In Q2 2022, Kroll observed a 90% increase in attacks against the health care sector in comparison with Q1 2022, making it the most affected sector during this period. While this may signal the official end of the pandemic-era “truce” that many cybercriminals promised at the onset of COVID-19, threat actors are continuing to leverage other hallmarks of the pandemic, such as remote work access, to gain a foothold into victim networks.

In this blog post, we outline what continuous penetration testing is, how it works and how it can help improve your cyber security.

The National Institute of Standards and Technology (NIST) recently updated its guidance to offer support for key practices and approaches involved in successful cyber security supply chain risk management (C-SCRM). In this blog post, we provide an overview of the update and what it means for organisations.

Kroll Responder MDR has been recognised as the Best Managed Security Service at the SC Awards 2022. The results were announced at the awards’ first live celebration in three years, at a ceremony held at the London Marriott, Grosvenor Square. We were also finalists in the Best Incident Response Solution category. The SC Awards celebrate the cyber security products and services that continue to stand out from the crowd and exceed customer expectations.

In this blog post, we outline some of the most common types and the steps organisations should take to defend themselves.

The success of incident response relies on a comprehensive and robust incident response plan. In this blog post, we give an overview of what incident response planning involves and the key steps that make up an effective incident response plan.

Drawing on over three decades’ experience in penetration testing for global organisations of all sizes, this webinar outlines some of the most common attack methods in use today and shares effective approaches for tackling them. The session on will detail the most effective security controls to prevent and mitigate common types of cyber-attacks.

This, as well as other notable threats from the previous quarter, are discussed in the report, Q1 2022 Threat Landscape: Threat Actors Target Email for Access and Extortion.

But if your organisation hasn’t commissioned a pen test before, you might be wondering what’s actually involved. Read on to learn about the key penetration testing steps we follow.

In Q1 2022, Kroll observed an 54% increase in phishing attacks being used for initial access when compared to Q4 2021. For the first time since the Microsoft Exchange vulnerabilities in Q1 2021, email compromise surpassed ransomware as the top threat incident type observed.