Threat modelling is a process for identifying potential threats to an organization's network security and all the vulnerabilities that could be exploited by those threats. Most security protocols are reactive - threats are isolated and patched after they've been injected into a system. Threat modelling, on the other hand, is a proactive approach to cybersecurity, whereby potential threats are identified and anticipated.

A security and information event management (SIEM) tool can be a valuable component of a mature security strategy. Indeed, effective SIEM solutions have been available for well over a decade. Organizations typically purchase SIEM tools expecting fast implementation and reliable security threat alerts that provide the intelligence required to respond promptly and prevent breaches. The reality is quite different.

Password managers protect your online logins. As more people are now working from home, issues of online security have made password managers an essential tool. It is too easy to fall into the habit of reusing the same password for multiple sites. Doing so is bad password hygiene. In this blog, we explore why you should use a password manager and what password hygiene is.

It’s estimated that cyber crime will cost businesses as much as $45,000,000,000 by 2025. Each year, small businesses who haven’t put a cyber security plan in place are at the mercy of hackers who are using ever increasingly sophisticated methods to breach their network, compromise their data - and even hold the business to ransom.

In the beginning, social engineering was an art of social science. It is used to change people’s behaviour and make changes in society. It looks at a lot of groups, including government, media, academia and industries. Nevertheless, with the development of technology and people’s concerns about security, social engineering has started to be used. Cyber criminals use it to trick humans by using deceptive techniques or information that disguises their intentions.

The ever-evolving threat landscape in our software development ecosystem demands that we put some thought into the security controls that we use throughout development and delivery in order to keep the bad guys away. This is where the secure software development life cycle (SSDLC) comes into play. Organizations need to make sure that beyond providing their customers with innovative products ahead of the competition, their security is on point every step of the way throughout the SDLC.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I don’t know about you, but I’ve always been wary of the risk of QR codes. Yes they are useful, but the risk of visiting a dodgy embedded URL without prompt goes against all we’re told. I’m pretty sure there have been issues in the past, but here is a new example.

Following President Biden’s address to Congress last night in which he referenced cybersecurity as a priority twice, news is circulating today that the executive order on cybersecurity is imminent. This news comes as a much awaited and long overdue step towards creating standardization and structure around cybersecurity.

The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you can reduce risk and cost without slowing down time to production. But the developer role is already stretched so thin and many developers don’t have a background in security.

Ever wonder what really bugs a CISO. Well, do we have a story for you. In this Log’s Honest Truth podcast, presented in partnership with ITSP Magazine, Devo CISO JC Vega discusses the confessions of “Mr. T” (we disguised his face to protect his identity) a veteran CISO. Listen to the podcast. “Mr. T” faced three primary challenges: Next up, the confessions of “Mr. V,” a digital security and fraud director.