This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts.

The Canadian, US, and UK governments issued a series of recommendations in their just-released security alert Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity, which mirror my own insights on the important topic. The alert notes that all three governments are aware of pro-Russia hacktivists targeting and compromising small-scale OT systems in North American and European Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture sectors.

Using open-source code exposes organizations to a tremendous amount of risk, yet this point is treated like a dirty little secret that nobody talks about. So, let’s live on the edge and take a minute to talk about the problem. Open-source code is an oddity. Generally, open-source code is often placed in small packets tucked inside massive programs that corporations use to run their most important processes or it is adopted as a whole program and tasked with running some part of a business.

Trustwave has been positioned in the Leaders Category in the IDC MarketScape for Worldwide Emerging Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc #US50101523 April 2024).

For the second consecutive year, Cyber Defense Magazine honored Trustwave with a 2024 Global InfoSec Award for Best Solution Managed Detection and Response (MDR) Service Provider.

This is Part 10 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. Identity protection is one of the most important topics in cybersecurity. It is often complex in its configuration and operation. Over 80 percent of all security incidents result from poor identity access controls. Consider the following recommendations when developing a comprehensive Identity Management strategy.

An offensive security strategy is a sophisticated and dynamic approach that extends beyond mere testing. It's a comprehensive plan that aligns with an organization's core mission, transforming security from a passive shield to an active spearhead. After all, in any fight, a combatant can only block punches for so long before striking back.

If the UK is serious about digitizing the economy, then cybersecurity is priority number one and the first step should be to take a hard look at the UK Government's recently released draft code of practice for cybersecurity governance. Whilst governments around the globe have been kicking around the metaphorical can of AI regulation, something has been going on in the background: something tangible, incredibly dangerous, and increasingly more frequent: cybercrime.

This is Part 9 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. In the movie The Matrix, The Key Maker controlled access to many locations and resources with the goal of preventing malicious code from destroying sensitive information. In a rare life-imitates-art situation, organizations today face the same challenge as they work to protect operational processes and corporate information.

Offensive security has become a cornerstone strategy for organizations aiming to fortify their defenses against cyber threats. However, before one creates a suitably developed offensive security program, an organization must ensure it is properly scoped. This will ensure the final product is effective, efficient, and aligned with the organization's overall security objectives. Here's a guide to help organizations understand and implement a well-scoped offensive security program.