|
By Michael Aguilera
In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.
|
By James Rees
Recently, Computer Weekly released an article entitled “Budgets Rise As IT Decision Makers Ramp Up Cybersecurity Spending” on 18th March 2024. It was an interesting article as it cited a number of stats that showed that IT departments plan to increase their cybersecurity budget and that globally 65% of organisations were going to spend more on cybersecurity.
|
By David Tattersall
The Payment Card Industry Data Security Standard (PCI DSS) was published over 15 years ago and in that time has undergone a series of revisions as technology, the threat landscape and information security best practices have changed.
|
By James Rees
The recent LockBit group take down has shown the world at large the cost of cybercrime. Initially it was reported that just over $100 million had been gathered through the nefarious acts of this particular group but, as I suspected, that initial figure was just a drop in the ocean. It turns out that the real figure was in excess of $1 billion dollars over the last four years, and I still suspect this may be more.
|
By James Rees
Over the last few weeks I have been catching up with a number of my cybersecurity contacts, primarily engaging with them for new content on our increasingly popular Razorwire podcast. During these conversations, as tends to happen during at this time of year, one of the things I have discussed with these professionals is what are (in their view) some key cybersecurity trends for 2024?
|
By James Rees
A big requirement that all European based organisations (or organisations that want to deal with the EU) must be aware of is the new DORA legislation coming in to effect in January 2025, and with just a year to implement your strategies, it’s worthwhile reviewing how you measure up now so that you have the time to ensure you comply before the deadline.
|
By Shauli Zacks
In SafetyDetectives‘ recent interview with James Rees, the Managing Director of Razorthorn Security, he provided insights into the company’s unique approach to cybersecurity consultancy and its evolution in response to the changing landscape. Established 17 years ago during a period of upheaval in the information security field, Razorthorn Security prioritizes customer satisfaction, fostering a customer-centric approach that has contributed to a high client retention rate.
|
By James Rees
We live in a business world where vast amounts of our critical services are delivered to us as a service. The world of on premise solutions has all but disappeared – sure, there are still some systems that operate on premise but these days, more key services are delivered to users and organisations as a service solution. This has increased profitability, allowed small companies to gain access to software and systems that previously were out of reach and has dealt a significant blow to piracy.
|
By James Rees
Here we are, at the end of 2023. It’s high time for updating defence in depth strategies across all organisations, and let me tell you why. We’re all aware of the uptick in high profile cyber attacks and compromises, across all sectors. Ransomware specifically has caused more economic loss and pain for the business world than any other information security event previously, and attacks are speeding up at a steady rate with larger and larger targets and ransoms being asked.
|
By James Rees
Unless you have been hiding under a rock the last few weeks, you will know about the SEC taking action against the SolarWinds CISO in a landmark case that is going to change the way CISOs undertake their jobs in the future. The SEC’s action against the SolarWinds CISO is a wakeup call for all CISOs.
|
By Razorthorn
Delve into the journey of overcoming conceptual challenges in the development of FAIR (Factor Analysis of Information Risk) in this enlightening video. Join as the creator shares personal insights into grappling with quantitative limitations and navigating the complexities of risk assessment. Discover how invaluable support from seasoned executives in actuarial departments provided clarity and assurance amidst uncertainties. Gain valuable perspectives on tackling subjectivity, measurements, and more from experienced professionals.
|
By Razorthorn
Embark on a journey into the innovative realm of control factoring in cybersecurity in this captivating video. Explore the inspiration behind this approach, rooted in the principles of physics and physical environments. Join the creator as they draw parallels between rating scales for tornado strength and structural requirements, pondering the applicability of such concepts in the cybersecurity domain. Delve into the challenges of translating physical forces into abstract measurements and discover the complexities inherent in this endeavor.
|
By Razorthorn
Explore the nuanced nature of probability and risk assessment in this insightful video. Join us as we navigate the diverse perspectives that shape individual interpretations of what's probable. Discover how the FAIR (Factor Analysis of Information Risk) methodology provides a structured approach to understanding and communicating risk, making it accessible not only to the creator but to a wider audience. Gain insights into the challenges of assigning probabilities to uncertain events with limited data, and learn how FAIR methodology offers clarity in the face of uncertainty.
Evolution of Cyber Clarification: Challenging Old Beliefs for New Possibilities |Razorthorn Security
|
By Razorthorn
Unravel the evolution of cyber clarification in this thought-provoking video. Drawing inspiration from physicist Max Planck's famous quote, we explore how science – and in this case, cybersecurity – progresses with the passing of the old guard and the emergence of the new. Delve into the challenges faced by those entrenched in traditional beliefs, who once deemed cyber clarification an impossibility. Join us as we challenge these notions and pave the way for new perspectives and possibilities in the realm of cybersecurity.
|
By Razorthorn
In this intriguing video, we delve into the transformative power of Fair models originally designed for military applications. Discover how these models can be repurposed to analyze targets, maximize risk, and strategize for both offense and defense. But that's not all – with a simple shift in perspective, these models can be adapted for sales and marketing, helping businesses identify opportunities and mitigate losses. Join us as we explore the fascinating intersection of strategy and marketing tactics.
|
By Razorthorn
Welcome to Razorwire, the podcast that cuts through cybersecurity and risk management complexities. Host Jim welcomes Jack Jones, creator of the FAIR risk methodology, for an in-depth discussion on how his approach has transformed information security risk perception and management. Jack shares his journey from facing scepticism to global recognition, detailing the development of FAIR and its impact on the industry. He also previews his upcoming book on the controls analytics model, exploring the future of risk management and FAIR's role in advancing cybersecurity practices.
|
By Razorthorn
Dive into the intriguing world of cybersecurity and ransomware recovery in this thought-provoking video. As news broke about a $100 million ransomware operation being halted, initial reactions ranged from skepticism to amusement. However, the swift return of these cybercriminals highlights the resilience and adaptability of such groups.
|
By Razorthorn
Delve into the intricate world of cybersecurity breaches and law enforcement tactics in this insightful video. Uncover the root cause of breaches, such as the PHP vulnerability, shedding light on the pervasive challenge of patch management across industries. Critically analyze law enforcement's approach to handling cyber threats, as the decision to gamify the response raises questions about effectiveness and strategy. Should threat intelligence be wielded differently? Is there a missed opportunity in monitoring and gathering intelligence over time rather than immediate action?
|
By Razorthorn
In this eye-opening video, we delve deep into the intricate world of ransomware groups and their operational dynamics. Gain insights into the commission-based models driving their activities and the open sharing of data that fuels their operations. Explore the role of law enforcement and the limitations they face in combating these evolving cyber threats. Discover how some groups operate as a second line of defense, employing alternative tools and coding languages when traditional methods fail.
|
By Razorthorn
Join us as we navigate the complex challenges faced by law enforcement in the digital age. Despite efforts to take down, disrupt, and pressure criminal elements, the reality remains that these actions may not be enough to halt their activities. In this candid discussion, we explore the limitations of law enforcement in combating digital crime, acknowledging the difficulties they face in reaching elusive perpetrators hiding across the globe. While not dismissing their efforts entirely, we recognize the inherent challenges they encounter when confronting organized crime in cyberspace.
- April 2024 (10)
- March 2024 (18)
- February 2024 (17)
- January 2024 (16)
- December 2023 (21)
- November 2023 (20)
- October 2023 (15)
- September 2023 (23)
- August 2023 (17)
- July 2023 (19)
- June 2023 (24)
- May 2023 (19)
- April 2023 (10)
- March 2023 (21)
- February 2023 (23)
- January 2023 (1)
- December 2022 (2)
- November 2022 (13)
- October 2022 (4)
- September 2022 (1)
- August 2022 (3)
- July 2022 (4)
- June 2022 (2)
- April 2022 (3)
- February 2022 (3)
- January 2022 (4)
- October 2021 (1)
- August 2021 (2)
- July 2021 (3)
- June 2021 (5)
- May 2021 (5)
- April 2021 (1)
- March 2021 (1)
- October 2020 (1)
- May 2020 (1)
- April 2020 (1)
Razorthorn has a single purpose: to defend business-critical data and applications from cyber attacks and internal threats. Founded in 2007, Razorthorn has been delivering expert security consulting and testing services to some of the largest and most influential organisations in the world, including many in the Fortune 500.
Leaders in Cyber Intelligence:
- Cyber Security Consultancy: Delivering professional and dedicated consultants to our clients, we are specialists in all areas of cyber security consulting. Whether you need help with cyber security compliance or require CISO services, we work closely with our clients to provide short term or ongoing support, in line with your requirements and budget.
- Cyber Security Testing: It is essential to test your cyber security posture regularly, whether it’s a requirement for compliance or to ensure you are getting value for money from your cyber security solutions. In addition to pen testing, Razorthorn offer a comprehensive suite of cyber security testing services to ensure your data and business reputation is as secure as possible.
- Managed Services: We provide 24/7 managed cyber security services, working as an extension to your in house team or as your dedicated managed services partner. You will benefit from the skills and expertise of our team, the cost efficiency and flexibility that comes with outsourcing to a specialist service provider.
- Cyber Security Solutions: We work in partnership with hand-picked, industry leading solution providers, carefully selected for quality, effectiveness and to complement the services we offer.
Defending businesses against cyber attacks since 2007.