Blog & Insights
Cyber Risk vs Cyber Threat: Are They The Same Thing?
Cyber Risk vs Cyber Threat: Are They The Same Thing? After the term “cyber threat” began to enter common usage, its meaning became a bit fuzzy. The same goes for “risk” — we’ve all heard the term thrown around, but do we really know what it means and how it
Risk Assessment vs. Risk Analysis: An Overview
Risk Assessment vs. Risk Analysis: An Overview The recent growth of the extended enterprise has reached a tipping point. That means more organisations are expanding their businesses into the Cloud, staying leaner, and taking advantage of third-party support. At the same time, data breaches are at an all-time high. According
How to reduce your cyber risk with the FAIR cyber risk quantification model
How to reduce your cyber risk with the FAIR cyber risk quantification model Cyber risk is very real for organisations, who must constantly manage the risks and threats of cyber related attacks. According to the World Economic Forum's "The Global Risks Report 2021," cyber security failure ranks high among the
A better way to conduct security assessments?
A better way to conduct security assessments? The vendor security assessment process is too long, inefficient and time consuming. A much better way to perform vendor security assessments would be to use the body of unbiased content that already exists in most companies: the security policy. Here we show you
Simplifying Third-Party Vendor Risk Management
Simplifying Third-Party Vendor Risk Management For many organisations, setting up, managing and maintaining a third-party vendor risk management programme using questionnaires can be a complex, costly and time-consuming exercise. Vendors are often required to respond to similar questionnaires from multiple organisations. For vendors, this can be a tedious and complex
Attack Surface Management: How To Enable Your Company’s Cyber Defence
Attack Surface Management: How To Enable Your Company's Cyber Defence In a new worldwide digital work landscape accelerated by the Covid-19 pandemic, the threats posed by Shadow IT and attack surface expansion have been turbocharged. The attack surface of businesses has rapidly expanded and includes publicly facing infrastructure, domains, users,
Ransomware: Develop and Test Your Response Strategy Using Simulation
Ransomware: Develop and Test your Response Strategy Using Simulation In this blog I want to take a look at Simulating a Ransomware Attack and how you would go about developing and testing a Response Strategy. I’ve already covered the basics of a Ransomware attack in this blog article: https://elasticito.com/ransomware-do-you-have-a-tried-and-tested-strategy-in-place/ The
Ransomware: Do you have a tried and tested strategy in place?
Ransomware: Do you have a tried and tested strategy in place? With the recent Garmin outage that is still ongoing, which has allegedly been caused by a Ransomware attack, a large number of Executives are going to be asking tough questions about how Ransomware could impact their own organisations, as
How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises
How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises In conjunction with an announcement by the Australian Prime Minster, Scott Morrison, on National Television, the Australian Cyber Security Centre (ACSC) recently published an advisory (Advisory 2020-008: Copy-paste compromises) giving the MITRE Tactics,
How to Protect Your Customers and Your Brand from Stolen Credential Misuse
How to Protect Your Customers and Your Brand from Stolen Credential Misuse During 2020 a number of Online Retailers have made headline news due to the media erroneously reporting that their customer Portals had been breached. These include Tesco Clubcard Members (https://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue) and most recently, Wiggle (https://cyclingindustry.news/security-breach-reported-on-wiggles-customer-accounts). In both these
Regularly Validating Security Controls with Breach and Attack Simulation
Regularly Validating Security Controls with Breach and Attack Simulation Validating Security Controls is of vital importance for all organisations and is mandated by Cyber Security Frameworks like National Institute of Standards and Technology (N.I.S.T.) who offer a simple high-level way to do this using 5 steps: IDENTIFY (CROWN
Breach and Attack Simulation vs Penetration Testing
Breach and Attack Simulation vs Penetration Testing Cyber attacks have evolved dramatically in the past decades. The capabilities, scope, fallout and number of targets of these attacks have greatly increased. This has resulted in damages from cybercrimes reaching all time, worldwide highs which are only set to increase. As a
You Should Adopt a Cyber Security Framework – Here’s Why
You Should Adopt a Cyber Security Framework – Here’s Why Today, cyber attacks and cyber security breaches are constantly happening around the world. These attacks are also continuously evolving, becoming more sophisticated and unforeseen. This makes it difficult for organisations to proactively prevent phising, malware and ransomware attacks. So what
Using Breach and Attack Simulation with MITRE ATT&CK to highlight threat actor behaviours
MITRE ATT&CK is a phenomenal global free knowledge base produced by MITRE, a US Government research organisation, that maps adversary tactics and techniques that are used by threat actors to launch cyber attacks against targets. The ATT&CK framework (which stands for Adversarial Tactics, Techniques, and Common Knowledge) began its life
Webinar – Automated Breach & Attack Simulation vs Penetration Testing to validate security controls
Webinar - Automated Breach & Attack Simulation vs Penetration Testing to validate security controls Register now Over 1,000 exploits and vulnerabilities are publicised every month. It is no longer effective to solely rely on point-in-time manual penetration tests to test your defences. In this webinar, you will learn
Webinar: Using the FAIR Model to Quantify Cyber Risk for 3rd Parties
Using the FAIR Model to quantify Cyber Risk for 3rd parties - Recorded webinar View webinar recording Understanding the true and realistic financial impact on the cyber risk that key 3rd party organisations pose to your business has been a hugely complex and expensive challenge to solve. Until
Why use the FAIR Model to quantify Cyber Risk for 3rd parties?
Why use the FAIR Model to quantify Cyber Risk for 3rd parties? Historically, questionnaires and or risk scoring have been the traditional tools used to evaluate the risk a 3rd party poses to an organisation. The Findings from questionnaires and risk scoring are often incredibly technical and complicated and