|
By Razorthorn
By James Rees, MD, Razorthorn Security In an era of interconnected services and external partnerships, two critical security challenges loom large: third party risk and insider threats. Recent events highlight these concerns – from the massive breach of Social Security numbers through a service provider to the CrowdStrike incident that grounded major airlines, causing hundreds of millions in damages.
|
By Razorthorn
By James Rees, MD, Razorthorn Security In today’s complex cybersecurity landscape, Governance, Risk and Compliance (GRC) tools have become essential for organisations managing intricate security ecosystems. These tools are designed to centralise information, streamline processes and offer crucial insights into an organisation’s risk posture. However, as cybersecurity expert Jack Jones revealed when he joined me on a recent podcast, the reality often falls short of these ambitious claims.
|
By James Rees
The cybersecurity industry is known for its cutting edge technology and constant evolution, but beneath the surface of firewalls and threat detection lies a aspect that’s discussed less regularly: the mental health and wellbeing of its professionals. As cyber threats grow more sophisticated, so too does the pressure on those tasked with defending against them.
|
By Razorthorn
By James Rees, MD, Razorthorn Security In the rapidly evolving world of cybersecurity, artificial intelligence (AI) and large language models (LLMs), have become buzzwords that seem to promise revolutionary solutions. However, as with any emerging technology, it’s crucial to separate hype from reality.
|
By Razorthorn
By James Rees, MD, Razorthorn Security Times must change (and always will) and nowhere is this more true than in the realm of technological advancement. Thirty years ago, the technological landscape was vastly different from what we have today and technological change has outpaced Moore’s Law for some time now. Information security must keep pace with these advancements. This has become especially true with the advent of AI.
|
By Razorthorn
By Michael Aguilera, Lead Penetration Tester, Razorthorn Security Over the past decade, crowdsourced penetration testing has grown in popularity because of its convenience and cost effectiveness. However, this surge in popularity does not come without its caveats. In this blog, we’ll explore the benefits and risks of crowdsourced penetration testing, compare it with traditional methods and help you make an informed decision for your organisation’s cybersecurity needs.
|
By Jamie Hayward
The Digital Operational Resilience Act (DORA) is set to reshape the landscape of financial services in the European Union. But its impact extends beyond EU borders, particularly affecting UK-based Information and Communication Technology (ICT) service providers. Let’s explore how DORA might influence these providers and what steps they should consider taking.
|
By Steven Kenyon
Companies must prioritise a comprehensive and proactive approach to network security. Among the most effective strategies to ensure robust defence mechanisms is rigorous penetration testing. By adopting an “assumed breach” mentality, organisations can better prepare for potential attacks, ensuring they are not merely reacting to threats but actively preventing them.
|
By Michael Aguilera
In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.
|
By James Rees
Recently, Computer Weekly released an article entitled “Budgets Rise As IT Decision Makers Ramp Up Cybersecurity Spending” on 18th March 2024. It was an interesting article as it cited a number of stats that showed that IT departments plan to increase their cybersecurity budget and that globally 65% of organisations were going to spend more on cybersecurity.
|
By Razorthorn
Are layoffs increasing your cybersecurity risk and driving your team to burnout? This episode looks into the psychological underpinnings of infosec to navigate turbulent times at work.
|
By Razorthorn
As outsourcing grows, so do third-party risks. Discover why regular checks and a resilience plan are essential for managing long-term vendor relationships and preventing potential threats.
|
By Razorthorn
Discover why third-party relationships carry inherent risks and the importance of ongoing due diligence. Learn how companies often fall short by only conducting initial checks and the impact if a vendor suddenly goes out of business.
|
By Razorthorn
Every vendor you trust and every employee you hire could be your next security crisis—explore the realities of third party risk and insider threats on this episode of Razorwire! Join us for a discussion on the multifaceted challenges of third party risk and how they can destabilise your organisation. From the growing complexities of cloud providers like AWS and Azure to detecting and dealing with insider threats, our conversation covers it all.
|
By Razorthorn
Despite the potential, Jack Jones argues that most GRC tools fail to understand risk and end up being repositories of irrelevant data. Hear why they don’t hit the mark and what needs to change.
|
By Razorthorn
Jack Jones points out that many CISOs know security but not risk. Learn why a lack of understanding of true risks versus security control issues leads to ineffective GRC implementations.
|
By Razorthorn
Jack Jones highlights the noise problem in GRC tools, where organizations mistakenly label control deficiencies as risks. Find out how this misclassification leads to wasted efforts and a junkyard of irrelevant data.
|
By Razorthorn
Learn how Jack Jones frames discussions with executives by focusing on loss event scenarios that matter to them. Discover how to report risks in terms of probability and impact using data from GRC tools.
|
By Razorthorn
In a perfect world, what should a GRC tool do? Jack Jones outlines how a GRC tool should help organisations manage the frequency and magnitude of loss events and how risk should be the core foundation of such tools.
|
By Razorthorn
In this episode of Razorwire, we're joined by Jack Jones, creator of the FAIR risk model, to explore the complexities of Governance, Risk and Compliance (GRC) tools. We cut through the noise to deliver actionable insights on how to truly manage risk and improve the value and efficiency of your GRC solutions.
- November 2024 (3)
- October 2024 (17)
- September 2024 (16)
- August 2024 (20)
- July 2024 (19)
- June 2024 (13)
- May 2024 (20)
- April 2024 (24)
- March 2024 (18)
- February 2024 (17)
- January 2024 (16)
- December 2023 (21)
- November 2023 (20)
- October 2023 (15)
- September 2023 (23)
- August 2023 (17)
- July 2023 (19)
- June 2023 (24)
- May 2023 (19)
- April 2023 (10)
- March 2023 (21)
- February 2023 (23)
- January 2023 (1)
- December 2022 (2)
- November 2022 (13)
- October 2022 (4)
- September 2022 (1)
- August 2022 (3)
- July 2022 (4)
- June 2022 (2)
- April 2022 (3)
- February 2022 (3)
- January 2022 (4)
- October 2021 (1)
- August 2021 (2)
- July 2021 (3)
- June 2021 (5)
- May 2021 (5)
- April 2021 (1)
- March 2021 (1)
- October 2020 (1)
- May 2020 (1)
- April 2020 (1)
Razorthorn has a single purpose: to defend business-critical data and applications from cyber attacks and internal threats. Founded in 2007, Razorthorn has been delivering expert security consulting and testing services to some of the largest and most influential organisations in the world, including many in the Fortune 500.
Leaders in Cyber Intelligence:
- Cyber Security Consultancy: Delivering professional and dedicated consultants to our clients, we are specialists in all areas of cyber security consulting. Whether you need help with cyber security compliance or require CISO services, we work closely with our clients to provide short term or ongoing support, in line with your requirements and budget.
- Cyber Security Testing: It is essential to test your cyber security posture regularly, whether it’s a requirement for compliance or to ensure you are getting value for money from your cyber security solutions. In addition to pen testing, Razorthorn offer a comprehensive suite of cyber security testing services to ensure your data and business reputation is as secure as possible.
- Managed Services: We provide 24/7 managed cyber security services, working as an extension to your in house team or as your dedicated managed services partner. You will benefit from the skills and expertise of our team, the cost efficiency and flexibility that comes with outsourcing to a specialist service provider.
- Cyber Security Solutions: We work in partnership with hand-picked, industry leading solution providers, carefully selected for quality, effectiveness and to complement the services we offer.
Defending businesses against cyber attacks since 2007.