LRQA Nettitude Blog

By Nettitude

As of 2019, statistics showed that 60% of all workloads were being hosted on a cloud service, with this figure set to increase to 94% of workloads by 2021. This trend is the rise of businesses becoming reliant on cloud-based technology shows just how far we have come since the days of Floppy Disks and USB’s. Cloud computing has created a whole new way of collaborative working, with teams from across the globe connecting to shared resources in one central location. These new levels of capability have not only made our lives easier, but have enabled extended business growth that had have a positive impact on the economy, with companies now able to hire top talent from all corners of the globe.  There’s no doubt that the benefits of cloud computing have been significant.

When it comes to security testing, there are two very common tests that you may want to consider. The first is vulnerability testing and the second is penetration testing. This blog post aims to explain what each kind of test is, and then define the difference between penetration testing and vulnerability scanning.

Download the full whitepaper

The shipping sector has recently been facing wave after wave of setbacks as various economic and word events have caused disruption to the industry. The current pandemic has created a significant amount of challenges for shipping companies and cruise ships in particular, as global travel restrictions have been put in place and social distancing rules disrupt our usual way of working. However, BIMCO representative – Peter Sand has stressed that the industries setbacks are not a result of COVID-19, but rather a ripple effect of it’s spread, in which the introduction of the 2020 sulphur cap by the International Maritime Organisation and the failed attempt of the US-China phase one trade agreement have also had a profound impact.

By Mike Buckley | Pre-Sales Consultant at Nettitude

Are you confident your critical business systems are secure? Willing to bet your career on it? Whilst fairly easy to manage if you have the right systems and procedures in place, if your identity and access management controls are not configured correctly, it could be like leaving the front door of your house wide open. The challenge that many of our clients’ face is working out to what extent they need to configure access to their business-critical systems. With too many controls in place, it can be disruptive to work flow and cause projects to become overdue. However, with too much freedom, you risk compromise to those critical systems. So how do you get the balance right?

Below, we’ve compiled some of our expert in-house knowledge to help businesses get a better idea of how to strike a balance when it comes to identity and access management controls.

By Nettitude

On Wednesday the 11^th of March 2020, the Director General of the World Health Organisation (WHO) officially used the term ‘pandemic’ to describe the COVID-19 outbreak, causing many countries to shut their borders, lockdowns to be put in place across a third of the world, and economic activity to begin to slow. Whilst the impact on the shipping industry was only marginalised to begin with, China is a major player within the global shipping sector and as a key partner for many countries maritime activity. This meant that the world quickly began to feel the effects of COVID-19, before it had even spread beyond the confines of China. As the virus progressed on a global scale, the threat level quickly escalated in many countries, and as a result, the cruise and shipping industries began to feel the full force of COVID-19.

Nettitude has recently conducted a number of projects focused on Marine & Offshore (M&O) technologies.  The objective of one such M&O project was to find and exploit vulnerabilities in the software and hardware found on a superyacht.

By Christopher Laing | Security Consultant at Nettitude 

Please note: The following blog post is relevant to our UK and European readers specifically, although the concept of identifying a data breach is relevant on a global scale.

In our line of work, we very often see businesses rush into panic mode when they suspect a data breach. From releasing confidential information to a body who does not have permission to view it, to secure systems being hacked, there are many ways that personal data can be exposed either intentionally by malicious activity, or unintentionally by internal staff. Whilst there are some simple best-practice housekeeping which can be applied to prevent such breaches, unfortunately, data leaks still happen. The key to handling such data breaches, is firstly, knowing how to identify one.

Whilst it can seem like a major disaster at the time, sending your workforce into panic mode, sometimes the mishandling of data isn’t yet a breach. In this case, knowing how to identify a data breach is your best asset, before having to cry wolf! In the following blog post, we’ll cover how you can identify a data breach, so that you can take the best appropriate action should your business ever suffer a breach (touch wood!).

By Graham Stevens | Incident Response Consultant at Nettitude

Most businesses of a certain size will have a range of plans & policies put in place to help them when disaster strikes. These are often referred to as business continuity and disaster recovery documents, which will outline how the business should recover from a natural or human-induced disaster, and will include how the business will continue to run & support critical services or functions, or how to recover their technology infrastructure.

In the following blog post, we will discuss how to prepare a disaster and recovery plan and go into some of the identifying factors between a cyber-incident and a cyber-emergency.

By Richard Hicks | Senior Security Consultant at Nettitude

Cybersecurity doesn’t have a finish line. Whether you’re a small business or a large multi-national organisation, there are always steps and checks you should be completing on a regular basis, one of the most common of which is performing regular penetration testing. There are plenty of organisations out there that are willing to sell you days of effort to test a system, based on fixed scopes, etc., but there is more to security than simply asking someone to mark your homework. A proper cybersecurity framework is one that is custom built and designed for your organisation, there is no one-size fits all in cybersecurity and as such there are a multitude of paths available for you to follow.

Sounds confusing, right? Here at Nettitude, we’re big supporters of the not for profit organisation known as CREST, they are an accreditation and certification body that has helped shape and define information security within the UK and worldwide. CREST regularly publish information, tooling and guidance on cyber security, in which, one such guidance document they provide is the CREST Penetration Testing Guide. This guide provides all the information you need to know about penetration testing, covering the key points of why you would want to stand up a framework, how to size and scope it appropriately to your organisation and crucially as a final step, how to measure the performance and efficacy of your penetration testing programme.

Below We’ll give you a non-biased explanation of what a cyber maturity assessment is, and how CREST can help guide you in the right direction.

By Mike Buckley | Presales Consultant at Nettitude

For those that have recently been keeping up with our Cloud Research and Innovation Series, you will by now be aware that many businesses across the globe are turning to cloud solutions. IaaS, SaaS and PaaS all have an increasingly large part to play in business IT strategy, and there are a whole host of benefits which are no longer an added convenience but a necessity for the modern 21^st century worker. This is now becoming a realisation for most managers and CEO’s, who are battling against time… and competitors, to get cloud technology incorporated into their business infrastructure. However, as you will have found out from our series so far, there are a number of key considerations to make, in which security is frequently an afterthought in the rush to use all the convenient features that cloud technology provides.

Below, we will look at some of the key considerations’ businesses need to make when considering their cloud migration strategy.