LRQA Nettitude Blog

By Christopher Laing | Security Consultant at Nettitude 

Please note: The following blog post is relevant to our UK and European readers specifically, although the concept of identifying a data breach is relevant on a global scale.

In our line of work, we very often see businesses rush into panic mode when they suspect a data breach. From releasing confidential information to a body who does not have permission to view it, to secure systems being hacked, there are many ways that personal data can be exposed either intentionally by malicious activity, or unintentionally by internal staff. Whilst there are some simple best-practice housekeeping which can be applied to prevent such breaches, unfortunately, data leaks still happen. The key to handling such data breaches, is firstly, knowing how to identify one.

Whilst it can seem like a major disaster at the time, sending your workforce into panic mode, sometimes the mishandling of data isn’t yet a breach. In this case, knowing how to identify a data breach is your best asset, before having to cry wolf! In the following blog post, we’ll cover how you can identify a data breach, so that you can take the best appropriate action should your business ever suffer a breach (touch wood!).

By Graham Stevens | Incident Response Consultant at Nettitude

Most businesses of a certain size will have a range of plans & policies put in place to help them when disaster strikes. These are often referred to as business continuity and disaster recovery documents, which will outline how the business should recover from a natural or human-induced disaster, and will include how the business will continue to run & support critical services or functions, or how to recover their technology infrastructure.

In the following blog post, we will discuss how to prepare a disaster and recovery plan and go into some of the identifying factors between a cyber-incident and a cyber-emergency.

By Richard Hicks | Senior Security Consultant at Nettitude

Cybersecurity doesn’t have a finish line. Whether you’re a small business or a large multi-national organisation, there are always steps and checks you should be completing on a regular basis, one of the most common of which is performing regular penetration testing. There are plenty of organisations out there that are willing to sell you days of effort to test a system, based on fixed scopes, etc., but there is more to security than simply asking someone to mark your homework. A proper cybersecurity framework is one that is custom built and designed for your organisation, there is no one-size fits all in cybersecurity and as such there are a multitude of paths available for you to follow.

Sounds confusing, right? Here at Nettitude, we’re big supporters of the not for profit organisation known as CREST, they are an accreditation and certification body that has helped shape and define information security within the UK and worldwide. CREST regularly publish information, tooling and guidance on cyber security, in which, one such guidance document they provide is the CREST Penetration Testing Guide. This guide provides all the information you need to know about penetration testing, covering the key points of why you would want to stand up a framework, how to size and scope it appropriately to your organisation and crucially as a final step, how to measure the performance and efficacy of your penetration testing programme.

Below We’ll give you a non-biased explanation of what a cyber maturity assessment is, and how CREST can help guide you in the right direction.

By Mike Buckley | Presales Consultant at Nettitude

For those that have recently been keeping up with our Cloud Research and Innovation Series, you will by now be aware that many businesses across the globe are turning to cloud solutions. IaaS, SaaS and PaaS all have an increasingly large part to play in business IT strategy, and there are a whole host of benefits which are no longer an added convenience but a necessity for the modern 21^st century worker. This is now becoming a realisation for most managers and CEO’s, who are battling against time… and competitors, to get cloud technology incorporated into their business infrastructure. However, as you will have found out from our series so far, there are a number of key considerations to make, in which security is frequently an afterthought in the rush to use all the convenient features that cloud technology provides.

Below, we will look at some of the key considerations’ businesses need to make when considering their cloud migration strategy.

By Mike Buckley | Presales Consultant at Nettitude

In today’s ‘always on’ digital world, the rate at which organisations and individuals experience cyber-attacks is continually increasing. The University of Maryland state that on average, there is a hacker attack every 39 seconds, which equates to 2,244 times a day. In response to this, organisations have began to step up their cybersecurity, with Gartner reporting that Worldwide spending on cybersecurity is forecasted to reach $133.7 billion in 2022.

Moreover, we are beginning to see an increasing number of organisations hiring their own in-house cybersecurity specialists and teams to protect against network threats, but for many SME’s, this simply isn’t a feasible option. In this post, we’ll be exploring the top predicted types of network attacks which could affect organisations in 2020.

By Joel Snape | Cybersecurity Researcher at Nettitude

The NIST framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk, produced by the National Institute of Standards and Technology. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.

Nettitude often base our guidance and solutions around this framework, in which there are some key considerations to be made when adopting cloud technology, based on the NIST framework. Continue reading to discover why the NIST Cybersecurity framework is used and how it relates to cloud adoption.

By Phil Buck | Senior Threat Intelligence Analyst at Nettitude

On a 24-hour basis, the Nettitude Security Operations Centre are monitoring our client’s digital environments for potential and current acting threats, in which our trained analyst experts are ready to detect and respond to alerts within a client environment. Through a threat- intelligence led approach, our teams use a number of tools and techniques, from deploying honeytraps, to reverse engineering malware, and monitoring our threat intelligence feeds, these activities are all in the typical day of our SOC team members. However, you may be surprised to hear that we also use social media as a tool to gather intelligence on potential threat actors.

Now that your ears have pricked up, continue reading our latest blog post to find out how social media is used as a viable source of threat intelligence!

By Nettitude Research and Innovation Team

Communication technologies and protocols are an essential part of a vessels electronic systems. However, the unique aspects of marine and offshore environments present challenges to their use; in which the nature of their use and the widespread use of legacy systems affect all security activities and agendas.

This has become a particularly high topic on the cybersecurity agenda over the last two decades, as the explosive growth in communications services has dramatically changed the way that businesses operate in all sectors, improving efficiency and providing new opportunities. In the maritime sector, we can see this from the original adoption of VHF a hundred years ago for ship communication, through to more recent safety technologies such as AIS and satellite communication. However, the limited bandwidth and high cost of these technologies has historically limited the sector’s ability to leverage them in many of the ways seen in other industries.

The following blog post will outline some of the key trends in cybersecurity vulnerabilities in technologies utilised by the Marine and Offshore sector.

By Joel Snape | Cybersecurity Researcher at Nettitude

In our previous blog post for the ‘Cybersecurity and the Cloud’ series, we looked at what considerations should be made when considering migrating to the cloud. To follow on, the next step is to establish a strategy for how you are going to migrate your business over to a cloud platform.

There are a number of options to choose from when considering what cloud platform provider you are going to go with. From public cloud spaces to private, community and hybrid; each one has its own benefits and drawbacks and establishing which one is best for your company will depend on the way you will be using it and what for. In order to ensure you select the right platform for your businesses needs, it is essential to establish a clear cloud migration strategy.

In this post, we’ll discuss the five key steps to take in order to create an effective cloud migration strategy.

By Graham Sharples | Threat Analyst 

Internet of things (IoT) devices are now embedded in every part of our lives, with more and more devices becoming connected to the internet each day. This is a trend that can trace its origins back to the start of the 1990s wherein a toaster was created by John Romkey that could be turned on and off over the internet. This demonstrated what could potentially be achieved with everyday household appliances. Today, IoT devices are in nearly every electronic device we use and with IBM’s announcement in 2018 that they had made the smallest computer in the world measuring 1 millimetre by 1 millimetre, there is almost nothing an IoT device can’t fit into.