Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Threat-led pen testing and its role in DORA compliance

enabling businesses to proactively uncover vulnerabilities that could otherwise be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.

The changing face of the incident response retainer

However, while the retainer model has evolved to meet changing security needs, not all options offer the flexibility required in today’s complex threat landscape. This article outlines how the incident response retainer has changed and continues to develop in scope, and also looks at the different types of available retainer models.

What are the benefits of an incident response retainer?

A cyber incident response retainer can help businesses to better manage both the financial and security risks posed by constantly evolving threats. This article outlines the benefits of the retainer model and also covers what organisations should look for in a potential provider.

NCSC sets out plans to launch Advanced Cyber Defence 2.0

An initiative of the National Cyber Security Centre (NCSC) since 2017, the Active Cyber Defence (ACD) programme has provided a range of free cyber security tools and services to enable eligible public sector organisations to address high-volume commodity attacks. Following on from its success, the NCSC has announced plans to launch a new version of ACD, aimed at extending its benefits to businesses.

Top 5 Cyber Security Threats in Manufacturing

From email compromise to insider threat, manufacturing businesses are under pressure to defend themselves effectively from threats across their environment. Drawing on insights from the recent Kroll report, The State of Cyber Defense: Manufacturing Resilience, this article outlines the primary threats currently impacting manufacturing companies.

What are PECR? Securing electronic communications in line with the latest requirements

Any organisation that sends electronic marketing communications via phone, fax, email or text, uses web cookies, or provides communications services to the public falls under the scope of the PECR, and must be aware of its information security requirements.

A guide to the OWASP TOP 10 for large language model applications

Attackers are increasingly targeting vulnerabilities within large language models (LLMs) used to recognise and generate text. In response to the growing risk, the recently launched OWASP Top 10 for LLMs covers the key vulnerabilities within these types of AI applications. Read our guide to learn more about the most critical vulnerabilities and how to reduce AI security risks.

Kroll insights hub highlights key AI security risks

From chatbots like ChatGPT to the large language models (LLMs) that power them, managing and mitigating potential AI vulnerabilities is an increasingly important aspect of effective cybersecurity. Kroll’s new AI insights hub explores some of the key AI security challenges informed by our expertise in helping businesses of all sizes, in a wide range of sectors. Some of the topics covered on the Kroll AI insights hub are outlined below.