Nettitude Blog

Nettitude

Recent Posts

SAQs and the impact of PCI DSS v4.0 | Nettitude

Posted by Nettitude on Jan 16, 2023 3:13:44 PM

 

The PCI Security Standards Council (SSC) published PCI DSS v4.0 on the 31st March 2022. The combined efforts by the SSC, payments brands, participating agents, and QSA the community have yielded a significant overhaul that promises to provide a framework for securing payment card information in the future.

There has since been a lot of activity surrounding the release, which gives rise to a problem. With such an overhaul, people are suffering from information overload and are unable to find a starting point for their organisations. Nettitude will break down what the changes mean and what a merchant or service provider needs to migrate, starting with a series of blogs discussing changes to self-assessment questionnaires allowing you to quickly start forming your plan to move to PCI DSS v4.0.

Read More

Topics: PCI 4.0, PCI v4.0, PCI DSS v4.0, PCI DSS 4.0, PCI DSS

Digital Footprint and Why it Matters to Your Organisation | Nettitude

Posted by Nettitude on Dec 31, 2022 9:30:00 AM

 

Virtually every modern organisation relies on the internet and connected devices to communicate with customers, operate internal processes, and deliver its services. However, the digital remnants left behind from these activities – known as your digital footprint – can give hackers and malicious users the information they need to compromise your operations. 

So, what can you do to protect yourself? An expert team like Nettitude can assess these ‘electronic breadcrumbs’ to identify exposed business-critical information and safeguard it against cyber threats. Here, we explore how organisations must limit the information shared online while explaining how it can be used against them.

Read More

Topics: Penetration Testing, phishing, digital footprint

An Introduction to Zero-Click Attacks | Nettitude

Posted by Nettitude on Dec 30, 2022 6:31:38 PM

 

Cybersecurity is a constant battle as there are always new threats to consider and safeguard against. With companies and individuals storing an incredible amount of personal and business data on their devices, keeping this information protected requires rigid security practices.

However, one of the most challenging cyber threats to prevent is zero-click attacks. These are especially dangerous because, unlike more common cyberattacks, a victim’s devices can be compromised without them ever knowing. So, what can be done? 

Here, we explore how to recognise these malicious malware attacks while offering tips that help prevent your devices from being exploited.

Read More

Topics: cybersecurity, zero click attack

Security Considerations in AWS | Nettitude

Posted by Nettitude on Nov 30, 2022 5:42:29 PM

 

Security Considerations in Amazon Web Services (AWS)

What is Amazon S3?
What is Amazon EC2?
Misconfigurations in AWS EC2
AWS Identity and Access Management (IAM)
What is Amazon RDS?

There are several reasons to adopt cloud services, and there has been a growing increase in total spend on cloud services over the last decade. Cloud computing offers speed and agility, competitive pricing models to deploy various IT resources and flexibility.

The cloud services market share is dominated by Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Of the three main providers, AWS currently occupies the highest percentage of the market as of 2022. This blog focuses on security within AWS specifically, highlighting security issues within common services as well as secure design choices and practices.

AWS has hundreds of services within its global infrastructure. These can be broken down into high-level services such as Storage, Compute, Databases, and Security, Identity & Compliance. Below are some examples of the most popular services that sit within these class types:

● Storage – Simple Storage Service (S3)
● Compute – Elastic Compute Cloud (EC2)
● Security, Identity & Compliance – Identity Access Management (IAM)
● Databases – Relational Database Service (RDS)

Read More

Topics: cloud security, AWS

Building Baseline Security in the Cloud | Nettitude

Posted by Nettitude on Nov 28, 2022 3:48:49 PM

 

Building Baseline Security in the Cloud with Policies

AWS (Amazon Web Services) policies
Microsoft Azure policies
How implementing baseline policies in a cloud environment helps

Cloud security can often feel like an overwhelming practice. Cloud environments can employ many resources with varied functions, leading to the complicated task of securing these resources. Implementing baseline policies within your cloud environment can simplify the task of implementing common security practices uniformly across all resources. Cloud providers simplify this practice through policy-checking services. In Amazon Web Services (AWS), the service is called Config, while in Azure the service is called Policy.

Within AWS Config and Azure Policy, there are policy deployments in line with the Center for Internet Security (CIS) recommendations. The CIS issues a document with configuration recommendations for common services within cloud deployments. These services include identity management, compute, storage, networking, monitoring, and database configurations. For AWS, the list of recommendations is approximately 60 items. Instead of examining each item within a document, using AWS Config or Azure Policy can automate the process and alert you to many misconfigurations within minutes. This offers quick and easy deployment of baseline security configurations and continuous monitoring of the compliance state of those policies within the environment.

The following sections detail how to implement these baseline policies for AWS and Azure. It should be noted that some costs may be incurred related to the use of these services.

Read More

Topics: cloud security, Microsoft Azure, AWS

What is Pretexting in Cybersecurity? | Nettitude

Posted by Nettitude on Oct 31, 2022 4:56:12 PM

 

A pretext is designed to convince a target to divulge information to an attacker. This information could include, but is not limited to, requests for company documents, user credentials, and personally identifiable information. A successful pretext convinces the target that a request is legitimate and the information being asked for is reasonable.

Read More

Topics: pretexting, pretexting attack, what is pretexting, how to prevent pretexting, phishing

How have Ransomware Attacks Evolved? | Nettitude

Posted by Nettitude on Oct 20, 2022 10:57:47 AM

 

Ransomware attacks have continued to evolve into one of the most significant risks for every organisation. In fact, 37% of organisations said they had been the victim of a ransomware attack in 2021.

So, how did we get here and how is ransomware continuing to evolve today? We answer these questions and explain how you can make your business more resilient to ransomware attacks.

Read More

Topics: ransomware, how to prevent ransomware, how to avoid ransomware, how to stop ransomware, Protect from ransomware, Ransomware attack

How to Prevent Ransomware & Protect Your Business | Nettitude

Posted by Nettitude on Sep 22, 2022 1:00:00 PM

 

When a ransomware attack hits, time is of the essence to limit the impact on your organisation's operations. It has been said that prior preparation and planning prevents poor performance, helping with time management and ensuring that tasks are completed most efficiently.

The threat from ransomware continues to develop significantly. Previously, one or two endpoints would be compromised and have ransomware deployed to them. Now, attackers are compromising entire networks and deploying ransomware to every endpoint within the network.

Read More

Topics: ransomware, what is ransomware, how to prevent ransomware, how to avoid ransomware, how to stop ransomware

How to Create a Cyber Incident Response Plan | Nettitude

Posted by Nettitude on Sep 15, 2022 4:14:44 PM

 

74% of organisations lack a cyber incident response plan, according to Ponemon Institute. This is an incredible figure given most boardrooms would cite cyber-attacks as the biggest risk to their business. Quite often, leaders do not know where to start when it comes to cybersecurity. With the risk feeling widespread, where do you focus your resources?

A documented cyber incident response plan is a must for every business. Having this in place will accelerate your response to a significant attack and minimise damage, and it is not as complex as you think to create one.

Read More

Topics: Cyber Incident Response Plan Checklist, Cyber Incident Response Plan, Cyber Incident Response Plan Template, Example Cyber Incident Response Plan

Steps to reduce alert fatigue in your cybersecurity team | Nettitude

Posted by Nettitude on Aug 31, 2022 8:51:46 PM

 

Effective cybersecurity relies on your team being alerted to potential issues within your systems and networks. However, the sheer number of alerts generated by improperly configured cybersecurity technology and frameworks causes analysts to develop alert fatigue, as countless false positives and minor issues lead to significant disruption and distraction.

With so many potential threats and a limited number of resources, it can be difficult to prioritise which alerts to investigate. As a result, your team may become overwhelmed and start to ignore or dismiss potentially serious threats. In addition, constantly responding to false positives can take valuable time away from other tasks, such as investigating potential incidents. So, what can we do to resolve the challenging problem of alert fatigue?

Read More

Topics: Cyber Security, cybersecurity, Threat Landscape, Alert Fatigue

About Nettitude

Nettitude is the trusted cybersecurity provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Subscribe Here!

Recent Posts

Posts by Tag

See all