|
By Razorthorn
Razorthorn has worked with wide range of technically savvy clients who are confident they would spot a fake, but confidence is exactly what makes deepfake fraud so effective. In 2024, a finance manager at engineering firm Arup transferred $25 million to fraudsters after taking part in a video call with what appeared to be his CFO and several colleagues. Every person on that call was fabricated. None of it was real.
|
By Razorthorn
Your third party suppliers probably aren’t as secure as you think they are. SecurityScorecard’s 2025 Global Third Party Breach Report found that at least 35.5% of all data breaches in 2024 originated from third party compromises. That’s not a minor risk you can ignore. The numbers tell a stark story. But here’s what most organisations miss: the real figure is likely higher since many breaches aren’t disclosed or are mistakenly reported as internal incidents.
|
By Razorthorn
Let’s get right to it: Razorthorn Security helps organisations achieve and maintain PCI DSS compliance through expert consultancy, gap analysis and preparation for formal assessment and has been recognised by Gartner as a market leader in PCI DSS QSA services. If you’re handling payment card data, you’ll need qualified support to navigate the 500+ controls that PCI DSS demands.
|
By Razorthorn
Passwords were invented in the 1960s. Six decades later, we’re still using them to protect everything from email accounts to bank transfers to corporate networks. The problem isn’t just that they’re old technology, it’s that they were never designed for the world we live in now.
|
By Razorthorn
Guest post by Capsule Cyber insurance has rapidly evolved from being considered a specialist offering to a critical pillar of modern risk management. Yet many businesses still misunderstand what it covers and just as importantly, what it doesn’t do.
|
By Razorthorn
When it comes to cyber insurance for SMEs, many small and medium-sized enterprises believe that cyber insurance feels like an optional extra, not a necessity, something to worry about later. This risk-taking attitude is often driven by various common misconceptions: The opposite is often true. Smaller businesses are frequently seen as easier targets due to limited budgets, lean security teams, and less mature cyber defences.
|
By Razorthorn
By James Rees, MD, Razorthorn Security The Digital Operational Resilience Act (DORA) isn’t just another regulatory hurdle to clear. It’s fundamentally changing how financial institutions think about operational risk, particularly when it comes to the third party providers that now handle much of their critical technology infrastructure. DORA third party compliance has become a critical priority for EU financial institutions since the regulation came into force in January 2025.
|
By Razorthorn
By James Rees, MD, Razorthorn Security The artificial intelligence revolution isn’t coming. It’s here and it’s moving faster than anyone predicted. Children now trust ChatGPT more than their parents for information. AI-generated content is becoming indistinguishable from human work. Entire industries are being reshaped by technology that seemed like science fiction just a few years ago.
|
By James Rees
The artificial intelligence revolution isn’t coming. It’s here and it’s moving faster than anyone predicted. Children now trust ChatGPT more than their parents for information. AI-generated content is becoming indistinguishable from human work. Entire industries are being reshaped by technology that seemed like science fiction just a few years ago.
|
By James Rees
Continuous Threat Exposure Management (CTEM) is gaining increasing recognition as a crucial component for mature cybersecurity programmes. Both Gartner and Forrester have highlighted CTEM as “a strategic imperative,” underscoring its importance in addressing modern cyber risks. This recognition is well founded, as demonstrated by recent cyberattacks on major organisations including Marks & Spencer, Co-op, Harrods, the NHS and American healthcare institutions.
Three issues stand out right now, shadow AI hidden across the ecosystem, defenders struggling to manage new exposures, and attackers accelerating faster than security teams can respond. Those three together are reshaping what cyber risk looks like for every business.
One simple prompt change, asking an AI to respond like a caveman with shorter sentences and fewer words, reportedly cut token spend by 75 percent. It is a funny example, but it points to a bigger issue, AI efficiency and cost control will matter far more as usage spreads.
Many AI companies are still running at a loss while businesses rush to build critical services on top of them. If compute costs rise and margins collapse, some of those vendors may disappear without warning, taking business critical processes down with them.
Anyone claiming they have fully solved AI governance is getting ahead of reality. AI is moving so fast that by the time many organisations write the rules, the technology, risks and use cases have already changed again.
AI is hitting security teams from three directions at once. Vendors are already using it, other vendors are selling it as the answer to everything, and attackers are using it to move faster than defenders can keep up.
Security questionnaires often fail because they rely on trust, vague answers and people who may not even know the real state of their controls. A simple yes or no response tells you very little when the real question is where those controls exist and whether they work.
A single ransomware attack pushed a 156-year-old logistics company into receivership within 90 days and out of business within five months. The real damage spread far beyond one firm, hitting supply chains, delaying deliveries and costing dependent businesses millions.
AI is disrupting the enterprise software market. James Rees built a fully-functional GRC tool in just two weeks using Codex. No development team needed. No million-pound licensing fee, just AI and subject matter expertise. If a CISO can build what competitors charge hundreds of thousands for in a couple of weeks, what happens to the vendor market? As large language models like Daybreak and Mythos evolve, this problem gets worse for SaaS companies.
Your vendors are adopting AI faster than you can assess them. What does that mean for your third party risk? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this Spotlight on Technology episode, I'm joined by Jeffrey Wheatman, Senior Vice President and Cyber Risk Strategist at Black Kite. Jeffrey previously spent over a decade as an analyst VP at Gartner, where he launched their third party cyber risk management coverage.
This episode looks at how supplier cyber posture affects your business, why spreadsheets and questionnaires no longer cut it, and how AI is making third party risk harder to see and faster to spread. It covers resilience, shadow AI, vendor collapse, supply chain impact and the reality that you are only as strong as your weakest link.
- June 2026 (10)
- May 2026 (19)
- April 2026 (29)
- March 2026 (24)
- February 2026 (23)
- January 2026 (20)
- December 2025 (23)
- November 2025 (27)
- October 2025 (24)
- September 2025 (20)
- August 2025 (23)
- July 2025 (24)
- June 2025 (20)
- May 2025 (13)
- April 2025 (16)
- March 2025 (20)
- February 2025 (17)
- January 2025 (19)
- December 2024 (16)
- November 2024 (8)
- October 2024 (17)
- September 2024 (16)
- August 2024 (20)
- July 2024 (19)
- June 2024 (13)
- May 2024 (20)
- April 2024 (24)
- March 2024 (18)
- February 2024 (17)
- January 2024 (16)
- December 2023 (21)
- November 2023 (20)
- October 2023 (15)
- September 2023 (23)
- August 2023 (17)
- July 2023 (19)
- June 2023 (24)
- May 2023 (19)
- April 2023 (10)
- March 2023 (21)
- February 2023 (23)
- January 2023 (1)
- December 2022 (2)
- November 2022 (13)
- October 2022 (4)
- September 2022 (1)
- August 2022 (3)
- July 2022 (4)
- June 2022 (2)
- April 2022 (3)
- February 2022 (3)
- January 2022 (4)
- October 2021 (1)
- August 2021 (2)
- July 2021 (3)
- June 2021 (5)
- May 2021 (5)
- April 2021 (1)
- March 2021 (1)
- October 2020 (1)
- May 2020 (1)
- April 2020 (1)
Razorthorn has a single purpose: to defend business-critical data and applications from cyber attacks and internal threats. Founded in 2007, Razorthorn has been delivering expert security consulting and testing services to some of the largest and most influential organisations in the world, including many in the Fortune 500.
Leaders in Cyber Intelligence:
- Cyber Security Consultancy: Delivering professional and dedicated consultants to our clients, we are specialists in all areas of cyber security consulting. Whether you need help with cyber security compliance or require CISO services, we work closely with our clients to provide short term or ongoing support, in line with your requirements and budget.
- Cyber Security Testing: It is essential to test your cyber security posture regularly, whether it’s a requirement for compliance or to ensure you are getting value for money from your cyber security solutions. In addition to pen testing, Razorthorn offer a comprehensive suite of cyber security testing services to ensure your data and business reputation is as secure as possible.
- Managed Services: We provide 24/7 managed cyber security services, working as an extension to your in house team or as your dedicated managed services partner. You will benefit from the skills and expertise of our team, the cost efficiency and flexibility that comes with outsourcing to a specialist service provider.
- Cyber Security Solutions: We work in partnership with hand-picked, industry leading solution providers, carefully selected for quality, effectiveness and to complement the services we offer.
Defending businesses against cyber attacks since 2007.