|
By Steven Kenyon
Companies must prioritise a comprehensive and proactive approach to network security. Among the most effective strategies to ensure robust defence mechanisms is rigorous penetration testing. By adopting an “assumed breach” mentality, organisations can better prepare for potential attacks, ensuring they are not merely reacting to threats but actively preventing them.
|
By Michael Aguilera
In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.
|
By James Rees
Recently, Computer Weekly released an article entitled “Budgets Rise As IT Decision Makers Ramp Up Cybersecurity Spending” on 18th March 2024. It was an interesting article as it cited a number of stats that showed that IT departments plan to increase their cybersecurity budget and that globally 65% of organisations were going to spend more on cybersecurity.
|
By David Tattersall
The Payment Card Industry Data Security Standard (PCI DSS) was published over 15 years ago and in that time has undergone a series of revisions as technology, the threat landscape and information security best practices have changed.
|
By James Rees
The recent LockBit group take down has shown the world at large the cost of cybercrime. Initially it was reported that just over $100 million had been gathered through the nefarious acts of this particular group but, as I suspected, that initial figure was just a drop in the ocean. It turns out that the real figure was in excess of $1 billion dollars over the last four years, and I still suspect this may be more.
|
By James Rees
Over the last few weeks I have been catching up with a number of my cybersecurity contacts, primarily engaging with them for new content on our increasingly popular Razorwire podcast. During these conversations, as tends to happen during at this time of year, one of the things I have discussed with these professionals is what are (in their view) some key cybersecurity trends for 2024?
|
By James Rees
A big requirement that all European based organisations (or organisations that want to deal with the EU) must be aware of is the new DORA legislation coming in to effect in January 2025, and with just a year to implement your strategies, it’s worthwhile reviewing how you measure up now so that you have the time to ensure you comply before the deadline.
|
By Shauli Zacks
In SafetyDetectives‘ recent interview with James Rees, the Managing Director of Razorthorn Security, he provided insights into the company’s unique approach to cybersecurity consultancy and its evolution in response to the changing landscape. Established 17 years ago during a period of upheaval in the information security field, Razorthorn Security prioritizes customer satisfaction, fostering a customer-centric approach that has contributed to a high client retention rate.
|
By James Rees
We live in a business world where vast amounts of our critical services are delivered to us as a service. The world of on premise solutions has all but disappeared – sure, there are still some systems that operate on premise but these days, more key services are delivered to users and organisations as a service solution. This has increased profitability, allowed small companies to gain access to software and systems that previously were out of reach and has dealt a significant blow to piracy.
|
By James Rees
Here we are, at the end of 2023. It’s high time for updating defence in depth strategies across all organisations, and let me tell you why. We’re all aware of the uptick in high profile cyber attacks and compromises, across all sectors. Ransomware specifically has caused more economic loss and pain for the business world than any other information security event previously, and attacks are speeding up at a steady rate with larger and larger targets and ransoms being asked.
|
By Razorthorn
Explore the critical gap in many organizations where cyber strategy fails to align with business goals in this insightful episode from the Razorwire Podcast. Learn why this misalignment poses challenges for CISOs and other cybersecurity professionals who struggle to communicate the importance of security investments to decision-makers. This short delves into the often overlooked connection between a company's risk appetite and its cybersecurity measures, emphasizing the need for a cohesive strategy that supports the core business objectives.
|
By Razorthorn
This episode of the Razorwire Podcast reveals startling statistics on burnout among cybersecurity professionals. Learn about the severe impact of stress in the cybersecurity field, with findings showing that 50 to 85% of professionals are experiencing burnout. The discussion also highlights a concerning forecast by Gartner, predicting that by 2025, a quarter of cybersecurity leaders will exit the profession due to overwhelming stress. Tune in to understand the depth of this issue and what it means for the future of cybersecurity.
|
By Razorthorn
Uncover the untold pressures of cybersecurity professionals with this revealing episode from the Razorwire Podcast. Discover the challenges faced by those in information security, often unseen and underappreciated in the business world. From being perceived as pessimists to being labeled as merely "digital security guards," hear firsthand from an experienced security veteran about the misconceptions and struggles of protecting a well-known newspaper's digital gates. This short will shine a light on why cybersecurity is not just about technology, but also about overcoming skepticism and validating the crucial role of security in every organization.
|
By Razorthorn
Dive into the world of cybersecurity with this eye-opening episode from the Razorwire Podcast. Discover why cybersecurity teams are often seen as the "Department of No" in the corporate world, similar to how dentists are viewed—necessary but avoided until absolutely essential. This short explores the crucial, yet often thankless job of protecting data and systems, highlighting the unique challenges faced by those in information security. Join us to understand the critical role these professionals play, especially when crisis strikes and the organisation's digital health is at risk.
|
By Razorthorn
Dive into today's Razorwire episode where we explore the critical issue of burnout in the cybersecurity field. Join Yanya Viskovich, a cyber resilience expert, and Eve Parmiter, a clinical traumatologist, as they provide invaluable insights into combating burnout among cyber defenders. In this episode.
|
By Razorthorn
Dive into the contentious realm of cyber risk clarification in this eye-opening video. Explore the challenges faced by proponents of risk assessment methodologies as they encounter resistance from influential figures in the industry. Hear about the shocking experiences of individuals who have been met with accusations of criminal negligence simply to advocate for clearer risk communication. Despite the pushback, join us as we navigate through the discourse and strive to shed light on the importance of cyber risk understanding and mitigation.
|
By Razorthorn
Delve into the journey of overcoming conceptual challenges in the development of FAIR (Factor Analysis of Information Risk) in this enlightening video. Join as the creator shares personal insights into grappling with quantitative limitations and navigating the complexities of risk assessment. Discover how invaluable support from seasoned executives in actuarial departments provided clarity and assurance amidst uncertainties. Gain valuable perspectives on tackling subjectivity, measurements, and more from experienced professionals.
|
By Razorthorn
Embark on a journey into the innovative realm of control factoring in cybersecurity in this captivating video. Explore the inspiration behind this approach, rooted in the principles of physics and physical environments. Join the creator as they draw parallels between rating scales for tornado strength and structural requirements, pondering the applicability of such concepts in the cybersecurity domain. Delve into the challenges of translating physical forces into abstract measurements and discover the complexities inherent in this endeavor.
|
By Razorthorn
Explore the nuanced nature of probability and risk assessment in this insightful video. Join us as we navigate the diverse perspectives that shape individual interpretations of what's probable. Discover how the FAIR (Factor Analysis of Information Risk) methodology provides a structured approach to understanding and communicating risk, making it accessible not only to the creator but to a wider audience. Gain insights into the challenges of assigning probabilities to uncertain events with limited data, and learn how FAIR methodology offers clarity in the face of uncertainty.
Evolution of Cyber Clarification: Challenging Old Beliefs for New Possibilities |Razorthorn Security
|
By Razorthorn
Unravel the evolution of cyber clarification in this thought-provoking video. Drawing inspiration from physicist Max Planck's famous quote, we explore how science – and in this case, cybersecurity – progresses with the passing of the old guard and the emergence of the new. Delve into the challenges faced by those entrenched in traditional beliefs, who once deemed cyber clarification an impossibility. Join us as we challenge these notions and pave the way for new perspectives and possibilities in the realm of cybersecurity.
- April 2024 (17)
- March 2024 (18)
- February 2024 (17)
- January 2024 (16)
- December 2023 (21)
- November 2023 (20)
- October 2023 (15)
- September 2023 (23)
- August 2023 (17)
- July 2023 (19)
- June 2023 (24)
- May 2023 (19)
- April 2023 (10)
- March 2023 (21)
- February 2023 (23)
- January 2023 (1)
- December 2022 (2)
- November 2022 (13)
- October 2022 (4)
- September 2022 (1)
- August 2022 (3)
- July 2022 (4)
- June 2022 (2)
- April 2022 (3)
- February 2022 (3)
- January 2022 (4)
- October 2021 (1)
- August 2021 (2)
- July 2021 (3)
- June 2021 (5)
- May 2021 (5)
- April 2021 (1)
- March 2021 (1)
- October 2020 (1)
- May 2020 (1)
- April 2020 (1)
Razorthorn has a single purpose: to defend business-critical data and applications from cyber attacks and internal threats. Founded in 2007, Razorthorn has been delivering expert security consulting and testing services to some of the largest and most influential organisations in the world, including many in the Fortune 500.
Leaders in Cyber Intelligence:
- Cyber Security Consultancy: Delivering professional and dedicated consultants to our clients, we are specialists in all areas of cyber security consulting. Whether you need help with cyber security compliance or require CISO services, we work closely with our clients to provide short term or ongoing support, in line with your requirements and budget.
- Cyber Security Testing: It is essential to test your cyber security posture regularly, whether it’s a requirement for compliance or to ensure you are getting value for money from your cyber security solutions. In addition to pen testing, Razorthorn offer a comprehensive suite of cyber security testing services to ensure your data and business reputation is as secure as possible.
- Managed Services: We provide 24/7 managed cyber security services, working as an extension to your in house team or as your dedicated managed services partner. You will benefit from the skills and expertise of our team, the cost efficiency and flexibility that comes with outsourcing to a specialist service provider.
- Cyber Security Solutions: We work in partnership with hand-picked, industry leading solution providers, carefully selected for quality, effectiveness and to complement the services we offer.
Defending businesses against cyber attacks since 2007.