Cyber Blog
The Data Breach Investigation Report (DBIR) published by Verizon is one of the most comprehensive cyber security reports published publicly online. At 108 pages long, the 2022 report takes the length of a feature film to read. If you’d rather spend your free time watching Top Gun Maverick, but don’t want to miss out on Verizon’s important insights on cybercrime, then this cyber blog is for you. Read Thomas Wong’s summary and key takeaways and changes in 2022 here.
New penetration testing services are emerging every day, each with different methods, tools, and results. How can an organization wade through the many offerings to find the best penetration test for them? Or why conduct a penetration test at all? In this blog Thomas Wong provides a helpful guide on penetration testing and what to look for when choosing a penetration test. Check out his cyber blog ‘What to know before on-boarding with a security services company’ available now.
The ubiquity of smartphone apps makes smartphones a prime target for attackers. Yet, mobile app developers don’t always consider security at every stage in development. Sebastian Andersen aims to shed some light on security measures that can be implemented in mobile applications in the prevention of attacks. In his newest blog Sebastian provides eight considerations to improve the security of mobile applications. Read them all here.
I often hear about the challenges security professionals struggle with. Especially getting decision makers to understand and utilize the concept of risk appetite or risk tolerance. Just as often, I hear about the dilemma where decision makers don't want to take risk but also don’t want to invest in security. It can be difficult to explain precisely what risk appetite and risk tolerance is and its importance. So, to help in your discussions, I’ve highlighted some points to consider.
Den tidligere chef for Center for Cybersikkerhed i Forsvarets Efterretningstjeneste, Thomas Lund-Sørensen, vil bidrage med unikke erfaringer, når det gælder it-sikkerhed og internationale relationer.
Improsec har fået Thomas Lund-Sørensen med på teamet. Den internationalt anerkendte sikkerhedsekspert og diplomat skal medvirke til at fortsætte den vækstkurs, Improsec har fulgt siden etableringen i 2015.
Every year new products and technologies emerge as solutions to the most pressing problem companies have in the cyber realm – the lack of resources. In cyber, like in many other areas of life, introducing techniques well above your current skillset is a waste of time.
It’s human nature to look for a new tool to solve a problem. The advertising industry knows this. From 1990s shady TV-shop commercials to present-day cyber security marketing material, new tools are commonly pitched as solutions to old problems. New tools are not necessarily a bad idea. Often, they make you more productive. But there is a problem: You might not be ready for them.
Improsec has performed numerous maturity assessments and red team exercises for Danish companies throughout the years. Many of these companies had a managed SOC service, which performed from poorly to disastrous. This blog is based on our experiences of the performance of both national and international SOC providers.
»Trods patching vrimler det med bagdøre hos danske virksomheder, der er berørt af Exchange-angrebet.
Danske virksomheder kæmper i skrivende stund for at finde ud af, om de er ramt af de fire nye Exchange-sårbarheder, og hvad det præcis betyder for dem, at deres systemer har været blottede i månedsvis.
Der er travlhed hos de danske it-sikkerhedsfirmaer, som Version2 har været i kontakt med i de seneste dage, der alle har kunder, som er berørt af Microsoft Exchange-sårbarheden. Sårbarheden har i et ukendt tidsrum gjort Exchange-brugere over hele verden sårbare over for angreb, og der er allerede flere eksempler på, at den aktivt bruges i Danmark.
Would you buy fire insurance if you genuinely believed your house could not burn? Would you buy fire insurance if you believe fire damage can be quickly and efficiently repaired?
Obviously, you would answer “no” to both questions if you agreed with the underlying premise that fires either cannot happen, the likelihood of them happening being extremely small or the damage done being limited.
Of course, the pandemic took most of the headlines for maritime developments in 2020. For some maritime sectors it was a horrible year, for others – especially the container shipping sector – it became a most unexpected profitable year.
But whereas commercial elements had been entirely unpredictable – and to a large degree also is for 2021 presently – the developments within the arena of maritime cyber security were not.
Whereas 2020 has been a highly unusual year on many parameters, unfortunately it can be said that the maritime sector is experiencing a continued barrage of cyber attacks, with some clearly being successful and disruptive.
Recent examples of victims of successful cyber attacks from within 2020 of this includes the world’s 2nd and 3rd largest container shipping lines MSC and CMA CGM, The world’s largest cruise line Carnival, Australia’s largest freight forwarder Toll (they were hit twice this year), Iran’s Shaheed Rajaee port which was brought to a standstill as well as a successful attack against the International Maritime Organization IMO itself.
From 1st of January, 2021 cyber security will be a new requirement for all Safety Management Systems, according to IMO Resolution. In SAFETy4SEAs special column SeaSense, in association with The North of England P&I Club, they ask global experts to provide feedback on the following question: “Is the shipping industry prepared for the IMO Resolution taking effect from January 2021 that states cyber security should be included in safety management systems (SMS)?”
