Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2024

From NIS to NIS2: What Your Organization Needs to Know

The first Network and Information Systems (NIS) Directive, introduced in 2016, was a key regulation that enhanced the EU’s cybersecurity posture, laying the foundation for protecting critical infrastructure and essential services from cyber threats. However, as cyber threats have evolved, so too must the regulations that protect against them. Enter NIS2—an updated and more comprehensive directive designed to address the gaps and limitations of its predecessor.

How to Prepare for a Cyber Essentials Plus Audit

Cyber Essentials is a UK government-supported certification scheme that helps organizations protect themselves against cyber threats by providing a framework of basic security controls for safeguarding systems. Cyber Essentials Plus builds on this foundation by requiring a more in-depth, hands-on assessment by an independent auditor. This audit not only verifies that essential cybersecurity controls are in place but also ensures they are functioning effectively in practice.

PSPF 001-2024: Safeguarding GovTech from Foreign Influence

In 2024, the Australian government introduced PSPF Direction 001-2024 in recognition of the potential threats posed by Foreign Ownership, Control, or Influence (FOCI) on technology assets and GovTech (government technology operations). As part of the Protective Security Policy Framework (PSPF), PSPF 001-2024 is a crucial step in evaluating and mitigating cyber risks associated with foreign interference in the procurement and maintenance of technology assets.

GDPR's Influence on Indian Data Protection Practices

The General Data Protection Regulation (GDPR), introduced by the European Union in 2018, has not only set a new benchmark for data privacy but has also significantly impacted global data protection frameworks. Its comprehensive and stringent requirements have prompted countries worldwide, such as India, to reevaluate and enhance their data protection laws. In recent years, India has been actively working on enhancing its data protection regulations, drawing considerable influence from the GDPR.

Effective Board Communication: Lessons from CrowdStrike for CISOs

The 2024 CrowdStrike Incident blue-screened Microsoft computers worldwide, causing significant disruptions to high-profile industries such as transportation, healthcare, and financial services. Now that the world has largely recovered, the most forward-minded chief information security officers (CISOs) are focusing on using the incident as an opportunity for continuous improvement. How can they prevent similar incidents from having such a disastrous impact on their organization in the future?

NCIIPC Explained: Safeguarding India's Critical Infrastructure

Safeguarding critical infrastructure is crucial for national security and economic stability in the digital age. The National Critical Information Infrastructure Protection Centre (NCIIPC) plays a key role in protecting India's vital assets and critical infrastructure. Tasked with the monumental duty of protecting the nation's most vital assets—such as power grids and financial systems—the NCIIPC stands as a stronghold against the constantly evolving landscape of cyber threats.

CISO Strategies Post-CrowdStrike to Safeguard the Balance Sheet

The ubiquitous CrowdStrike incident resulted in a major diversion of resources, with some hard-hit organizations assigning almost all of their IT and security personnel to damage control. As a CISO of an impacted organization, you will likely be required to answer for a lack of resilience to this type of event. To support your decision-making as you reevaluate your resilience budgets, this post outlines four resilience strategies based on key learnings from the CrowdStrike event.

How CISOs Should Handle Future CrowdStrike-type Breaches

SolarWinds, MOVEit, Knight Capital, and now CrowdStrike. The vendor ecosystem will remain a major playing field for operational disruptions. But are you ready for the next inevitable event? As a CISO, your response to such a question from the board shouldn't be anything less than a resounding "Yes!" Here are five plans of action to help your organization survive the next major IT quake, whether it's due to another rusty security update or a third-party breach.