LRQA Nettitude Blog

Weak security is a major flaw of most web applications. Leaving the business environment highly susceptible to cybersecurity attacks every day. Insecure applications provide a gateway for criminals to pivot directly into an organisation’s corporate environment. So why are the organisations leaving themselves vulnerable through poor web security practice? Moreover, how can companies strengthen their cybersecurity to develop programs that deliver the best web application technology and not compromise the app's security?

A cybersecurity audit conducted by Nettitude will provide your organisation with a high-level appraisal of your cybersecurity posture. You will receive a personalised report containing actionable advice and a clear set of guidelines to remediate any security threat or weaknesses identified. The audit will focus on your people, process, technology and policy.  

In today's cyber-obsessed world, you only have to scroll the web pages of your favourite online news agency to see that with a new day comes new reports of cyber attacks. From ransomware to phishing scams and state-sponsored attacks, it is clear that cybercrime is an increasing threat to all businesses and online users.

At Nettitude we have the great advantage of seeing first-hand how organisations of all shapes and sizes approach cybersecurity. And like all good consultants, we are magpies; borrowing the best and worst of what we see and absorbing it into our accumulated knowledge. This approach means that when we advise our customers, we’re able to draw on a vast body of knowledge and experience, saving our customers’ time by avoiding the mistakes we have observed within other organisations.

The world loves assessments. Be it the endless Top 10 lists on Facebook, from the Forbes 500 to the FT 1000 and more. Smaller assessments include a person’s annual physical, car inspections, report cards from school, and more. In the world of information security, a risk assessment is an invaluable method for an organisation to determine its information security posture. There is a lot at stake when an organisation performs a cybersecurity risk assessment, so it’s imperative that it be done right.

Want to learn how to do it right? Keep reading.

If your organisation is compliant with PCI DSS, chances are you’re conducting penetration tests on an annual basis. This “ticks the box” from a PCI perspective, and your QSA will have no problems marking you as compliant – but is a box-ticking penetration test really enough?

We live our lives hoping that we will never need to make claims on our insurance policies.  Whether that is home, motor, life or phone, making a claim generally means something isn't how it should be.  Ultimately, a policy is there to protect something of value to us, and as the world in which we lives changes, the information you have and the systems you run your businesses on are valuable assets too - so is now the time to think about cyber insurance?

Outsourcing PCI DSS controls to third parties can hugely support a merchant (or service provider) PCI DSS compliance program and can be a great thing if you want to leverage any SAQ reduction criteria, meaning you have less controls to complete yourself so less costs and less complexity; always a good thing, BUT you must have a handle on service providers if you want to take this route.

We recently looked at what to do to avoid becoming a victim of ransomware. But sometimes, even if your employees are trained to the highest standard and you have the right technology installed, ransomware can still slip into the network. It's important to know what to do if you suspect you've fallen victim to a ransomware attack on both an individual and organizational level. 

The blockchain, although developed for and most commonly known as a financial instrument within cryptocurrencies, is gaining an increasing foothold as a useful technology in many industries. It is being applied to many applications and held up to solve some interesting problem areas.