The typical life of a consultant working in the field of governance, risk and compliance is often not deeply technical, but we have to be aware of new technology and the risks it poses; this is very true when it comes to Cloud, and with the massive adoption of Cloud as the vast majority of organizations now use cloud services on some level.

The Arctic Wolf team is having a great time in Boston at AWS re:Inforce 2022. What a wonderful show! It has been thrilling to connect with industry leaders and AWS experts from across the world–and it was equally thrilling for us to announce that Arctic Wolf has achieved the newly introduced Level 1 MSSP specialization in Digital Forensics Incident Response (DFIR).

I am very pleased and proud to share the big news that Devo is now an AWS Security Competency Partner. This is a significant milestone for Devo and it’s important for our current and future customers and partners. This designation validates that Devo has successfully met AWS’s technical and quality requirements for providing customers with a deep level of expertise in threat detection and response.

Higher education institutions have long been subjected to ransomware and other cyber attacks, which has had a huge impact on their operations. In 2020 alone, ransomware attacks affected nearly 1,700 U.S. schools, colleges and universities – which is an increase of 100% over the previous year. The average cost of these attacks were $2.73 million in downtime, repairs and lost opportunities.

A possible method of attacking your code base is a bit of social engineering that involves using open source to report potential bugs in software that provides reproduction applications. These applications can include malicious code that can compromise your software and applications. In the blog post, we’ll briefly look at why and how they operate, and how to mitigate this practice.

In Tim Hinrich’s prior blog titled the Three-Body Problem for Policy, he dives into the interconnected relationship between policy, data and software. He identifies a key consideration when using OPA — that “policies can only be evaluated when provided with the correct data.” The full blog is well worth the read to better understand the role of data and its correctness in your policy implementation.

As described in Splunk Vulnerability Disclosure SVD-2022-0624, there is a list of SPL (Search Processing Language) commands that are classified as risky. This is because incorrect use of these risky commands may lead to a security breach or data loss. As a precautionary measure, the Splunk Search app pops up a dialog, alerting users before executing these commands whenever these commands are called.

I walked into a business the other day. After a long conversation about the client’s need for cybersecurity and the implementation of the ISO27001 security standard, we talked about their risk appetite. “We don’t accept any risk. We’re risk-averse” said the CEO. But, is this achievable?

Artificial Intelligence (AI) is rapidly becoming ubiquitous in supporting key business decisions, and for many organisations it is critical for their digital transformation and new business models. With organisations quickly driving forward to identify new ways to extract competitive value from their data, the regulators are preparing to step in.

On 15th July 2022, a team of Bulletproof penetration testers took part in the online Hack the Box Business CTF competition. The CTF (Capture the Flag) event consisted of almost 3000 participants, with each player putting their ethical hacking expertise to use in a number of challenges. There were also prizes up for grabs for the top three teams on the leaderboard. This was the first year Bulletproof entered the competition and we look forward to competing in next year’s event.