Blog

Security Awareness Training – are organisations doing enough?

Security Awareness Training – are organisations doing enough? Security awareness training is a vital way to prepare employees for the threats that surround them. After all, your employees are your cyber security team's first line of defense. The strength of your cyber security program depends on the security awareness your employees possess. In order for you to establish a security aware culture, it's essential that you have an ongoing commitment from everyone: managers, all departments, and people in your organisation. It essentially means everyone needs to be on board, aware of what goes on, and supportive of the effort. An effective security awareness training program must be informed by regular training sessions, not just a single quarterly email about phishing.  The key benefit of security awareness training lies in the fact that it equips employees with the knowledge they need to combat these threats. Continue reading to find out if

By |2023-03-30T17:09:34+00:00April 13th, 2021|Blog|Comments Off on Security Awareness Training – are organisations doing enough?
Read More

Are dashboards the future of cyber security reporting? Part 1

Are dashboards the future of cyber security reporting? Part 1 Today, C-level executives are making more of an investment in IT security than ever before. In response, information security officers are now regularly needed to report on the security posture of their organisation and communicate their findings to the board. Now more than ever, CISO's and their lieutenants are in need of robust reports that provide visibility into security-related metrics. The legacy reporting tools that used to be the standard for CISO’s are becoming obsolete and ineffective. More cyber security activities than ever before require detailed and condensed reports. Pulling together a few useful documents and summaries is no longer enough; CISO's need deep dives that provide visibility into critical security metrics. Join us as we explore new technologies to answer a single question: are dashboards the future of cyber security reporting? Data visualisations and considerations Data is only as

By |2023-03-30T17:09:35+00:00March 31st, 2021|Blog|Comments Off on Are dashboards the future of cyber security reporting? Part 1
Read More

4 Tips for a successful cyber threat intelligence program

4 Tips for a successful cyber threat intelligence program The information security threat landscape is constantly evolving, becoming more complex and in many cases, overpowering the security environment. The number of successful hacker attacks each day is increasing. Cyber criminals are continually developing new ways to disrupt organisations via cyberextortion, supply chain hacks, and other cunning tactics. An organisation's security team must be more proactive in planning for and dealing with these threats. One of the ways to do this is to make use of cyber threat intelligence (CTI). Here’s how to get the most from your CTI program. What is cyber threat intelligence? In essence, cyber threat intelligence can identify and analyse cyber threats to your organisation. It’s what becomes of data after it’s been gathered, processed and analysed. CTI relies heavily on analysis: sifting through large amounts of data to spot realistic problems and then deploying suitable solutions

By |2023-03-30T17:09:35+00:00March 23rd, 2021|Blog|Comments Off on 4 Tips for a successful cyber threat intelligence program
Read More

Vendor Risk Assessments in 60 Minutes

Vendor Risk Assessments in 60 Minutes When  information security teams are overburdened, evaluating vendor and enterprise risks can quickly consume far too much time and budget. Many organisations rely on a one-size-fits-all assessment, delivering a selection of PDF's, MS Word documents, Excel spreadsheets, and emails linking to a variety of online portals. These assessments are inflexible and time-consuming, allowing for only a limited amount of data to be processed. The review process also ends up frustrating both staff and vendors, the makings of an efficiency nightmare. Assessing vendors for cyber risk is important and necessary, particularly if you share data with an external party, currently taking 4 weeks on average per entity to complete cyber risk assessments. The good news is that it doesn't have to be that way. This article shows how cyber risk assessments can be completed to the same level of detail in as little as 60

By |2023-03-30T17:09:52+00:00March 15th, 2021|Blog|Comments Off on Vendor Risk Assessments in 60 Minutes
Read More

Cyber Risk vs Cyber Threat: Are They The Same Thing?

Cyber Risk vs Cyber Threat: Are They The Same Thing? After the term “cyber threat” began to enter common usage, its meaning became a bit fuzzy. The same goes for “risk” — we’ve all heard the term thrown around, but do we really know what it means and how it is used in IT? In this post, we will attempt to clarify these terms and their relationships. In today’s world, organisations must have high-level data security. Ensuring that client and vendor data isn't compromised is crucial. When customers, clients and vendors sign up to do business with you they expect that their information is deemed important enough for you to do everything in your power to keep it safe. Many clients with sensitive information will also require you to have a clear and thorough data security policy before doing business with you. That begs the question: “How confident are you

By |2023-03-30T17:09:52+00:00March 5th, 2021|Blog|Comments Off on Cyber Risk vs Cyber Threat: Are They The Same Thing?
Read More

Risk Assessment vs. Risk Analysis: An Overview

Risk Assessment vs. Risk Analysis: An Overview The recent growth of the extended enterprise has reached a tipping point. That means more organisations are expanding their businesses into the Cloud, staying leaner, and taking advantage of third-party support. At the same time, data breaches are at an all-time high. According to the Ponemon Institute, the average cost of a data breach in 2020 was $3.86 million. Across the globe, there is a growing awareness that organisations need to proactively manage their cyber risk. Often used as synonyms and easily confused, risk assessment and risk analysis are two unique cyber security processes that IT leaders need to understand to effectively address security issues to prevent data breaches. Below, find out about the differences between these processes and how they fit into a successful cyber security programme. What is a risk assessment? A cyber security risk assessment is the process of identifying,

By |2023-03-30T17:09:52+00:00February 26th, 2021|Blog|Comments Off on Risk Assessment vs. Risk Analysis: An Overview
Read More

How to reduce your cyber risk with the FAIR cyber risk quantification model

How to reduce your cyber risk with the FAIR cyber risk quantification model Cyber risk is very real for organisations, who must constantly manage the risks and threats of cyber related attacks. According to the World Economic Forum's "The Global Risks Report 2021," cyber security failure ranks high among the top ten risks for business in terms of likelihood, outranked only by extreme weather events, livelihood crises and infectious diseases. But if cyber risk isn’t quantifiable, what’s the point? The key for any organisation is to understand exactly how much it's exposed to cyber risk and how much it's likely to lose. By quantifying that risk, you can set limits for your cyber security expenditures and calculate return on those investments. Read on to learn how you can make cyber risk more measurable for your organisation. Cyber Risk Quantification: Understanding the FAIR methodology A large concern in today’s boardroom is

By |2023-03-30T17:09:52+00:00February 18th, 2021|Blog|Comments Off on How to reduce your cyber risk with the FAIR cyber risk quantification model
Read More

A better way to conduct security assessments?

A better way to conduct security assessments? The vendor security assessment process is too long, inefficient and time consuming.  A much better way to perform vendor security assessments would be to use the body of unbiased content that already exists in most companies: the security policy. Here we show you how. The traditional approach to security assessments In 2020, the global average cost of a data breach was $3.86 million, according to Ponemon’s Cost of a Data Breach Report. The report also notes that should a third party cause the data breach, the cost will increase — by more than $370,000. It is no wonder that in the wake of GDPR and large data breaches, organisations require due diligence from their third party vendors, usually in the form of security questionnaires. A security questionnaire assesses your, a vendor or third party's technology systems, physical security and policies. As illustrated in

By |2023-03-30T17:09:52+00:00February 11th, 2021|Blog|Comments Off on A better way to conduct security assessments?
Read More

Simplifying Third-Party Vendor Risk Management

Simplifying Third-Party Vendor Risk Management For many organisations, setting up, managing and maintaining a third-party vendor risk management programme using questionnaires can be a complex, costly and time-consuming exercise. Vendors are often required to respond to similar questionnaires from multiple organisations. For vendors, this can be a tedious and complex process that takes time and, ultimately, money to answer. In this article we will look at some of the security questionnaire basics and explain how to avoid sending burdensome questionnaires, making your vendor management system more efficient and your questionnaire evaluation process more accurate and far less time consuming. Why is there a security questionnaire in my inbox? According to the Ponemon Institute, the average cost of a data breach in 2020 was $3.86 million. Third-party vendors are now, more than ever, a vital component of an organisation’s supply chain. In fact, research conducted by Gartner shows that third parties

By |2023-03-30T17:09:53+00:00February 4th, 2021|Blog|Comments Off on Simplifying Third-Party Vendor Risk Management
Read More

Attack Surface Management: How To Enable Your Company’s Cyber Defence

Attack Surface Management: How To Enable Your Company's Cyber Defence In a new worldwide digital work landscape accelerated by the Covid-19 pandemic, the threats posed by Shadow IT and attack surface expansion have been turbocharged. The attack surface of businesses has rapidly expanded and includes publicly facing infrastructure, domains, users, email addresses, social media, IoT, Cloud and web components. These complex attack surfaces have evolved at an ever-increasing rate, making their management and control difficult. And as its digital attack surface expands, so does the number of potential attacks a business could suffer. Considering that the digital attack surface will only continue to evolve in the future, businesses that are aware of and understand their attack surface will be better enabled to adjust their risk posture to defend themselves. Shadow IT & Digital Attack Surface Shadow IT resources include software, apps, systems and devices that are not approved by the

By |2023-03-30T17:09:53+00:00January 21st, 2021|Blog|Comments Off on Attack Surface Management: How To Enable Your Company’s Cyber Defence
Read More
© Copyright Elasticito Limited | Privacy Policy | Cookie Policy | Site Map | Website designed by Crazy Gecko Limited
LinkedInX