Cybersprint Blog

In our previous blogs to this open directory series, we talked about what open directories are and why they pose a risk, and how we set up our own research into the extent of the issue. That also featured a sneak peek into the results. Now that we have presented the findings in our webinar, this article will cover the statistics and most striking examples. And most importantly: what are our conclusions and tips to make your own directories data leak free?

In our previous blog, we explained what open directories are and how they can result in a data leak. As mentioned there, we conducted research into the risks of open directories ourselves, to see the extent of the problem. We’ll go into the method and preliminary results of that research here, while leaving the most telling examples and conclusions for our webinar on Wednesday 1 December.

Shadow IT has long been a problem for organisations. Formal IT is routed through the IT department, where it’s approved, purchased, set up, and, importantly, supported and maintained. Shadow IT falls outside this process, and is normally split into two categories: / Systems that the IT department doesn’t know about. / Systems the IT department knows about but needs to keep running as they are integral to business operations. The second category is the real Shadow IT and the biggest problem for businesses. So how can you protect your business from the perils of shadow IT? Here are Pieter's six steps.

Open directories are like online file storing systems to access files remotely. A directory works like a digital filing cabinet, organising folders and files such as invoices, back-ups, important mail, IP, and more. Having this operate via the cloud means you can access your files from anywhere. However, some directories lack security, also known as open directories, and are accessible to more people than you would like.

Cookie settings, cookie banners, cookie consent… You are asked to review and agree with a website’s cookie settings whenever you visit it for the first time. Some of that data is necessary or anonymous, some is not. And it’s not always easy to set up and manage, as we’ve recently experienced ourselves. This blog aims to clarify the different cookie settings and regulations, hopefully helping you to tackle similar challenges. What exactly do you need to keep in mind when managing your website’s cookie settings?

The practice of logging has come a long way over the past few years. It started as a way to demonstrate regulatory compliance and to provide evidence in legal processes, but it has now evolved into being a norm for best security practice and governance evaluation. So what are the most important aspects? How do you start and maintain oversight over your logging capabilities?

The name itself says it already: organisations in the critical infrastructure are vital in the services they provide in society. Should something go wrong in their daily operations, it can have severe consequences and disrupt individual people and other companies. That doesn’t necessarily mean they are more often targeted in (cyber-)attacks, but it does pose an extra reason to prevent any successful attack. Such organisations have often been in charge of their own cybersecurity, guided by regulations. Now though, authorities in the EU are starting to intensify their watchful eyes with the RCE directive. What is the EU RCE? And how should critical infrastructure organisations prepare?

More organisations in the Netherlands recognise the need for an active approach to stay in control over their attack surfaces in order to mitigate risks. Every organisation is able to create their own IT security governance and processes. Now, though, a new standard might be introduced in the form of an annual, mandatory IT audit. Is this a development helping businesses further? Or one that doesn’t really add anything other than paperwork?

How safe your organisation is from a cybersecurity point of view depends on a lot of factors. Not only should your private and confidential data be kept private and confidential through a plethora of technical defenses, there are also, among others, many processes such as for IT governance and incident response to consider. How your organisation deals with all these challenges determines its cybersecurity maturity. But why is determining this maturity level important?