LRQA Nettitude Blog

By Matt Tryphona | Security Analyst at Nettitude

The Healthcare industry remains highly targeted by hackers due to the great deal of personal data that is used and handled on a day-to-day basis. One of the biggest cyber Risks within healthcare is IoT devices, as they can be used as a gateway for capturing sensitive data if not secured correctly.

When we think of an IoT device, you may think about smart-home devices, such as a smart plug, or smart bulb controlled from an app on your phone. We may even think of a ‘smart’ assistant controlled by our voice, which can do much more than just tell you the weather. The ‘smart’ assistants can act as an IoT hub that control our devices to provide a seamless futuristic experience.

It’s one thing for the security of devices in the home to be breached, but within a healthcare environment, this can have a detrimental knock on effect across the board in light of an increasing variety and severity of healthcare cyber threats. Below we’ll take a look at what IoT is, how it’s used within the healthcare industry, and how a security breach could impact the industry.

By Greg March | SOC Platform and Security Analyst at Nettitude

Technology is at the forefront of innovation with new hardware, software and AI breakthrough announcements on a daily basis. From the creation of the first computer (ENIAC developed in 1946) to the rise of IOT smart fridges, data remains the key to the interconnected world around us.

Over recent years, the rise in cyber-criminal activity has highlighted the pressures and importance of developing secure technology - whether that is for data in transit or at rest. Transport encryption such as SSL(secure Socket Layer)/TLS(Transport Layer Security) and HTTPS (Hyper Text Transfer Protocol Security) technologies are exactly that, they provide a secure method of transporting encrypted data from one machine to another, preventing unauthorized actors from stealing private information.

Although encryption was first developed with security and privacy in mind, hackers and cyber criminals of even low sophistication levels have incorporated the advantages of encryption in their attack techniques.

By Stuart Wright | Global Head of Compliance and Risk

When we think about “insider threats” to our organisations, it’s all too easy for our minds to conjure up clichéd images of elaborate plots from a spy film, where the rookie agent goes undercover to get inside information, and then saves the day with just a few minutes to spare. Or perhaps we think about corporate espionage, where an unscrupulous employee infiltrates a competitor by getting a low-level admin job and creeping around the office late at night stealing valuable data that will give their employer a competitive edge.

The reality of the insider threat is almost always a little less exciting, and certainly less dramatic incidents are far more commonplace than the dramatised examples above.

There’s also a lot we can do to try and protect against these attacks, and in this blog post, we’ll talk about some of the key things you should be considering to help address the insider threat.

By Dan Ryder | Security Operations Team Lead at Nettitude

Cybersecurity teams often start out purchasing a SIEM solution with high hopes they have the staff, training, capability and organisational resources to get the most out of their new platform.

Unfortunately, in many cases the reality is that an already overstretched security team does not have the time needed to manage a SIEM, investigate alarms, manage rulesets, juggle compliance requirements, and ensure continuous proactive monitoring.  In the short term, the gap can be plugged through vendor professional services. However, this needs to be factored into costs on a rolling basis as the organisations attack surface evolves and is not a viable long-term solution.

One of the main contributors to why these internal deployments fail, have more hidden costs, and take more time than expected to utilise is alarm fatigue. In the following post, we’ll investigate what alarm fatigue is and the possible causes.

By Nettitude

Evidencing cybersecurity measures in ship architecture: How can Lloyd’s Register ShipRight Procedures help?

With cyber attacks increasing by 900% on the maritime industry over the last 3 years, it’s never been so important for this sector to address their cybersecurity landscape. As cyber-attackers develop increasingly sophisticated methods to infiltrate a ships operational technology, we are beginning to see that ship owners must now consider integrating cybersecurity requirements into the technical designs and architecture proposals for new builds and refits from an early stage.

As of January 2021, not only will it be in the interests of ship owners and operators to consult cybersecurity best practice as the foundations of ship development, it will be a requirement by the International Maritime Organisation. In order to keep a vessel ‘in class’, it is now essential for maritime organisations to be able to demonstrate a set of robust cybersecurity controls that are pragmatic, appropriate and relevant to the risks they face. So how can ship owners approach need and requirement?

By Dan Ryder, Jamie Roderick and Simon Robinson |  LRQA Nettitude SOC

In an ideal world, every cybersecurity alert received in a SOC would be malicious; displayed with context and enriched so that it would be immediately obvious to an analyst what has occurred, and there would be automation and task orchestration to deal with the threat and self-heal the network. But then, in an ideal world, there probably wouldn’t be any SOC alerts because the security posture of an organisation would make it invulnerable to attack or compromise, and there would be no malicious actors either.

In the following post, we’ll take a look at the absolutely key processes to review, update and assure SOC cyber threat detection, reduce false positives and improve your SOC's capabilities on a continuous basis.
This is delivered by our team of SOC Monitor experts, with over 30 years combined experience across Enterprise Network Security, protecting Critical National Infrastructure and industry leading security monitoring for financial FTSE 250 companies. We'll cover the important questions you need to ask yourself in ensuring your team keep up with Threat Actors, enable your teams situational awareness and empower your SOC across the following areas:

By David Parsons | Security Consultant at LRQA Nettitude

With the improvements of vulnerability scanners and the ever-increasing proficiency of software such as WAFs and Intrusion Detection Systems, you may be asking yourself whether Penetration Testing is still a relevant way to ensure the security of your website. The following article discusses several proactive security considerations you should make when either creating, or maintaining a website and how Penetration Testing can be useful in this process.

By LRQA Nettitude

‘Houston, we have a problem…’

The operational resiliency of the financial services sector is of paramount concern to governments and regulators across the globe. A catalogue of high-profile breaches suggests that board level engagement and awareness of how to prepare and respond to a cyber event is frequently misunderstood or inadequate. Although these boards believe that they are taking steps to combat the cyber threat, their strategies are frequently poorly grounded and misaligned.

To address this, a number of regulator-driven frameworks for assessing financial institutions cyber preparedness, protection, detection and response capabilities has matured, and proliferated across multiple regions around the globe. In this five-part blog series, we’ll outline the main regulatory frameworks for the UK, Europe, Singapore and Hong Kong. In the first post, we’ll take a look at the UK’s regulatory framework – CBEST.

By Nettitude

Electronic Arts (EA) Origin is an online platform that allows users to purchase and play video games on desktop and mobile platforms.  It’s currently used by millions of gamers around the world.  Earlier this year, we identified a vulnerability affecting the EA Origin Windows client. 

By Adrian Shaw | Senior Incident Response Consultant at Nettitude

Over recent months, Nettitude have noted a sharp increase in cybersecurity incidents within our client base, alongside the unfolding of the on-going Covid-19 pandemic. One cause seems to be issues caused during the migration to remote working by workforces, in which organisations have been left vulnerable. In any event, it now seems timely to talk about the Incident Response process and how an organisation can mature their Incident Response capability.