Cybersprint Blog

In recent blog posts we’ve discussed the need to understand how your attack surface affects your risk and highlighted three areas that regularly slip under the radar when trying to analyse the true extent of that attack surface. The answer to both these challenges is attack surface management, and in this blog we’re going to focus on what that looks like.

As we mentioned in our previous blog, your attack surface is a constantly evolving source of risks. This is compounded by the fact that most financial services companies can only see a portion of their attack surface – we believe they’re missing 30 to 50 percent.

Your attack surface is the sum of the exposed and internet-facing assets, and the associated risks a hacker can exploit to carry out a cyber-attack. Over the past decade or so, that attack surface has changed dramatically. Long gone are the days when the only things exposed to the outside world were your website and your mail server. Today, increased complexity means that many financial services organisations often have huge attack surfaces – in fact, we believe that the attack surface has grown by around 1000% in the past 10 years.

The need for cybersecurity is shared by organisations in all markets. Every business has valuable data to protect and operations to maintain. Yet, no organisation is completely risk-free - that is impossible to achieve anyway. Luckily, they don’t have to be. Not all risks have the same potential impact. Some are accepted and need no further action, while others need to be prioritised. It’s these high-risk assets that need attention.

API security is one of those essential elements, as it’s rooted in so many processes. Yet, it’s still easily overlooked. API security needs a second component to be effective. In this insight, I will outline what that is and why you need it.

There is no one solution to completely secure your organisation. Just as there are many different ways a criminal can plan his attack, there are many different approaches to how you can orchestrate your defense. However, you can talk to different experts, and they probably all advise on different focus points. That’s why we invited three knowledge cybersecurity specialists from three very different backgrounds to share their experiences and tips.

The Hague is the administrative and political capital of the Netherlands. International city of peace, justice and security. As far as the latter is concerned, it is not just about physical safety, but increasingly also about digital safety or cyber security. The municipality of The Hague has high ambitions when it comes to cyber security and improving digital services. The desire to digitise is inextricably linked to cyber security: the more processes go digital, the more important it is to ensure they are secure.

It’s been two weeks since Microsoft released a patch for the Exchange vulnerabilities. For many, the dust has settled. Others are still fighting fires. Today, I’d like to look back at some of the problems we saw. Some were expected, other surprised us. I’ll go over them, and give tips on how these problems can be avoided in the future.

Today, supply chain attacks are as abundant as they are elusive. However, as many parties communicate about the dangers and their technical solutions, not much is said about the basics of supply chains attacks. I have written this article based on my personal experiences knowledge on the subject. I hope it answers most of your questions about the topic, so that you have a solid basis to expand your supply chain security from.