In July, the Financial Services Information Sharing and Analysis Center (FS-ISAC) hosts the 2024 Asia-Pacific FS ISAC summit. LRQA Nettitude is honoured to have the opportunity to present on blockchain and smart contract security for this edition.
LRQA Nettitude at 2024 FS-ISAC APAC Summit: Blockchain and Smart Contract Security for Protecting Digital Assets in Finance
Topics: Smart Contract Security, FS-ISAC Summit, Smart Contracts Blockchain
What is DORA: Digital Operational Resilience Act | LRQA Nettitude
As the digital and cyber threat landscape evolves, the European Union (EU) is taking significant strides to strengthen the security and resilience of businesses operating within its borders. The Digital Operational Resilience Act (DORA) is a pioneering regulation to ensure the digital infrastructure of critical sectors remains robust and resilient in the face of escalating cyber threats. All financial services providers are now under pressure to comply with the regulation by the 17th January 2025.
What does resilience mean in simple terms? Cyber resilience is the ability of an organisation to protect itself from, detect, respond to, and recover from cyber-attacks. That’s plural and the reality is every day an organisation will face cyber threats. By being resilient and being able to withstand the high potential of multiple attacks, organisations can reduce the impact of an attack and ensure that they can continue to operate effectively.
In this article, we will explore the key facets of DORA, shed light on the organisations it impacts, and outline the cybersecurity regulations and controls that necessitate attention.
Topics: DORA legislation, DORA, EU DORA, Digital Operational Resilience Act
Mitigating false positives in vulnerability scanning: A managed service approach | LRQA Nettitude
Vulnerability scanning is an essential tool for identifying potential threats and weaknesses within an organisation's digital infrastructure. However, this process is not without its challenges, notably the issue of false positives—incorrectly identifying benign elements as threats. These inaccuracies not only consume valuable time and resources but also undermine trust in security protocols, potentially leaving systems exposed to real threats. Addressing this issue requires a strategic approach that blends refined scanning techniques with expert analysis, a service model that quality-managed services are uniquely positioned to provide.
Topics: Managed Vulnerability Scanning, Vulnerability Management, Vulnerability Scanning, Managed Security Services, Vulnerability Scan Tools
What is Pharming and How to Prevent an Attack | LRQA Nettitude
Pharming is a form of cyberattack intended to misdirect website traffic from a legitimate website to a fraudulent one. The objective is to obtain private information that can then be used for fraudulent purposes.
Topics: pharming
As cybersecurity risk continues to evolve and threats become more sophisticated, organisations are starting to invest more in measures to mitigate risks and protect their business. For some organisations, cybersecurity has become a critical investment and is a top board concern. For other organisations, it can be more difficult to treat cybersecurity with the priority that is required for several reasons...
Topics: cloud security, cybersecurity budget, cybersecurity spending, siem, LogRhythm Axon, cybersecurity costs
Phishing attacks are one of the most common methods of cybersecurity attack, with 2023 witnessing a record of around 4.7 million attacks logged by a single source. It is estimated that around 3.4 billion spam messages are sent each day and the rate of growth has been approximately 150% year-on-year since 2019 with predictions that 2024 will be even higher.
Topics: phishing
In an era where data is the lifeblood of organisations, safeguarding sensitive information has never been more crucial. ISO 27001 is a guiding light for organisations navigating the intricate landscape of information security.
Originating from the International Organisation for Standardisation (ISO), this framework provides a systematic approach to managing and protecting valuable data assets. From confidential customer information to proprietary organisation processes, ISO 27001 offers a structured methodology to identify, assess, and mitigate risks associated with information security.
Topics: ISO 27001
Having an effective cyber incident response procedure is essential to ensure businesses remain resilient against malicious attacks. As the focus shifts more towards cloud and online operations, organisations must proactively identify potential risks before they can become a damaging data breach or other cybersecurity issues. But how can organisations make sure that their cyber incident response procedures are sufficient? Testing your organisation’s strategy for identifying, responding to, and mitigating incidents should be a key element of ensuring digital safety and security.
Dependency on mobile apps for daily tasks has increased exponentially. However, this has also made mobile applications an attractive target for cybercriminals seeking access to confidential information. This is why it's imperative to understand the importance of protecting our mobile apps.
To safeguard sensitive data, businesses must prioritise mobile application security and protect it from potential cybersecurity threats. Unfortunately, cybercriminals are constantly evolving their tactics and are targeting mobile apps as a gateway to gain access to sensitive data. Therefore, businesses must ensure their mobile apps are secured from cybersecurity threats. This blog explores the various threats that mobile apps face and explains how mobile app penetration testing can help mitigate these vulnerabilities.
Topics: Penetration Testing, Web Application Penetration Testing Tools, Web App Penetration Testing
Businesses of all sizes are vulnerable to cyber threats, from data breaches to cyber attacks. The consequences of a security breach can be devastating, resulting in the loss of sensitive data, reputational damage, and even legal implications. To minimise the risk of such incidents, organisations need to take a proactive approach to their cybersecurity strategy. One way to do this is through threat modelling.
Topics: Threat Landscape, Threat Modelling