Razorthorn

  |  By Steven Kenyon
Companies must prioritise a comprehensive and proactive approach to network security. Among the most effective strategies to ensure robust defence mechanisms is rigorous penetration testing. By adopting an “assumed breach” mentality, organisations can better prepare for potential attacks, ensuring they are not merely reacting to threats but actively preventing them.
  |  By Michael Aguilera
In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.
  |  By James Rees
Recently, Computer Weekly released an article entitled “Budgets Rise As IT Decision Makers Ramp Up Cybersecurity Spending” on 18th March 2024. It was an interesting article as it cited a number of stats that showed that IT departments plan to increase their cybersecurity budget and that globally 65% of organisations were going to spend more on cybersecurity.
  |  By David Tattersall
The Payment Card Industry Data Security Standard (PCI DSS) was published over 15 years ago and in that time has undergone a series of revisions as technology, the threat landscape and information security best practices have changed.
  |  By James Rees
The recent LockBit group take down has shown the world at large the cost of cybercrime. Initially it was reported that just over $100 million had been gathered through the nefarious acts of this particular group but, as I suspected, that initial figure was just a drop in the ocean. It turns out that the real figure was in excess of $1 billion dollars over the last four years, and I still suspect this may be more.
  |  By James Rees
Over the last few weeks I have been catching up with a number of my cybersecurity contacts, primarily engaging with them for new content on our increasingly popular Razorwire podcast. During these conversations, as tends to happen during at this time of year, one of the things I have discussed with these professionals is what are (in their view) some key cybersecurity trends for 2024?
  |  By James Rees
A big requirement that all European based organisations (or organisations that want to deal with the EU) must be aware of is the new DORA legislation coming in to effect in January 2025, and with just a year to implement your strategies, it’s worthwhile reviewing how you measure up now so that you have the time to ensure you comply before the deadline.
  |  By Shauli Zacks
In SafetyDetectives‘ recent interview with James Rees, the Managing Director of Razorthorn Security, he provided insights into the company’s unique approach to cybersecurity consultancy and its evolution in response to the changing landscape. Established 17 years ago during a period of upheaval in the information security field, Razorthorn Security prioritizes customer satisfaction, fostering a customer-centric approach that has contributed to a high client retention rate.
  |  By James Rees
We live in a business world where vast amounts of our critical services are delivered to us as a service. The world of on premise solutions has all but disappeared – sure, there are still some systems that operate on premise but these days, more key services are delivered to users and organisations as a service solution. This has increased profitability, allowed small companies to gain access to software and systems that previously were out of reach and has dealt a significant blow to piracy.
  |  By James Rees
Here we are, at the end of 2023. It’s high time for updating defence in depth strategies across all organisations, and let me tell you why. We’re all aware of the uptick in high profile cyber attacks and compromises, across all sectors. Ransomware specifically has caused more economic loss and pain for the business world than any other information security event previously, and attacks are speeding up at a steady rate with larger and larger targets and ransoms being asked.
  |  By Razorthorn
As remote work becomes the norm, organisations face new challenges in securing devices outside the office. This clip discusses the return to host-based security and the importance of robust endpoint security measures backed by logs and alerts. Learn how to adapt your security strategies for remote environments where device locations are unknown.
  |  By Razorthorn
With the rise of remote work, ensuring that employees are actually working from secure locations is more crucial than ever. This clip discusses the trust issues and risks associated with employees working from unapproved locations, highlighting the need for robust IT asset management and security protocols to protect sensitive data.
  |  By Razorthorn
This clip explores the delicate balance between trust and control in managing third-party vendors. With only large corporations often able to conduct thorough audits, many organisations must rely on paper audits and trust the provided responses. Understand the limitations and strategies for ensuring security when physical audits aren't feasible.
  |  By Razorthorn
Discover why balancing trust and control is essential in cybersecurity. Our hosts discuss the complexities of protecting against phishing attacks, especially with advanced tools like ChatGPT that make scams harder to detect. Learn how combining trust with effective controls can help detect anomalies and safeguard your organisation against targeted attacks.
  |  By Razorthorn
In this thought-provoking clip, the hosts debate whether security awareness training is enough to prevent users from falling for phishing scams or if stronger controls are necessary. Drawing on insights from a recent NCSC blog, they explore the ethical dilemma of assigning blame when users, despite training, click on malicious email attachments. Should the onus be on the end user, or is it a failure of security controls? Tune in to understand the complexities of balancing trust and control in cybersecurity.
  |  By Razorthorn
Welcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem. Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice.
  |  By Razorthorn
In this insightful clip, our host delves into the common misconception that trust in suppliers and staff is sufficient for cybersecurity. Highlighting the adage 'trust is good, but control is better,' the discussion emphasises the necessity of implementing robust controls to detect and manage breaches of trust. Learn why regular assessments and monitoring are critical to safeguarding your organisation from potential failures in this must-watch segment.
  |  By Razorthorn
Amy Stokes-Waters sheds light on the disconnect between technology enthusiasts and the general public's interest in tech, specifically AI advancements. In this engaging clip, Amy discusses the challenge of communicating complex tech concepts, like AI-generated content, to those outside the IT sphere. She emphasizes the need for better education on technologies that are reshaping our media landscape. Dive into this discussion to understand why simplifying tech talk is essential for broader awareness and acceptance.
  |  By Razorthorn
Amy Stokes-Waters critiques the unrealistic expectations in cybersecurity job descriptions, highlighting a significant industry challenge. Discover why demanding expertise in both SOC operations and pen testing for a single role, with insufficient compensation, exacerbates the talent gap. This clip exposes the harsh realities of the cybersecurity job market and the need for more realistic hiring practices to attract and retain skilled professionals.
  |  By Razorthorn
Join Amy Stokes-Waters as she discusses the significant shifts in how cybersecurity is perceived over the last five years, highlighting a persistent challenge in funding. Despite spending $450 billion on information security, the scale of criminal activity, valued at $9.5 trillion, suggests a dire need for increased investment. This clip explores the financial discrepancies and emphasizes why robust funding is crucial to effectively combat cyber threats.

Razorthorn has a single purpose: to defend business-critical data and applications from cyber attacks and internal threats. Founded in 2007, Razorthorn has been delivering expert security consulting and testing services to some of the largest and most influential organisations in the world, including many in the Fortune 500.

Leaders in Cyber Intelligence:

  • Cyber Security Consultancy: Delivering professional and dedicated consultants to our clients, we are specialists in all areas of cyber security consulting. Whether you need help with cyber security compliance or require CISO services, we work closely with our clients to provide short term or ongoing support, in line with your requirements and budget.
  • Cyber Security Testing: It is essential to test your cyber security posture regularly, whether it’s a requirement for compliance or to ensure you are getting value for money from your cyber security solutions. In addition to pen testing, Razorthorn offer a comprehensive suite of cyber security testing services to ensure your data and business reputation is as secure as possible.
  • Managed Services: We provide 24/7 managed cyber security services, working as an extension to your in house team or as your dedicated managed services partner. You will benefit from the skills and expertise of our team, the cost efficiency and flexibility that comes with outsourcing to a specialist service provider.
  • Cyber Security Solutions: We work in partnership with hand-picked, industry leading solution providers, carefully selected for quality, effectiveness and to complement the services we offer.

Defending businesses against cyber attacks since 2007.