cyber Security Incident Response Team is the emergency room of cybersecurity. You don’t want to need one, but once something bad happens, the ER doctors might just save your life. You don’t want to need critical incident response, but once a cyber incident occurs, you’ll be glad you have a team ready.
One of the most notable data breaches this year was the MGM Resorts attack, which not only caused serious disruptions to MGM’s business, but also had far-reaching implications for their supply chain.
Although Log4j and follow-up attack vectors are still a real threat for many organizations, it’s certainly not too early to draw lessons learned from this episode. What made Log4j different from other ‘classic’ 2021 vulnerabilities such as Citrix, Kaseya, and Hafnium (Exchange) is the fact that it was much harder for organizations to pinpoint if they were vulnerable.