Social engineering is a term used for a wide variety of activities used by threat actors to manipulate or trick end users into bypassing security controls or providing sensitive information (such as login credentials) —that they then use to obtain unauthorised access to the systems they target. It’s not a new threat. It’s been around […]
07
Feb
Feb
The DarkSide Ransomware Group is one of the many gangs that continue to rebrand themselves while expanding to gain more intelligence in 2022. So, is there any way to outsmart these groups? It almost seems like a losing battle. However, a strong defence can be created within your organisation, but first, it’s important to start […]
13
Dec
Dec
Are you ready to close this book? What a journey 2021 has been. We’ve extremely enjoyed seeing our customers face-to-face and online, and building stronger relationships by understanding their challenges — because it’s what we do! 2021 did read through like a thriller book of phishing scams and ransomware attacks. And as a typical thriller, some […]
07
Dec
Dec
We often hear the question: “Should we perform Red Team Testing without a Blue Team?” The answer is yes and let’s explain this answer by starting with a reminder of the objective of performing Red Team Testing – to verify the effectiveness of the security controls implemented in the organisation’s people, process, facilities and technology. […]
22
Nov
Nov
More than often when organisations are directed by the board to deploy a Red Team test, there is often confusion on what testing should encompass. Many often think Red Team testing is just robust penetration test – but in fact, each have many differences. Although there are some similarities, they differ not only in terms […]
07
Oct
Oct
Typically, ROI is seen as money spent vs money received to see if the investment is profitable. In this case, it is the security testing investment vs savings (average cost of a breach minus security testing cost). If you are curious about why a red team test improves testing ROI and how to gain an […]
21
Sep
Sep
There is no doubt that the number of qualified and available to hire cyber security experts is decreasing. A study by the Center of Cyber Safety and Education identified that there may be close to 100,000 unfilled UK cyber security jobs by 2022. With this staggering statistic, it’s no wonder why many organisations battle to […]
15
Sep
Sep
Software companies have naturally embraced the cloud. It provides countless benefits for their clients, ranging from the lack of installation or maintenance of on-premises solutions to the ease of scalability. However, with benefits come risks as it provides Threat Actors with a single, centralised internet-facing target. Consequently, security becomes paramount. If you are a SaaS […]
08
Sep
Sep
This is a guest article written by Ty Brush. The author’s views are entirely his own and do not necessarily reflect the views of Risk Crew. Enjoy! Many European and UK organisations are already ISO 27001 (Information Security Management) certified, and rightfully so as the International Information Security Standard (ISO 27001) serves as the principal cyber security standard […]
12
Aug
Aug
Introduction Whitelisting is a cyber security strategy where a user granted administrative rights could take action on their computer. However, rather than attempting to keep one stride in front of threat attackers to recognise and obstruct malicious code, the IT staff would rather order a rundown of supported applications that a computer or a mobile […]