Blog

Security Assessment Questionnaire Response Automation

Making the case for Security Assessment Questionnaire Response Automation Business partnerships require trust – without it, success is very difficult to attain. In the current business landscape, however, it's increasingly difficult to tell whether a vendor is trustworthy and deserving of that trust. As information technology becomes more advanced, so do the ways in which trust can be broken. Today, the potential for intentional or unintentional breakage of it has increased multifold. Assessing security risk with questionnaires is one method to effectively understand the security risk that a vendor may pose to the business, particularly if you entrust them with your data. If you are reading this article, you’ve more than likely handled your fair share of security assessment questionnaires. Like us, you are probably frustrated by the entire process too. We would like to make the case for automated security questionnaires in the article below. The traditional approach to

By |2023-03-30T17:09:33+00:00May 25th, 2021|Blog|Comments Off on Security Assessment Questionnaire Response Automation
Read More

Building the case for Security Validation

Building the case for Security Validation Image credit: USA Today Events of the last month have shown that, despite best efforts and assumptions on how well protected corporate networks are, damaging Ransomware attacks and other cyber threats, continue to wreak havoc on companies and organisations in all industry sectors. Just in the last month, we have seen crippling Ransomware attacks on Colonial Pipeline, the Irish Health Service, the University of Portsmouth, and many others.  In most, if not all, of these cases, the IT and information security teams will undoubtedly have told their management teams and oversight Boards, that they had invested in adequate security controls and that they conduct regular penetration testing. So, it begs the question: why are corporate networks still so vulnerable to these attacks?  The answers to this are probably wide ranging, but one consistent theme is an assumption that corporate networks are protected because certain

By |2023-03-30T17:09:33+00:00May 18th, 2021|Blog|Comments Off on Building the case for Security Validation
Read More

10 Tips for Detecting and Mitigating Phishing Attacks

10 Tips for Detecting and Mitigating Phishing Attacks Despite being a well known problem, phishing remains a significant issue for companies. Notwithstanding the increased sophistication of new malware and advanced persistent threats, phishing is still one of the most effective ways to breach networks, steal money and credentials, and exfiltrate data. Phishing can be the first stage in a sophisticated information-stealing attack. It's a tried and true method that cyber criminals have been using for years but are now adapting to their own needs. It remains pervasive because phishers get away with it so often. Read on for ways to detect and mitigate phishing attacks. There are many types of phishing attacks organisations must be wary of. The main outcomes of all phishing attempts are to steal credentials, instigate a ransomware attack, install malware or trick a person into making a payment for a fictitious service. “Phishing emails are one

By |2023-03-30T17:09:34+00:00May 11th, 2021|Blog|Comments Off on 10 Tips for Detecting and Mitigating Phishing Attacks
Read More

Ransomware: Facts, Risks, and Countermeasures

Ransomware: Facts, Risks, and Countermeasures Ransomware has been a major threat to cyber security in the past few years. The malware encrypts files, locking them and demanding a ransom to unlock them. These ransomware attacks have affected organisations, hospitals, schools, municipalities and enterprises. Ransomware is becoming more sophisticated and difficult to stop, with attackers increasingly encrypting data before demanding money to decrypt it. One thing is certain: ransomware attacks have many different appearances and come in all shapes and sizes. Continue reading to find out about the latest development in the fight against ransomware. Malware with a ransom note Ransomware is a type of malware that is used to encrypt files held on a computer in such a way that they can only be unencrypted by paying a ransom. Victims are told that they must pay the ransom, or risk to lose access to their files forever. Users are shown

By |2023-03-30T17:09:34+00:00May 4th, 2021|Blog|Comments Off on Ransomware: Facts, Risks, and Countermeasures
Read More

Cats, Dogs and Cyber Security

My wife is a cat person.  We have two fluff-ball Ragdoll cats, who are not allowed outside - mainly because we know that they have the capability to scale our garden wall, but probably not the ability to find their way home again! Recently, we adopted a rescue dog.  She is however, allowed into the garden; much to the chagrin of the cats.  This is because, to our knowledge, we do not believe that the dog has the capability of scaling our outer perimeter. In the information security world, we at Elasticito, spend a lot of time working with information security teams and senior management helping them to understand and manage cyber risks, threats and threat actor capabilities within the context of their businesses.  It seems to me, that the complex world of cyber security is actually not much more complex than the dynamics between cats, dogs and garden fences.

By |2023-03-30T17:09:34+00:00April 27th, 2021|Blog|Comments Off on Cats, Dogs and Cyber Security
Read More

The Ransomware Revolution

The Ransomware Revolution In recent years, we’ve seen a fundamental shift in how threat actors approach ransomware. Threat actors today are not as interested in taking credit for encrypting files and escaping with stolen funds or valuable data. They’re more focused on destroying backups and exfiltrating data before they can be recovered. According to Forbes, this significant alteration has increased the scope of cyber attacks, raising ransom payments much higher than prior averages. Forbes emphasises that average ransomware payments have steadily risen over the past five years, from less than $300 in 2015 to $6,700 in 2018 to $111,000 in 2020. Continue reading to find out more about the ransomware revolution. The State of Ransomware in 2021 Ransomware was the most common cyber threat to organisations in 2020. It is especially prevalent among finance, e-commerce, and healthcare companies. In addition to the costs of security incidents, ransomware also has a negative impact on victim companies'

By |2023-03-30T17:09:34+00:00April 20th, 2021|Blog|Comments Off on The Ransomware Revolution
Read More

Security Awareness Training – are organisations doing enough?

Security Awareness Training – are organisations doing enough? Security awareness training is a vital way to prepare employees for the threats that surround them. After all, your employees are your cyber security team's first line of defense. The strength of your cyber security program depends on the security awareness your employees possess. In order for you to establish a security aware culture, it's essential that you have an ongoing commitment from everyone: managers, all departments, and people in your organisation. It essentially means everyone needs to be on board, aware of what goes on, and supportive of the effort. An effective security awareness training program must be informed by regular training sessions, not just a single quarterly email about phishing.  The key benefit of security awareness training lies in the fact that it equips employees with the knowledge they need to combat these threats. Continue reading to find out if

By |2023-03-30T17:09:34+00:00April 13th, 2021|Blog|Comments Off on Security Awareness Training – are organisations doing enough?
Read More

Are dashboards the future of cyber security reporting? Part 1

Are dashboards the future of cyber security reporting? Part 1 Today, C-level executives are making more of an investment in IT security than ever before. In response, information security officers are now regularly needed to report on the security posture of their organisation and communicate their findings to the board. Now more than ever, CISO's and their lieutenants are in need of robust reports that provide visibility into security-related metrics. The legacy reporting tools that used to be the standard for CISO’s are becoming obsolete and ineffective. More cyber security activities than ever before require detailed and condensed reports. Pulling together a few useful documents and summaries is no longer enough; CISO's need deep dives that provide visibility into critical security metrics. Join us as we explore new technologies to answer a single question: are dashboards the future of cyber security reporting? Data visualisations and considerations Data is only as

By |2023-03-30T17:09:35+00:00March 31st, 2021|Blog|Comments Off on Are dashboards the future of cyber security reporting? Part 1
Read More

4 Tips for a successful cyber threat intelligence program

4 Tips for a successful cyber threat intelligence program The information security threat landscape is constantly evolving, becoming more complex and in many cases, overpowering the security environment. The number of successful hacker attacks each day is increasing. Cyber criminals are continually developing new ways to disrupt organisations via cyberextortion, supply chain hacks, and other cunning tactics. An organisation's security team must be more proactive in planning for and dealing with these threats. One of the ways to do this is to make use of cyber threat intelligence (CTI). Here’s how to get the most from your CTI program. What is cyber threat intelligence? In essence, cyber threat intelligence can identify and analyse cyber threats to your organisation. It’s what becomes of data after it’s been gathered, processed and analysed. CTI relies heavily on analysis: sifting through large amounts of data to spot realistic problems and then deploying suitable solutions

By |2023-03-30T17:09:35+00:00March 23rd, 2021|Blog|Comments Off on 4 Tips for a successful cyber threat intelligence program
Read More

Vendor Risk Assessments in 60 Minutes

Vendor Risk Assessments in 60 Minutes When  information security teams are overburdened, evaluating vendor and enterprise risks can quickly consume far too much time and budget. Many organisations rely on a one-size-fits-all assessment, delivering a selection of PDF's, MS Word documents, Excel spreadsheets, and emails linking to a variety of online portals. These assessments are inflexible and time-consuming, allowing for only a limited amount of data to be processed. The review process also ends up frustrating both staff and vendors, the makings of an efficiency nightmare. Assessing vendors for cyber risk is important and necessary, particularly if you share data with an external party, currently taking 4 weeks on average per entity to complete cyber risk assessments. The good news is that it doesn't have to be that way. This article shows how cyber risk assessments can be completed to the same level of detail in as little as 60

By |2023-03-30T17:09:52+00:00March 15th, 2021|Blog|Comments Off on Vendor Risk Assessments in 60 Minutes
Read More