The Data Breach Investigation Report (DBIR) published by Verizon is one of the most comprehensive cyber security reports published publicly online. At 108 pages long, the 2022 report takes the length of a feature film to read. If you’d rather spend your free time watching Top Gun Maverick, but don’t want to miss out on Verizon’s important insights on cybercrime, then this cyber blog is for you. Read Thomas Wong’s summary and key takeaways and changes in 2022 here.
What To Know Before On-Boarding With A Security Services Company
New penetration testing services are emerging every day, each with different methods, tools, and results. How can an organization wade through the many offerings to find the best penetration test for them? Or why conduct a penetration test at all? In this blog Thomas Wong provides a helpful guide on penetration testing and what to look for when choosing a penetration test. Check out his cyber blog ‘What to know before on-boarding with a security services company’ available now.
Mobile Applications and Security Considerations
The ubiquity of smartphone apps makes smartphones a prime target for attackers. Yet, mobile app developers don’t always consider security at every stage in development. Sebastian Andersen aims to shed some light on security measures that can be implemented in mobile applications in the prevention of attacks. In his newest blog Sebastian provides eight considerations to improve the security of mobile applications. Read them all here.
Now to something completely different, but kinda the same
Risk appetite - does that mean revenue loss for dinner or cost for dessert?
I often hear about the challenges security professionals struggle with. Especially getting decision makers to understand and utilize the concept of risk appetite or risk tolerance. Just as often, I hear about the dilemma where decision makers don't want to take risk but also don’t want to invest in security. It can be difficult to explain precisely what risk appetite and risk tolerance is and its importance. So, to help in your discussions, I’ve highlighted some points to consider.
Thomas Lund-Sørensen indtræder i bestyrelsen for Improsec
Den tidligere chef for Center for Cybersikkerhed i Forsvarets Efterretningstjeneste, Thomas Lund-Sørensen, vil bidrage med unikke erfaringer, når det gælder it-sikkerhed og internationale relationer.
Improsec har fået Thomas Lund-Sørensen med på teamet. Den internationalt anerkendte sikkerhedsekspert og diplomat skal medvirke til at fortsætte den vækstkurs, Improsec har fulgt siden etableringen i 2015.
SOAR - are you ready for it?
Every year new products and technologies emerge as solutions to the most pressing problem companies have in the cyber realm – the lack of resources. In cyber, like in many other areas of life, introducing techniques well above your current skillset is a waste of time.
It’s human nature to look for a new tool to solve a problem. The advertising industry knows this. From 1990s shady TV-shop commercials to present-day cyber security marketing material, new tools are commonly pitched as solutions to old problems. New tools are not necessarily a bad idea. Often, they make you more productive. But there is a problem: You might not be ready for them.
Does your managed SOC, suck?
Improsec has performed numerous maturity assessments and red team exercises for Danish companies throughout the years. Many of these companies had a managed SOC service, which performed from poorly to disastrous. This blog is based on our experiences of the performance of both national and international SOC providers.
»Du har corona, kammerat«: Så let kan svindlere sende mails fra sundhedsvæsenet
Lyt med: Sådan lyder det, når en scammer forsøger at hacke Version2 i 2021
Kæmpehacks sætter klassisk it-sikkerhed skakmat: »Ideen om en mur holder ikke«
Stilheden før Exchange-stormen: »Vi forventer, at danske virksomheder bliver angrebet inden for et par uger«
»Trods patching vrimler det med bagdøre hos danske virksomheder, der er berørt af Exchange-angrebet.
Danske virksomheder kæmper i skrivende stund for at finde ud af, om de er ramt af de fire nye Exchange-sårbarheder, og hvad det præcis betyder for dem, at deres systemer har været blottede i månedsvis.
Alvorlig Exchange-sårbarhed udnyttes i Danmark: »Vi kender ikke omfanget endnu«
Der er travlhed hos de danske it-sikkerhedsfirmaer, som Version2 har været i kontakt med i de seneste dage, der alle har kunder, som er berørt af Microsoft Exchange-sårbarheden. Sårbarheden har i et ukendt tidsrum gjort Exchange-brugere over hele verden sårbare over for angreb, og der er allerede flere eksempler på, at den aktivt bruges i Danmark.
Maritime Cyber Security: It’s all about the money
Would you buy fire insurance if you genuinely believed your house could not burn? Would you buy fire insurance if you believe fire damage can be quickly and efficiently repaired?
Obviously, you would answer “no” to both questions if you agreed with the underlying premise that fires either cannot happen, the likelihood of them happening being extremely small or the damage done being limited.
Time to step up the maritime cyber security game
Of course, the pandemic took most of the headlines for maritime developments in 2020. For some maritime sectors it was a horrible year, for others – especially the container shipping sector – it became a most unexpected profitable year.
But whereas commercial elements had been entirely unpredictable – and to a large degree also is for 2021 presently – the developments within the arena of maritime cyber security were not.
Opkøbt af IT Relation: 2020 blev et "helt utroligt år" for sikkerhedsselskab
Forget 0-days vulnerabilities!
Detection is the new black!
“Business as usual” for maritime cyber attackers
Whereas 2020 has been a highly unusual year on many parameters, unfortunately it can be said that the maritime sector is experiencing a continued barrage of cyber attacks, with some clearly being successful and disruptive.
Recent examples of victims of successful cyber attacks from within 2020 of this includes the world’s 2nd and 3rd largest container shipping lines MSC and CMA CGM, The world’s largest cruise line Carnival, Australia’s largest freight forwarder Toll (they were hit twice this year), Iran’s Shaheed Rajaee port which was brought to a standstill as well as a successful attack against the International Maritime Organization IMO itself.
SeaSense – Expert Thinking on IMO Resolution regarding Cyber Security
From 1st of January, 2021 cyber security will be a new requirement for all Safety Management Systems, according to IMO Resolution. In SAFETy4SEAs special column SeaSense, in association with The North of England P&I Club, they ask global experts to provide feedback on the following question: “Is the shipping industry prepared for the IMO Resolution taking effect from January 2021 that states cyber security should be included in safety management systems (SMS)?”