|
By Steven Kenyon
Companies must prioritise a comprehensive and proactive approach to network security. Among the most effective strategies to ensure robust defence mechanisms is rigorous penetration testing. By adopting an “assumed breach” mentality, organisations can better prepare for potential attacks, ensuring they are not merely reacting to threats but actively preventing them.
|
By Michael Aguilera
In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.
|
By James Rees
Recently, Computer Weekly released an article entitled “Budgets Rise As IT Decision Makers Ramp Up Cybersecurity Spending” on 18th March 2024. It was an interesting article as it cited a number of stats that showed that IT departments plan to increase their cybersecurity budget and that globally 65% of organisations were going to spend more on cybersecurity.
|
By David Tattersall
The Payment Card Industry Data Security Standard (PCI DSS) was published over 15 years ago and in that time has undergone a series of revisions as technology, the threat landscape and information security best practices have changed.
|
By James Rees
The recent LockBit group take down has shown the world at large the cost of cybercrime. Initially it was reported that just over $100 million had been gathered through the nefarious acts of this particular group but, as I suspected, that initial figure was just a drop in the ocean. It turns out that the real figure was in excess of $1 billion dollars over the last four years, and I still suspect this may be more.
|
By James Rees
Over the last few weeks I have been catching up with a number of my cybersecurity contacts, primarily engaging with them for new content on our increasingly popular Razorwire podcast. During these conversations, as tends to happen during at this time of year, one of the things I have discussed with these professionals is what are (in their view) some key cybersecurity trends for 2024?
|
By James Rees
A big requirement that all European based organisations (or organisations that want to deal with the EU) must be aware of is the new DORA legislation coming in to effect in January 2025, and with just a year to implement your strategies, it’s worthwhile reviewing how you measure up now so that you have the time to ensure you comply before the deadline.
|
By Shauli Zacks
In SafetyDetectives‘ recent interview with James Rees, the Managing Director of Razorthorn Security, he provided insights into the company’s unique approach to cybersecurity consultancy and its evolution in response to the changing landscape. Established 17 years ago during a period of upheaval in the information security field, Razorthorn Security prioritizes customer satisfaction, fostering a customer-centric approach that has contributed to a high client retention rate.
|
By James Rees
We live in a business world where vast amounts of our critical services are delivered to us as a service. The world of on premise solutions has all but disappeared – sure, there are still some systems that operate on premise but these days, more key services are delivered to users and organisations as a service solution. This has increased profitability, allowed small companies to gain access to software and systems that previously were out of reach and has dealt a significant blow to piracy.
|
By James Rees
Here we are, at the end of 2023. It’s high time for updating defence in depth strategies across all organisations, and let me tell you why. We’re all aware of the uptick in high profile cyber attacks and compromises, across all sectors. Ransomware specifically has caused more economic loss and pain for the business world than any other information security event previously, and attacks are speeding up at a steady rate with larger and larger targets and ransoms being asked.
|
By Razorthorn
Explore the critical questions around bug bounty programs with Amy Stokes-Waters in this insightful clip. Amy questions the reliability of crowdsourced pen testing, raising concerns about what might not be reported. Discover why trusting bug bounty programs to reveal all vulnerabilities could leave organizations exposed to cybercriminals like LockBit. This video sheds light on the potential hidden dangers and underscores the importance of comprehensive security audits.
|
By Razorthorn
Amy Stokes-Waters shares a startling anecdote from her pen testing sales experience in this must-watch clip. Learn how a company with 3,000 employees misunderstood the real risks of insider threats. Amy highlights the common oversight where businesses assume 'nice' means 'safe,' exposing them to potential cyberattacks. This video underscores the critical need for rigorous network security and vigilant monitoring of internal threats.
|
By Razorthorn
Join Amy Stokes-Waters as she challenges traditional security awareness training methods in this compelling clip. Why rely on dull videos and animations when engaging users is key to strengthening cybersecurity? Discover how making security training interesting can transform users from being the weakest link to a robust line of defense. Tune in for innovative ideas that could revolutionize how we approach cybersecurity education.
|
By Razorthorn
Join us on this week's edition of the Razorwire podcast where host Jim chats with Amy Stokes-Waters, CEO of The Cyber Escape Room Co. Amy, transitioning from a non-traditional background into cybersecurity, shares her entrepreneurial journey and innovative approach to security awareness training through engaging escape room experiences.
|
By Razorthorn
Amy Stokes-Waters discusses a real-world attempt to bribe a Tesla employee for secure access, highlighting the overlooked dangers of insider threats in cybersecurity. Discover the risks businesses face from both internal and outsourced hacking efforts, and why robust security measures are crucial. Tune in for more insights into the hidden world of corporate espionage and its impact on information security.
|
By Razorthorn
This episode of the Razorwire Podcast emphasizes the importance of a human-centric approach in cybersecurity workplaces to combat stress and reduce burnout rates. Discover how encouraging openness about mistakes and reducing process friction can not only mitigate human risk in cybersecurity but also enhance the overall well-being of professionals in the field. Learn about the benefits of fostering an environment where challenging the status quo and admitting errors are viewed as opportunities for growth and improvement.
|
By Razorthorn
This Razorwire Podcast episode tackles the deep-rooted issue of burnout in cybersecurity, emphasizing that superficial solutions like wellness classes are not enough. Discover how addressing burnout requires comprehensive, multidisciplinary approaches that focus on both individual resilience and systemic organizational changes. Learn how poor organizational culture contributes to high burnout and attrition rates, and explore actionable strategies to create a more supportive and sustainable work environment for information security professionals.
|
By Razorthorn
In this enlightening episode of the Razorwire Podcast, explore the transformative power of embracing failure within organizations to accelerate response times to cybersecurity threats. Learn why fostering a culture that views mistakes as learning opportunities is crucial for rapid adaptation and improvement, particularly in handling phishing attacks—the most common method used by attackers. The discussion delves into how a shift in organizational culture can dramatically reduce the average time it takes to detect and respond to breaches, currently standing at a staggering 287 days.
|
By Razorthorn
Discover the secret to sustained high performance through the lens of successful organizations like Pixar, known for their healthy, resilient corporate culture. This episode of the Razorwire Podcast highlights how de-stigmatizing failure and treating mistakes as learning opportunities can lead to greater success. Learn how these principles can be applied within the information security industry to foster a culture that not only supports but also thrives on the inevitable challenges and mistakes inherent in cybersecurity work.
|
By Razorthorn
Understanding Allostatic Load: The Cumulative Stress in Cybersecurity | Razorthorn Security Explore the concept of allostatic load—the cumulative stress that affects cybersecurity professionals not just at work, but across all aspects of life. This episode of the Razorwire Podcast dives into how personal and professional stresses compound, impacting overall health and work performance. Discover why recognizing and managing this cumulative stress is crucial for maintaining mental and physical health, and why the cybersecurity industry needs to provide better support and tools for self-care.
- May 2024 (5)
- April 2024 (24)
- March 2024 (18)
- February 2024 (17)
- January 2024 (16)
- December 2023 (21)
- November 2023 (20)
- October 2023 (15)
- September 2023 (23)
- August 2023 (17)
- July 2023 (19)
- June 2023 (24)
- May 2023 (19)
- April 2023 (10)
- March 2023 (21)
- February 2023 (23)
- January 2023 (1)
- December 2022 (2)
- November 2022 (13)
- October 2022 (4)
- September 2022 (1)
- August 2022 (3)
- July 2022 (4)
- June 2022 (2)
- April 2022 (3)
- February 2022 (3)
- January 2022 (4)
- October 2021 (1)
- August 2021 (2)
- July 2021 (3)
- June 2021 (5)
- May 2021 (5)
- April 2021 (1)
- March 2021 (1)
- October 2020 (1)
- May 2020 (1)
- April 2020 (1)
Razorthorn has a single purpose: to defend business-critical data and applications from cyber attacks and internal threats. Founded in 2007, Razorthorn has been delivering expert security consulting and testing services to some of the largest and most influential organisations in the world, including many in the Fortune 500.
Leaders in Cyber Intelligence:
- Cyber Security Consultancy: Delivering professional and dedicated consultants to our clients, we are specialists in all areas of cyber security consulting. Whether you need help with cyber security compliance or require CISO services, we work closely with our clients to provide short term or ongoing support, in line with your requirements and budget.
- Cyber Security Testing: It is essential to test your cyber security posture regularly, whether it’s a requirement for compliance or to ensure you are getting value for money from your cyber security solutions. In addition to pen testing, Razorthorn offer a comprehensive suite of cyber security testing services to ensure your data and business reputation is as secure as possible.
- Managed Services: We provide 24/7 managed cyber security services, working as an extension to your in house team or as your dedicated managed services partner. You will benefit from the skills and expertise of our team, the cost efficiency and flexibility that comes with outsourcing to a specialist service provider.
- Cyber Security Solutions: We work in partnership with hand-picked, industry leading solution providers, carefully selected for quality, effectiveness and to complement the services we offer.
Defending businesses against cyber attacks since 2007.