LRQA Nettitude Blog

By Iraklis Mathiopoulos, Managing Principal Security Consultant at Nettitude

October is Cyber Security Awareness Month, which is a great opportunity for companies and individuals to review and improve their cyber security processes and knowledge. At Nettitude, we will be releasing a new blog post every week of Cyber Security Awareness Month on our latest cyber security research, as well as our insights on the latest industry news and trends. We hope you’ll find them helpful, and as always please contact us with any questions.

+++

As cloud infrastructure has become common, it has also become common for penetration testers to find themselves attacking clients that rely on AWS or Azure environments, for example, for handling, storing, and processing critical data.

There are many new and interesting attack paths an adversary can take once they have obtained some sort of access to the environment.

ISO27701:2019, a new international standard concerned with the management of personal data, has been published. ISO27701 is a Privacy Information Management System (PIMS), and provides an extension to the better known ISO27001:2013 Information Security Management System (ISMS).

In this blog, we’ll take a brief look at the new standard, how it differs from ISO27001:2013, and how it can benefit your organisation.

What is a zero day attack exploit?

Imagine setting sail with your bow doors still open. Or operating with an engine that leaked 50% of its fuel intake. Or if we let the bridge continue to operate with all the windows smashed.

In this article, we present the Internet of Things (IoT) and the current security status of IoT devices. The reader will also gain a practical guide towards IoT security in the workplace and an account of the latest information to help futureproof organisations against cyber attacks.

Even social media giant Facebook has been ordered to step up data protection as 29 million of its user’s passwords were exposed in 2018. Creating a strong and secure password is a critical step in protecting confidential data and networks. Your infrastructure can come under attack from cyber criminals at any time and passwords can provide the key to that kingdom for hackers.

The 2018 Verizon Data Breach Investigations Report (DBIR) declares ransomware “the most prevalent variety of malware”.

• Over 181 million ransomware attacks happened in the first six months of 2018.
• That is a 229 per cent increase in ransomware attacks reported compared to the same period in 2017(SonicWall)

What is a cybersecurity plan?

A cybersecurity plan is an organisation’s written guide to follow and improve its overall risk management and defences against the ongoing threat of cybercrime - and some might say the most significant threat they face. 

The key difference between vulnerability scanning and penetration testing concerns the focus of the security project.

1. Vulnerability scanning focuses on a list-orientated approach
2. Whereas during a penetration test, the emphasis is goal-oriented

Our blog will explain the differences between vulnerability scanning and penetration testing while revealing that both security measures are vital elements of a comprehensive cybersecurity program.

The blog will also examine how to apply the most appropriate security technique for your organisation or project.

In today’s modern connected world cyber security matters and is vital for protecting our crucial infrastructure. The threat of cyber-attacks is now a worldwide concern, as high-profile breaches create fear that cybercrime could endanger the global economy.

When combined cyber security and information security help provide organisations with a modern-day approach to building a strong security posture. The two security practices also help develop the organisation’s security resilience.