By Nettitude  

At Nettitude we have the great advantage of seeing first-hand how organisations of all shapes and sizes approach cybersecurity. And like all good consultants, we are magpies; borrowing the best and worst of what we see and absorbing it into our accumulated knowledge. This approach means that when we advise our customers, we’re able to draw on a vast body of knowledge and experience, saving our customers’ time by avoiding the mistakes we have observed within other organisations.

In this blog post, we'll look at why the NCSC 10 Steps guidelines are a good place to start when evaluating your cybersecurity posture, as well as advice on how to implement these guidelines. 

By Nettitude  

Are your email habits putting you at risk? Email is one of the most common means of communication but is also an easily and widely abused system for providing entry points for attackers into our organisations. In particular, during the recent pandemic, we have seen a significant rise in the amount of Phishing attacks carried out by email, meaning organisations need to be even more vigilant.

Nettitude uncovered a recent Maritime campaign focused on manipulating behaviours and common industry practices to deliver malicious payloads and compromise networks. In the following blog post, we’ll go over our findings on a recent attack, as well as how to spot this type of attack and the best methods for responding.

By Craig Boyle |Senior Security Consultant at Nettitude  

An Introduction to Cloud Services

Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) are the current leaders in Cloud Computing, and offer hundreds of services between them. The continuous expansion of features, inherent flexibility, and broad access offered by Cloud Computing are compelling reasons for its adoption, and organisations of all sizes are looking to migrate their workloads.

By Mike Buckley | Pre-Sales Consultant at Nettitude  

Security Information and Event Management (SIEM) Services have matured hugely in the last ten years. Moving from a compliance driven requirement, to becoming security best practice, SIEM Services are now recognised by various Security Frameworks. As the marketplace has developed, so too have the Managed Service offerings that protect SIEM technologies. As a result, it is no longer enough to deploy a SIEM technology with reliance on only the most basic of filtering to detect a potential threat.

This blog post will look at the development of Security Information and Event Management Services and will consider what additional security measures are now needed.

By Elisa Cassi | Cyber Product and Services Manager 

Nettitude and Lloyd's Register have released the LR Cybersecurity Framework (CSF) for the Marine and Offshore sector, to complement the Cybersecurity Strategy paper that was previously published. The two documents are part of a suite of marine specific documents to support shipping organisations defining and implementing a robust and appropriate Cybersecurity Strategy.

This post focuses on the LR Cybersecurity Framework and provides an overview of how to use it effectively to deliver relevant and pragmatic cyber capability within your organisation for addressing cyber-threats.

By Joel Snape | Security Researcher at Nettitude

One of the key enablers of business modernisation and efficiency in the Maritime Industry has been the availability and adoption of VSAT satellite connectivity. This has allowed vessels to stay connected to shore-based networks throughout their voyage: providing internet and corporate network access for crews and passengers; increasing the amount of administration which can be carried out at sea to save time in port and enabling remote monitoring and management of on-board systems.

By Adrian Shaw | Senior Incident Response Consultant at Nettitude

Incident Response, in line with Information Security, is generally a challenge for a lot of organisations. Despite this, the good news is that cybersecurity is now being recognised as more of a crucial component of a business plan within organisations; many of which now have a programme in place to implement Incident Response capability. Whilst this is a step in the right direction, it should be ensured that these programmes should be iterative in order to facilitate the maturing of their capabilities.

By Nettitude

As of 2019, statistics showed that 60% of all workloads were being hosted on a cloud service, with this figure set to increase to 94% of workloads by 2021. This trend is the rise of businesses becoming reliant on cloud-based technology shows just how far we have come since the days of Floppy Disks and USB’s. Cloud computing has created a whole new way of collaborative working, with teams from across the globe connecting to shared resources in one central location. These new levels of capability have not only made our lives easier, but have enabled extended business growth that had have a positive impact on the economy, with companies now able to hire top talent from all corners of the globe.  There’s no doubt that the benefits of cloud computing have been significant.

When it comes to security testing, there are two very common tests that you may want to consider. The first is vulnerability testing and the second is penetration testing. This blog post aims to explain what each kind of test is, and then define the difference between penetration testing and vulnerability scanning.

Download the full whitepaper

The shipping sector has recently been facing wave after wave of setbacks as various economic and word events have caused disruption to the industry. The current pandemic has created a significant amount of challenges for shipping companies and cruise ships in particular, as global travel restrictions have been put in place and social distancing rules disrupt our usual way of working. However, BIMCO representative – Peter Sand has stressed that the industries setbacks are not a result of COVID-19, but rather a ripple effect of it’s spread, in which the introduction of the 2020 sulphur cap by the International Maritime Organisation and the failed attempt of the US-China phase one trade agreement have also had a profound impact.