Cybersecurity due diligence is an important part of the mergers and acquisitions (M&A) process because it helps ensure that the target company’s information assets are secure and that the acquiring company is not taking on any unexpected cybersecurity risks. M&A deals can be complex, and it is important to thoroughly assess the cybersecurity posture of […]
Hiring a CISO is like hiring the top general for an army just before a war. Some generals stay in history as the greatest military leaders of all time, leading their armies from victory to victory and putting any attacker to shame. Others cause loss after loss. In this article, we will expand on the […]
2 am on a Friday night with all your servers and desktops encrypted by ransomware is not the best way to start a weekend. A security incident is just a symptom of a deeper underlying problem – usually that problem starts with the lack of security leadership. Most small firms of up to 500 employees […]
How to prepare and write an SSP (System Security Plan) for business cyber continuity The CMMC 2.0 certification process requires that you generate and follow an SSP (System Security Plan). But that is not what you should start with! Look at the graph below. Your first step is to identify all risks as per NIST […]
Image credit: https://github.com/Orange-Cyberdefense/arsenal Active Directory is responsible for authorisation, authentication and privilege control as the core of most organisations’ IT infrastructure. And the image above is how a hacker sees it – the mind map is specifically called “Pentesting Active Directory,” created by an organisation specialising in attacking Active Directory the same way a hacker […]
This article clarifies some of the terminology and processes around getting your SOC 2 Type 1 and Type 2 reports if you are a SaaS company. What is SOC 2? SOC stands for “service organization controls.” SOC 2 is a reporting framework developed by AICPA. It is not a security framework; AICPA sets the criteria, […]
It’s not just large corporates who fall victim to cyber-attacks. Far from it. SMEs are increasingly targeted, often with serious consequences for their clients as well as the firm’s reputation.
“Everyone has a plan until they get punched in the face.” – Mike Tyson
Not an everyday occurrence, but certainly a reality experienced or heard of, and perhaps on-going within your organisation as you read this.
“An investment in knowledge pays the best interest.” Benjamin Franklin
“Everybody has to pay attention to the digital revolution.” David Bonderman