Using more security products won’t solve your cyber security problem

November 19, 2021|

Have you ever run into this scenario: there is a yearly audit on the security posture of the organization and this requires certain measures to be in place. However, everyone within the security department knows that that one specific measure (let’s name it checkbox alpha) is not actually in place.

Don’t just cry wolf – Avoid alarm fatigue, use continuous validation

September 30, 2021|

A one-off vulnerability assessment or automated penetration test may serve to raise awareness to gain focus. Still, it also bears a risk of fatigue in that it usually raises a seemingly insurmountably large heap of issues. If you're seeking to take control of and improve an existing situation, don't look once.

The Hafnium lessons from the ON2IT SOC team

March 22, 2021|

The clock started ticking for the sysadmins of the hundreds of thousands of Exchange servers around the world (and their risk officers or CISO’s). Exploits had been seen as early as January, so from March 2 onward the only safe assumption is that an unpatched Exchange server is a breached server.

How a fitness app became a matter of international security

March 26, 2019|

By combining the Polar Flow data with social media profiles and other public information, Dutch journalists, together with the Bellingcat network for citizen journalism, were able to find names, addresses and photos of no less than 6460 individuals.

Why being hacked can be a good thing

March 11, 2019|

Are you aware of the key players in the BAS-marketplace? Don’t feel too bad, because Breach and Attack Simulation (BAS) has only recently entered the mainstream in cybersecurity.