Blog

Home|Blog
Blog2021-01-21T15:16:15+00:00

Blog & Insights

Cyber Risk vs Cyber Threat: Are They The Same Thing?

Cyber Risk vs Cyber Threat: Are They The Same Thing? After the term “cyber threat” began to enter common usage, its meaning became a bit fuzzy. The same goes for “risk” — we’ve all heard the term thrown around, but do we really know what it means and how it

By |March 5th, 2021|Categories: Blog|Tags: , , |

Risk Assessment vs. Risk Analysis: An Overview

Risk Assessment vs. Risk Analysis: An Overview The recent growth of the extended enterprise has reached a tipping point. That means more organisations are expanding their businesses into the Cloud, staying leaner, and taking advantage of third-party support. At the same time, data breaches are at an all-time high. According

By |February 26th, 2021|Categories: Blog|Tags: , |

How to reduce your cyber risk with the FAIR cyber risk quantification model

How to reduce your cyber risk with the FAIR cyber risk quantification model Cyber risk is very real for organisations, who must constantly manage the risks and threats of cyber related attacks. According to the World Economic Forum's "The Global Risks Report 2021," cyber security failure ranks high among the

By |February 18th, 2021|Categories: Blog|Tags: , , |

A better way to conduct security assessments?

A better way to conduct security assessments? The vendor security assessment process is too long, inefficient and time consuming.  A much better way to perform vendor security assessments would be to use the body of unbiased content that already exists in most companies: the security policy. Here we show you

By |February 11th, 2021|Categories: Blog|Tags: , , |

Simplifying Third-Party Vendor Risk Management

Simplifying Third-Party Vendor Risk Management For many organisations, setting up, managing and maintaining a third-party vendor risk management programme using questionnaires can be a complex, costly and time-consuming exercise. Vendors are often required to respond to similar questionnaires from multiple organisations. For vendors, this can be a tedious and complex

By |February 4th, 2021|Categories: Blog|Tags: , , |

Attack Surface Management: How To Enable Your Company’s Cyber Defence

Attack Surface Management: How To Enable Your Company's Cyber Defence In a new worldwide digital work landscape accelerated by the Covid-19 pandemic, the threats posed by Shadow IT and attack surface expansion have been turbocharged. The attack surface of businesses has rapidly expanded and includes publicly facing infrastructure, domains, users,

By |January 21st, 2021|Categories: Blog|Tags: , |

Ransomware: Develop and Test Your Response Strategy Using Simulation

Ransomware: Develop and Test your Response Strategy Using Simulation In this blog I want to take a look at Simulating a Ransomware Attack and how you would go about developing and testing a Response Strategy. I’ve already covered the basics of a Ransomware attack in this blog article: https://elasticito.com/ransomware-do-you-have-a-tried-and-tested-strategy-in-place/ The

By |October 14th, 2020|Categories: Blog|Tags: , , |

Ransomware: Do you have a tried and tested strategy in place?

Ransomware: Do you have a tried and tested strategy in place? With the recent Garmin outage that is still ongoing, which has allegedly been caused by a Ransomware attack, a large number of Executives are going to be asking tough questions about how Ransomware could impact their own organisations, as

By |July 27th, 2020|Categories: Blog|Tags: , , , |

How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises

How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises In conjunction with an announcement by the Australian Prime Minster, Scott Morrison, on National Television, the Australian Cyber Security Centre (ACSC) recently published an advisory (Advisory 2020-008: Copy-paste compromises) giving the MITRE Tactics,

By |July 6th, 2020|Categories: Blog|Tags: , , , |

How to Protect Your Customers and Your Brand from Stolen Credential Misuse

How to Protect Your Customers and Your Brand from Stolen Credential Misuse During 2020 a number of Online Retailers have made headline news due to the media erroneously reporting that their customer Portals had been breached. These include Tesco Clubcard Members (https://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue) and most recently, Wiggle (https://cyclingindustry.news/security-breach-reported-on-wiggles-customer-accounts). In both these

Regularly Validating Security Controls with Breach and Attack Simulation

Regularly Validating Security Controls with Breach and Attack Simulation   Validating Security Controls is of vital importance for all organisations and is mandated by Cyber Security Frameworks like National Institute of Standards and Technology (N.I.S.T.) who offer a simple high-level way to do this using 5 steps:   IDENTIFY (CROWN

By |May 18th, 2020|Categories: Blog|Tags: , , , |

Breach and Attack Simulation vs Penetration Testing

Breach and Attack Simulation vs Penetration Testing Cyber attacks have evolved dramatically in the past decades. The capabilities, scope, fallout and number of targets of these attacks have greatly increased. This has resulted in damages from cybercrimes reaching all time, worldwide highs which are only set to increase. As a

You Should Adopt a Cyber Security Framework – Here’s Why

You Should Adopt a Cyber Security Framework – Here’s Why Today, cyber attacks and cyber security breaches are constantly happening around the world. These attacks are also continuously evolving, becoming more sophisticated and unforeseen. This makes it difficult for organisations to proactively prevent phising, malware and ransomware attacks. So what

By |April 29th, 2020|Categories: Blog|Tags: , , , |

Using Breach and Attack Simulation with MITRE ATT&CK to highlight threat actor behaviours

MITRE ATT&CK is a phenomenal global free knowledge base produced by MITRE, a US Government research organisation, that maps adversary tactics and techniques that are used by threat actors to launch cyber attacks against targets.  The ATT&CK framework (which stands for Adversarial Tactics, Techniques, and Common Knowledge) began its life

By |April 6th, 2020|Categories: Blog|Tags: , , |

Webinar – Automated Breach & Attack Simulation vs Penetration Testing to validate security controls

Webinar - Automated Breach & Attack Simulation vs Penetration Testing to validate security controls Register now   Over 1,000 exploits and vulnerabilities are publicised every month. It is no longer effective to solely rely on point-in-time manual penetration tests to test your defences. In this webinar, you will learn

By |March 2nd, 2020|Categories: Events|Tags: , |

Webinar: Using the FAIR Model to Quantify Cyber Risk for 3rd Parties

Using the FAIR Model to quantify Cyber Risk for 3rd parties - Recorded webinar View webinar recording Understanding the true and realistic financial impact on the cyber risk that key 3rd party organisations pose to your business has been a hugely complex and expensive challenge to solve. Until

By |February 25th, 2020|Categories: Events|

Why use the FAIR Model to quantify Cyber Risk for 3rd parties?

Why use the FAIR Model to quantify Cyber Risk for 3rd parties? Historically, questionnaires and or risk scoring have been the traditional tools used to evaluate the risk a 3rd party poses to an organisation. The Findings from questionnaires and risk scoring are often incredibly technical and complicated and

By |January 28th, 2020|Categories: Blog|

Latest Posts

Categories