By David Parsons | Security Consultant at LRQA Nettitude
With the improvements of vulnerability scanners and the ever-increasing proficiency of software such as WAFs and Intrusion Detection Systems, you may be asking yourself whether Penetration Testing is still a relevant way to ensure the security of your website. The following article discusses several proactive security considerations you should make when either creating, or maintaining a website and how Penetration Testing can be useful in this process.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
SEO Series
By LRQA Nettitude
‘Houston, we have a problem…’
The operational resiliency of the financial services sector is of paramount concern to governments and regulators across the globe. A catalogue of high-profile breaches suggests that board level engagement and awareness of how to prepare and respond to a cyber event is frequently misunderstood or inadequate. Although these boards believe that they are taking steps to combat the cyber threat, their strategies are frequently poorly grounded and misaligned.
To address this, a number of regulator-driven frameworks for assessing financial institutions cyber preparedness, protection, detection and response capabilities has matured, and proliferated across multiple regions around the globe. In this five-part blog series, we’ll outline the main regulatory frameworks for the UK, Europe, Singapore and Hong Kong. In the first post, we’ll take a look at the UK’s regulatory framework – CBEST.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
SEO Series
By Nettitude
Electronic Arts (EA) Origin is an online platform that allows users to purchase and play video games on desktop and mobile platforms. It’s currently used by millions of gamers around the world. Earlier this year, we identified a vulnerability affecting the EA Origin Windows client.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
SEO Series
By Adrian Shaw | Senior Incident Response Consultant at Nettitude
Over recent months, Nettitude have noted a sharp increase in cybersecurity incidents within our client base, alongside the unfolding of the on-going Covid-19 pandemic. One cause seems to be issues caused during the migration to remote working by workforces, in which organisations have been left vulnerable. In any event, it now seems timely to talk about the Incident Response process and how an organisation can mature their Incident Response capability.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
SEO Series
While cybersecurity attacks are detrimental to any organisation, financial institutions are one of the most vulnerable industries to be targeting in terms of the damage that can be caused.
A staggering 46% of businesses in the UK have reported a cyber-attack in the past 12 months alone, however, statistics show that there has been a 238% rise in global cyber-attacks on banking institutions since the beginning of the pandemic. As financial institutions rely on the trust and credibility they establish with clients, the possibility of a cyber-attack can threaten this premise on a daily basis. What’s more, as technology continues to develop and more and more clients adopt digital banking practices, the risks from cyber-attacks on banks becomes larger, in which organisations that facilitate monetary transactions and other financial movement, have a duty to play a critical role in fostering financial stability.
In light of this, the regulators are continually adapting their approach in order to identify what resilience measures organisations should be proactively putting in place.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
SEO Series
By Paul Hood | Senior Threat Intelligence Analyst
Throughout 2020, a surge in malware and ransomware campaigns have been detected using coronavirus-themed lures to strike a wide range of sectors across the globe. The global COVID-19 developments alter the threat landscape significantly for worldwide organisations, particularly given the confluence of trying circumstances such as remote working, short-staffing due to furlough and the pressing need to share accurate and timely updates on the pandemic.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
SEO Series,
malware campaign,
ransomware campaign,
covid malware
Working on your company’s virtual IT security isn’t the only piece of the Information Security jigsaw puzzle. Whilst the bulk of your technical teams’ efforts should be filling in the centre of the jigsaw with things like firewalls, monitoring, endpoint protection, security testing, and more; an organisation's physical security can often get left behind. Whilst the centre of the puzzle is critical to your overall security infrastructure, if the little things like an unlocked server room or unauthorised access to the building are overlooked, then the whole security operation is jeopardised.
Below, we’ll step into the shoes of one of our expert Penetration Testers to find out his experiences with physical security failures and evaluate what went wrong, as well as what physical security measures need to be implemented to ensure a holistic cybersecurity plan is in place.
Read More
Topics:
Cyber Security,
Security Blog,
Security Testing,
Cyber Security Blog
With the digital era being well upon us, today’s state of affairs in the cybersecurity world has grown rather complex, and there are no exceptions for those of us who work in pen testing. Whilst traditional penetration testing techniques are still very much relevant to today’s reality, there’s no denying that there are many new tools, techniques and even new responsibilities that make penetration testing, on the whole, a mammoth task. In light of this, it becomes increasingly difficult for human teams to stay on top of these requirements effectively, and it’s becoming more and more necessary to lean on technological automation to support our cybersecurity endeavours.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
Download Area,
SEO Series
By Mike Buckley | Presales Security Consultant at Nettitude
What is an Endpoint
Firstly, what is an endpoint? An endpoint is usually a device which communicates with the network to which it is connected. This can be a myriad of devices including, laptops, mobiles, tablets, servers etc. As the attack vectors vary hugely depending on where we focus, this blog will primarily target the laptop/desktop world. Risks to all endpoints may be similar, but the mitigations are very different.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
Download Area,
risk assessment,
SEO Series,
endpoint protection,
endpoint security,
endpoint protection software
By Mike Buckley | Presales Security Consultant at Nettitude
There are a few important principles that should be keeping a responsible CIO/CISO awake at night. Most certainly, one of those would be the loss or leakage of business-critical data such as customer Personal Identifiable Information (PII) or financial details. One of the primary functions of their role is to recognise this and put into place processes and technical controls to lower the risk of that data being exposed. We only have to look in the media to see numerous examples of data breaches. Threat actors as we now call them have been trying to access data of various kinds stretching back into the 1980s when modems connected everything together. Unfortunately for the CIO/CISOs of today there are compliance frameworks such as GDPR which firmly put the burden of responsibility on their shoulders.
Read More
Topics:
Cyber Security,
Nettitude,
Security Blog,
Security Testing,
Cyber Security Blog,
Download Area,
risk assessment,
SEO Series,
data protection solutions,
data loss protection,
data leakage protection