Blog & Insights
NIS2 Directive Readiness: Compliance, Challenges & Recommendations
NIS2 Directive Readiness: Compliance, Challenges & Recommendations In this dynamic environment, the NIS2 Directive stands as a pivotal piece of legislation, representing a significant stride forward in bolstering cybersecurity across the European Union. An updated iteration of the original Network and Information Systems (NIS) Directive, NIS2 imposes stricter requirements on
How Cyber Risk Ratings Drive DORA Compliance in 2025
How Cyber Risk Ratings Drive DORA Compliance in 2025 In the dynamic digital landscape of 2025, the drumbeat of cyberattacks continues to intensify, pushing regulatory bodies to fortify critical sectors. The European Union, recognising the existential threat posed to its financial stability, has introduced the Digital Operational Resilience Act (DORA).
The Digital Operational Resilience Act: Essential Guide – Part 2
The Digital Operational Resilience Act: Essential Guide - Part 2 The European financial sector faces increasing cyber threats and operational disruptions. Consequently, the sector is now subject to the Digital Operational Resilience Act (DORA). This article, the second part of our essential guide, follows our initial overview of DORA in
The Digital Operational Resilience Act: Essential Guide – Part 1
The Digital Operational Resilience Act: Essential Guide - Part 1 The Digital Operational Resilience Act (DORA), effective January 2025, imposes significant cybersecurity obligations on more than 21,000 EU financial institutions. It demands robust technical safeguards, rapid incident reporting (within four hours), structured risk management and third-party oversight. This technical guide
Cultivating Your Digital Fitness Through Cyber Resilience
Cultivating Your Digital Fitness Through Cyber Resilience We often talk about cyber security in the language of physical health – computer "viruses," digital "hygiene." However, what happens when, despite our best efforts at washing our virtual hands and taking our digital vitamins, a threat still infiltrates our systems? This is
Do You Know These Secrets About Your Supply Chain?
Do You Know These Secrets About Your Supply Chain? In today's hyper-connected global economy, managing supply chain risk isn't just about knowing your immediate suppliers. It's about understanding the intricate web of extended supplier connections, stretching from your fourth-tier partners to potentially countless others. This complexity introduces unprecedented challenges for
Ransomware and Supply Chain: How Vendors Create Victims
Ransomware and Supply Chain: How Vendors Create Victims Ransomware attacks are a growing menace, causing significant disruption and financial loss. In 2024, these attacks reportedly cost businesses an estimated $9.5 trillion globally. This escalating trend highlights the critical need for robust cyber security strategies. A particularly concerning aspect is the vulnerability
Building an Unbreakable Supply Chain Security System
Building an Unbreakable Supply Chain Security System A robust Supply Chain is the lifeblood of any successful business. However, this intricate web of suppliers, vendors and partners presents a significant vulnerability: security breaches. Recent high-profile attacks and alarming statistics underscore the urgent need for comprehensive Supply Chain Security management. A
Telecom Namibia Data Breach – Predictable and Avoidable?
Was the Telecom Namibia Data Breach Predictable and Avoidable? A Supply Chain Risk Management Perspective Introduction One Tue 10th, December 2024 a notice was published by a Threat Actor ransomware group called Hunter International stating that Telecom Namibia Limited was allegedly hacked. The objective of this post is to examine
Ransomware vs. Malware: Key Differences and Security Measures
Ransomware vs. Malware: Key Differences and Security Measures In today's digital age, cyber threats have become increasingly sophisticated and prevalent. Two of the most common cyberattacks are Ransomware and Malware. While both pose significant risks to individuals and organisations, they differ in their objectives and methods. Understanding the key differences
Digital Operational Resilience Act: Financial Institutions
Digital Operational Resilience Act: Financial Institutions The Digital Operational Resilience Act is a landmark piece of legislation designed to strengthen the cyber security and operational resilience of financial institutions within the European Union. As the financial sector continues to become increasingly digital, the need for robust defences against cyber threats
How to Uncover Your Susceptibility to a Ransomware Attack
How to Uncover Your Susceptibility to a Ransomware Attack Ransomware attacks continue to pose a significant threat to organisations worldwide. However, traditional security measures often prove ineffective against increasingly sophisticated attack vectors. In light of this, vulnerability assessment has become more crucial than ever for cyber security teams. A systematic
Ransomware: How Susceptible Is Your Organisation? – Part 2
Ransomware: How Susceptible Is Your Organisation? - Part 2 Building upon our previous article, "Ransomware: How Susceptible Is Your Organization? - Part 1," we continue our exploration of this escalating cyber threat. Ransomware attacks have skyrocketed in recent years, causing significant disruption and financial losses to organisations worldwide. This malicious
Ransomware: How Susceptible Is Your Organisation? – Part 1
Ransomware: How Susceptible Is Your Organisation? - Part 1 Ransomware has become a critical cyber security threat, causing significant disruption and financial losses to organisations worldwide. This malicious software encrypts valuable data, holding it hostage until a ransom is paid, often leaving businesses in a precarious position. The rise
How to Achieve Cyber Resilience Using the NIST Cybersecurity Framework
How to Achieve Cyber Resilience Using the NIST Cybersecurity Framework In today's digital age, cyber threats pose significant risks to organisations of all sizes. The NIST Cybersecurity Framework has emerged as a crucial tool to help businesses enhance their cyber resilience. This comprehensive approach to risk management provides a structured
How to Master Open-Source Intelligence: Tips and Tricks
How to Master Open-Source Intelligence: Tips and Tricks Open-Source Intelligence is the practice of gathering and analysing publicly available data to gain actionable information. Even if you are a cyber security professional, journalist, or simply someone curious about investigative techniques, mastering Open-Source Intelligence allows you to uncover comprehensive data and
5-Step Attack Surface Management Guide
5-Step Attack Surface Management Guide As cyber criminals develop ever more sophisticated tactics, proactively managing your attack surface has become an essential defence for organisations of all sizes. Attack surface management isn't just about plugging holes; it's a systematic approach to continuously identify every potential entry point - from internet-facing
Password Power Up: Your Guide to Online Security
Password Power Up: Your Guide to Online Security Passwords safeguard our social media profiles, financial accounts, and a treasure trove of personal information. A weak password is an open invitation to vulnerability. This following article "Password Power Up: Your Guide to Online Security" will unravel the art of creating robust
8 Surefire Shields Against Ransomware
8 Surefire Shields Against Ransomware In our increasingly digital world, data is the cornerstone of our lives. It stores everything from personal photos to financial records, and for organisations, it is the engine that keeps operations running. But with this dependence comes a growing threat: Ransomware. This malicious software acts
Elasticito and Phinity Risk Solutions Forge a Dynamic Strategic Partnership
Elasticito and Phinity Risk Solutions Forge a Dynamic Strategic Partnership FOR IMMEDIATE RELEASE Elasticito and Phinity Risk Solutions Forge a Dynamic Strategic Partnership LONDON, 10 NOVEMBER, 2023 – Elasticito, a leading cyber security advisory and solution provider firm, and Phinity Risk Solutions, a prominent provider of integrated risk management services,
5 Best Practices to Succeed in Attack Surface Management
5 Best Practices to Succeed in Attack Surface Management In today's rapidly evolving digital landscape, organisations face an increasing number of cyber threats that can exploit vulnerabilities in their systems. In this article, we will explore five best practices to succeed in attack surface management and safeguard your digital assets.
Disaster Recovery, Backup and Your Cyber Security Strategy
Disaster Recovery, Backup and Your Cyber Security Strategy In today's digital landscape, protecting your business from cyber threats is of utmost importance. While preventive measures like firewalls and antivirus software are commonly prioritised, disaster recovery (DR) and backup plans are often overlooked. However, integrating robust disaster recovery and backup solutions
A Practical Guide to Attack Surface Management
Webinar - A Practical Guide to Attack Surface Management Register now A Practical Guide to Attack Surface Management aims to provide practical tips and best practices to help organisations implement a comprehensive and effective attack surface management program. Attack Surface Management is a security practice aimed at identifying,
A Practical Guide to Attack Surface Management
A Practical Guide to Attack Surface Management A Practical Guide to Attack Surface Management aims to provide practical tips and best practices to help organisations implement a comprehensive and effective attack surface management program. Attack Surface Management is a security practice aimed at identifying, managing, and mitigating potential attack vectors
Swipe Left on Romance Scams This Valentine’s Day
Swipe Left on Romance Scams This Valentine’s Day You might find yourself browsing through profiles on online dating sites in the lead-up to Valentine's Day this year. Can you tell the difference between someone who is simply using a decades-old photo and a lothario scammer trying to swoon their way
Quantifying Third Party Cyber Risk
Quantifying Third Party Cyber Risk In today's digital age, quantifying third party cyber risk is critical. Organisations of all sizes rely on third parties to provide a variety of services. From cloud computing and data storage to payment processing and customer support. While these partnerships can bring significant benefits, they
Creating a WHOIS Template to Register Domains
Creating a WHOIS Template to Register Domains When a domain name is registered, ICANN requires that personal information including your full name, address, phone number, and email address be provided. This information is then made visible to the public via a WHOIS lookup. In fact, it's available to everyone including
Why It Is Important to Assess and Monitor Third Party Risk
Why It Is Important to Assess and Monitor Third Party Risk The handling of risks associated with third parties is essential to avoiding numerous problems. Failing to assess these risks can open up an organisation to supply chain attacks, data breaches and cause reputational damage. Due to these factors, governments
5 Cyber Security Tips to Keep Your Business Safe
5 Cyber Security Tips to Keep Your Business Safe A major concern for CISO's, IT teams, SOC teams and other cyber security personnel during 2022 has been protecting their organisations from cyber security attacks. But are you taking all the necessary steps to keep your organisation's data and online presence
The Anatomy of a Data Breach
The Anatomy of a Data Breach Arguably no phrase has dominated the tech world the last 24 months more than the term “data breach.” From breaches that have impacted critical infrastructure like the Colonial Pipeline event, to hackers compromising healthcare records at UC San Diego Health. The last two years
4 Ways to Use Security Ratings Tools to Automate Risk Assessments
4 Ways to Use Security Ratings Tools to Automate Risk Assessments Your organisation is at risk of being attacked by cyber criminals. It's just a fact of life in this digital age. But how great is the risk you're facing and what can you do to mitigate it? Security ratings
Elasticito Limited Announces Commitment to Growing Global Cyber Security Success by Becoming a Cyber Security Awareness Month 2022 Champion
Elasticito Limited Announces Commitment to Growing Global Cyber Security Success by Becoming a Cyber Security Awareness Month 2022 Champion Building on annual success Cyber Security Awareness Month 2022 is set to highlight the growing importance of cyber security in our daily lives and look to empower everyday individuals and business
3 Steps to Holistic Third-Party Risk Management
3 Steps to Holistic Third-Party Risk Management As businesses increasingly rely on third-party organisations to provide goods and services, it's important for CISOs and risk teams to understand the potential risks involved. If data sharing or interaction with customer data is required, the organisation's exposure to risk can significantly increase.
Using Cyber Risk Ratings for DORA Compliance
Using Cyber Risk Ratings for DORA Compliance The number of cyber attacks across the world is on the rise, and the European Union is taking steps to strengthen the IT security of financial institutions such as banks, insurance companies and investment firms. DORA, the Digital Operational Resilience Act, will help
7 Questions to Ask About Cyber Insurance
7 Questions to Ask About Cyber Insurance As more and more aspects of our lives move into the digital realm, the risks we face from cyber threats are also increasing. This warrants the need for a plan to protect ourselves from the repercussions of such dangers. Enter the realm of
How Do You Determine the Risk Impact of a Vendor?
How Do You Determine the Risk Impact of a Vendor? Vendor risk assessment is an important part of business management. Vendor relationships can deliver value, but they also have risks. A vendor risk assessment is an important step when evaluating the risks your business may be taking with third-party vendors.
A Business Perspective of Supply Chain Risk
A Business Perspective of Supply Chain Risk Today's supply chains are just as long, complex, and important as the ancient Silk Road. But where the Silk Road became vital to civilisations of the past, modern supply chains could be their downfall, jeopardising functionality and consequently organisations' reputations. In the interconnected,
Understanding Cyber Risk Exposure for Vendors in Russia & Ukraine
Understanding Cyber Risk Exposure for Vendors in Russia & Ukraine It was only 60 years ago when the world feared a global nuclear war. Fortunately, we made it through that period. But with geopolitical tensions at an all-time high, the risk of a devastating global cyber war is becoming more
The Business Case for Risk Quantification for Third Parties
The Business Case for Risk Quantification for Third Parties With so many technologies out there, companies need to be smart with how they invest. When it comes to cyber security, if you're not investing in it, you're risking your own success. Cyber security requires monetary investment and attention to implementation
Will conflict in Ukraine raise the risk of cyber attacks in other countries?
Will conflict in Ukraine raise the risk of cyber attacks in other countries? In a nutshell, the general consensus is, yes. Conflict in Ukraine will raise the risk of cyber attacks in other countries. If as is expected, the situation in Ukraine escalates to all out conflict, we
Data Privacy and the Future of Business
Data Privacy and the Future of Business 2021 was a watershed year in terms of business data use. And 2022 is likely to be another. Therefore, it is imperative that businesses put their best foot forward when it comes to data privacy. Let's take a look at data privacy and
How to Take Back Control of Your Data
How to Take Back Control of Your Data From social media to online shopping, our lives and the digital world become more and more intertwined everyday. And while the digital world has afforded us a whole new level of convenience and access to information, it is imperative that consumers remember
Prioritizing Cyber Security in a Hybrid Workplace
Prioritizing Cyber Security in a Hybrid Workplace In this day and age, employees are more connected than ever. The hybrid workplace is here to stay, and for employees, this means relying on connected devices from their home office setups. According to recent data, smart home systems are set to rise
Be Cyber Smart this Cyber Security Awareness Month
Be Cyber Smart this Cyber Security Awareness Month Every October, Cyber Security Awareness Month continues to raise awareness about the importance of cyber security around the world. Led by the Cyber Security and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), Cyber Security Awareness Month shares messages
Human Behavior. Your Biggest Cyber Security Risk?
Human Behavior. Your Biggest Cyber Security Risk? Data breaches, theft, and corruption are an unfortunate reality of the digital world. However, have you ever thought about human behavior? Could it possibly be your biggest cyber security risk? In this era, cyber criminals have created a perfect environment to access sensitive
Celebrate Cyber Security Awareness Month 2021
What are you planning for Cyber Security Awareness Month 2021? Cyber Security Awareness Month is coming up in October. This collaborative effort between government and industry aims to provide all people with the resources they need to stay safe and secure online. What is Cyber Security Awareness Month? Cyber Security
3 Essential Security Awareness Training Topics for 2021
3 Essential Security Awareness Training Topics for 2021 In 2021, organisations must lead the charge to educate the workforce on cyber security best practice. Threats are growing to become more sophisticated every day, and it is critical for employees to know how to defend their data and systems. Security awareness
SANS Security Awareness Announces Strategic Relationship with Elasticito
SANS Security Awareness Announces Further Expansion in Europe with Strategic Channel Sales Relationship with Elasticito North Bethesda, MD, USA and London, UK – 6 JULY, 2021 – SANS Security Awareness, the global leader in providing security awareness training, today announces a new strategic partnership with Elasticito, a leading cyber
Post-Pandemic Technology & Cyber Security Trends in Banking – Part 2
Post-Pandemic Technology & Cyber Security Trends in Banking – Part 2 In this second part of our review of key cyber and security-related technology trends in banking in the post-pandemic world, we look at the top cyber threats targeting banking and financial services organisations in 2021. We also look at
Post-Pandemic Technology & Cyber Security Trends in Banking – Part 1
Post-Pandemic Technology & Cyber Security Trends in Banking - Part 1 The banking sector is in the midst of a digital transformation that is causing its attack surface to grow, exposing organisations to increased levels of cyber threat activity. As more organisations adopt digital banking solutions, having effective cybersecurity programs
Mitigating a Ransomware Attack – Can Security Awareness Training Assist?
Mitigating a Ransomware Attack – Can Security Awareness Training Assist? As the frequency and cost of ransomware attacks continue to rise, solutions for ransomware mitigation and prevention must be at the top of every IT leader and department's list of priorities. Where most see crisis, cybercriminals see opportunity. In this
Security Assessment Questionnaire Response Automation
Making the case for Security Assessment Questionnaire Response Automation Business partnerships require trust – without it, success is very difficult to attain. In the current business landscape, however, it's increasingly difficult to tell whether a vendor is trustworthy and deserving of that trust. As information technology becomes more advanced, so
Building the case for Security Validation
Building the case for Security Validation Image credit: USA Today Events of the last month have shown that, despite best efforts and assumptions on how well protected corporate networks are, damaging Ransomware attacks and other cyber threats, continue to wreak havoc on companies and organisations in all industry sectors. Just
10 Tips for Detecting and Mitigating Phishing Attacks
10 Tips for Detecting and Mitigating Phishing Attacks Despite being a well known problem, phishing remains a significant issue for companies. Notwithstanding the increased sophistication of new malware and advanced persistent threats, phishing is still one of the most effective ways to breach networks, steal money and credentials, and exfiltrate
Ransomware: Facts, Risks, and Countermeasures
Ransomware: Facts, Risks, and Countermeasures Ransomware has been a major threat to cyber security in the past few years. The malware encrypts files, locking them and demanding a ransom to unlock them. These ransomware attacks have affected organisations, hospitals, schools, municipalities and enterprises. Ransomware is becoming more sophisticated and difficult
Cats, Dogs and Cyber Security
My wife is a cat person. We have two fluff-ball Ragdoll cats, who are not allowed outside - mainly because we know that they have the capability to scale our garden wall, but probably not the ability to find their way home again! Recently, we adopted a rescue dog. She
The Ransomware Revolution
The Ransomware Revolution In recent years, we’ve seen a fundamental shift in how threat actors approach ransomware. Threat actors today are not as interested in taking credit for encrypting files and escaping with stolen funds or valuable data. They’re more focused on destroying backups and exfiltrating data before they can
Security Awareness Training – are organisations doing enough?
Security Awareness Training – are organisations doing enough? Security awareness training is a vital way to prepare employees for the threats that surround them. After all, your employees are your cyber security team's first line of defense. The strength of your cyber security program depends on the security awareness your
Are dashboards the future of cyber security reporting? Part 1
Are dashboards the future of cyber security reporting? Part 1 Today, C-level executives are making more of an investment in IT security than ever before. In response, information security officers are now regularly needed to report on the security posture of their organisation and communicate their findings to the board.
4 Tips for a successful cyber threat intelligence program
4 Tips for a successful cyber threat intelligence program The information security threat landscape is constantly evolving, becoming more complex and in many cases, overpowering the security environment. The number of successful hacker attacks each day is increasing. Cyber criminals are continually developing new ways to disrupt organisations via cyberextortion,
Vendor Risk Assessments in 60 Minutes
Vendor Risk Assessments in 60 Minutes When information security teams are overburdened, evaluating vendor and enterprise risks can quickly consume far too much time and budget. Many organisations rely on a one-size-fits-all assessment, delivering a selection of PDF's, MS Word documents, Excel spreadsheets, and emails linking to a variety of
Cyber Risk vs Cyber Threat: Are They The Same Thing?
Cyber Risk vs Cyber Threat: Are They The Same Thing? After the term “cyber threat” began to enter common usage, its meaning became a bit fuzzy. The same goes for “risk” — we’ve all heard the term thrown around, but do we really know what it means and how it
Risk Assessment vs. Risk Analysis: An Overview
Risk Assessment vs. Risk Analysis: An Overview The recent growth of the extended enterprise has reached a tipping point. That means more organisations are expanding their businesses into the Cloud, staying leaner, and taking advantage of third-party support. At the same time, data breaches are at an all-time high. According
How to reduce your cyber risk with the FAIR cyber risk quantification model
How to reduce your cyber risk with the FAIR cyber risk quantification model Cyber risk is very real for organisations, who must constantly manage the risks and threats of cyber related attacks. According to the World Economic Forum's "The Global Risks Report 2021," cyber security failure ranks high among the
A better way to conduct security assessments?
A better way to conduct security assessments? The vendor security assessment process is too long, inefficient and time consuming. A much better way to perform vendor security assessments would be to use the body of unbiased content that already exists in most companies: the security policy. Here we show you
Simplifying Third-Party Vendor Risk Management
Simplifying Third-Party Vendor Risk Management For many organisations, setting up, managing and maintaining a third-party vendor risk management programme using questionnaires can be a complex, costly and time-consuming exercise. Vendors are often required to respond to similar questionnaires from multiple organisations. For vendors, this can be a tedious and complex
Attack Surface Management: How To Enable Your Company’s Cyber Defence
Attack Surface Management: How To Enable Your Company's Cyber Defence In a new worldwide digital work landscape accelerated by the Covid-19 pandemic, the threats posed by Shadow IT and attack surface expansion have been turbocharged. The attack surface of businesses has rapidly expanded and includes publicly facing infrastructure, domains, users,
Ransomware: Develop and Test Your Response Strategy Using Simulation
Ransomware: Develop and Test your Response Strategy Using Simulation In this blog I want to take a look at Simulating a Ransomware Attack and how you would go about developing and testing a Response Strategy. I’ve already covered the basics of a Ransomware attack in this blog article: https://elasticito.com/ransomware-do-you-have-a-tried-and-tested-strategy-in-place/ The
Ransomware: Do you have a tried and tested strategy in place?
Ransomware: Do you have a tried and tested strategy in place? With the recent Garmin outage that is still ongoing, which has allegedly been caused by a Ransomware attack, a large number of Executives are going to be asking tough questions about how Ransomware could impact their own organisations, as
How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises
How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises In conjunction with an announcement by the Australian Prime Minster, Scott Morrison, on National Television, the Australian Cyber Security Centre (ACSC) recently published an advisory (Advisory 2020-008: Copy-paste compromises) giving the MITRE Tactics,
How to Protect Your Customers and Your Brand from Stolen Credential Misuse
How to Protect Your Customers and Your Brand from Stolen Credential Misuse During 2020 a number of Online Retailers have made headline news due to the media erroneously reporting that their customer Portals had been breached. These include Tesco Clubcard Members (https://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue) and most recently, Wiggle (https://cyclingindustry.news/security-breach-reported-on-wiggles-customer-accounts). In both these
Regularly Validating Security Controls with Breach and Attack Simulation
Regularly Validating Security Controls with Breach and Attack Simulation Validating Security Controls is of vital importance for all organisations and is mandated by Cyber Security Frameworks like National Institute of Standards and Technology (N.I.S.T.) who offer a simple high-level way to do this using 5 steps: IDENTIFY (CROWN
You Should Adopt a Cyber Security Framework – Here’s Why
You Should Adopt a Cyber Security Framework – Here’s Why Today, cyber attacks and cyber security breaches are constantly happening around the world. These attacks are also continuously evolving, becoming more sophisticated and unforeseen. This makes it difficult for organisations to proactively prevent phising, malware and ransomware attacks. So what
Webinar – Automated Breach & Attack Simulation vs Penetration Testing to validate security controls
Webinar - Automated Breach & Attack Simulation vs Penetration Testing to validate security controls Register now Register now
Webinar: Using the FAIR Model to Quantify Cyber Risk for 3rd Parties
Using the FAIR Model to quantify Cyber Risk for 3rd parties - Recorded webinar View webinar recording Understanding the true and realistic financial impact on the cyber risk that key 3rd party organisations pose to your business has been a hugely complex and expensive challenge to solve. Until
Why use the FAIR Model to quantify Cyber Risk for 3rd parties?
Why use the FAIR Model to quantify Cyber Risk for 3rd parties? Historically, questionnaires and or risk scoring have been the traditional tools used to evaluate the risk a 3rd party poses to an organisation. The Findings from questionnaires and risk scoring are often incredibly technical and complicated and
Latest Posts
NIS2 Directive Readiness: Compliance, Challenges & Recommendations
