ISO 27001 Statement of Applicability A central component of becoming compliant with ISO 27001 is creating a Statement of Applicability (SoA). This is a document in which a vast number of controls (defensive policies, procedures, techniques and mechanisms) are considered, and the applicability of each one is weighed up against your organisation’s risks. While a […]
19
Jul
Jul
Not many companies anticipate being the focal point of a significant data breach incident. However, cybercriminals can infiltrate around 93% of businesses within an average of two days. In the third quarter of 2022 alone, approximately 150 million data records were compromised In today’s competitive business landscape, companies increasingly rely on data systems like cloud […]
13
Jul
Jul
“So, all we have to do to implement these 11 chapters containing 91 articles in 261 pages of data protection regulation and all our worries about our clients, staff and suppliers’ Personally Identifiable Information (PPI) will be over?” “Yes, that’s it.” “Jess how long have you worked here?” “Erm, 20 years since last spring. “ […]
07
Jul
Jul
In a world where the digital landscape keeps changing, how can we effectively protect our organisations from threats? This is a question with no one-size-fits-all answer as there are various tactics to protect your systems. However, we will be focusing on the use of black box penetration testing to identify weaknesses within your systems or […]
05
Jul
Jul
What is External Penetration Testing External penetration testing also known as external network penetration testing helps to assess the security organisation’s online presence and evaluate the effectiveness of its public-facing systems. The primary objective of this testing is to simulate real-world cyber threats originating from anywhere in the world, with ethical hackers acting as external […]
04
Jul
Jul
Thinking About Getting Your Cloud Platform SOC 2 Compliant? If your company handles sensitive data, you may be required to undergo a SOC 2 audit to ensure that your systems and processes are secure and compliant with industry standards. There are five basic steps to ensure compliance the first time around — from understanding the […]
21
Jun
Jun
2023 MOVEit Cyber Attack to Affect the Masses Yet again, here’s a prime example of how a security vendor has failed to provide a secure tool. Sure…MOVEit may have had a fancy sales pitch and enticing software promising to transfer sensitive files securely when in fact were not secure themselves. The UK Evening Standard reported, […]
20
Jun
Jun
Title: Improper Access Control in DEPUSDT_LEVUSDC Protocol Date: 15/06/2023 Link: https://twitter.com/1nf0s3cpt/status/1669624223059546112?s=46 An attack has occurred on the $DEPUSDT token on the Ethereum blockchain, leading to a significant loss of approximately $69,000. Additionally, the attacker also targeted the $LEVUSDC token, resulting in a loss of approximately $36,000. The attack was made possible due to the existence […]
19
Jun
Jun
If artificial intelligence wants to be human so badly, let’s start treating it like one. Right now, we’re seeing a flurry of ‘panic policies’, in which organisations are scrambling to not only define what ‘AI’ is (clue: it’s not just ‘Chat GPT’), but also how to protect themselves against it, whilst not missing out on […]
19
Jun
Jun
The Emergence of Blockchain Technology How did we arrive at blockchain technology? Let’s start from the beginning. The internet, which has been in existence for over 60 years, is built on the TCP/IP and OSI model stack. Originally designed for information sharing through the client-server model, the internet has evolved into a powerful technology that […]