Recently published blogs
Prevention should be the holy grail of any cybersecurity strategy, but we know that 100% prevention is not realistic. So, what exactly happens when a serious threat is detected? Using a recent incident as an example, it is enlightening to follow the chain of events that starts when human SOC analysts decide that CSIRT action is required.
NIS2 has been in effect since January 2023, with a deadline of October 2024 for EU member states to publish and implement policy. Not only does NIS2 dictate new, stricter cybersecurity guidelines, but if European legislators can prove gross negligence, fines for both your company and you as the CEO of the company will be quite significant.
Multiplying these factors gives a numerical depiction of risk, aiding in its prioritization and management. For instance, a high-impact but low-likelihood event might be deemed acceptable. Yet, an event with moderate impact and high likelihood could be perceived as riskier. Real-world risk assessment is, of course, more intricate than this … Read more
One of the most notable data breaches this year was the MGM Resorts attack, which not only caused serious disruptions to MGM’s business, but also had far-reaching implications for their supply chain.
Though Zero Trust is here to stay, that doesn’t mean implementation is easy. Rob Maas is one of the leading Zero Trust consultants and the Field CTO at ON2IT. In this blog series, he’ll provide background and tips based on his years of practical experience implementing Zero Trust.
In our interconnected digital age, robust cybersecurity is as much about understanding what you’re defending as it is about the intricacies of the defenses themselves. Think of digital assets as a vast castle.
Many companies don’t stop to think about the status of their cybersecurity until a problem arises. Whether it’s a sudden transition to remote work or the abrupt implementation or alteration of compliance guidelines, the moment to then start thinking about your cybersecurity will already have passed.
In the digital age, where the fabric of our interconnected world is woven with threads of data and technology, the imperative for cyber resilience has never been more urgent.
As a CISO, or a head of IT: how do you appeal to the board to make sure they understand the value of good cybersecurity? In this blog, we offer some guidelines in the shape of a fictional speech to the board. Thank you for giving me the opportunity to … Read more
The shortage of staff in the IT market is nothing new: companies struggle to find and maintain good IT staff, a lack of specific knowledge and skills amongst IT staff makes a large number of job ads hard to fill and it’s becoming more and more normal to regularly switch jobs.
Return on Investment (ROI) in the context of cybersecurity measures is a hot subject. Which makes sense, as technology providers don’t want to position cybersecurity as a cost with no return. But how accurate is that discussion?
Software has vulnerabilities that provide hackers with the opportunity to steal data, install ransomware or sabotage your business. Criminal organizations and intelligence services are willing to pay a lot of money for vulnerabilities that (almost) no one knows about. Big bucks (or rather, cryptos) are paid for these zero-days on the so-called dark web, because they offer you an open backdoor just for you
A partner who just collects alerts and then makes leaves fixing the problem in your hands, doesn’t actually get you anywhere. It’s comparable to a security service that sends you a quick message: we received a report of a break-in at your office: good luck with that!
Strangely, most companies, including larger organizations, have set up their cybersecurity according to the above pager duty model. Truly incomprehensible, as cold statistics tell you that ransomware, data theft or cyber sabotage are a great threat to continuity than the traditional calamities that we do adequately deal with.
The main items I’ve found to be of interest are the scale at which attacks against APIs have grown (+192% from 2022), the reiteration of the fact that attackers do not care about the OWASP Top 10 and the focus on Open Source Software (OSS). Why Open Source is great … Read more
KEEP UP WITH
OUR LATEST RESEARCH
Want to stay in the loop on our latest cybersecurity research?
Sign up and get cybersecurity updates delivered straight to your inbox.
