What is the NIST framework?

What is a NIST framework

RiskXchange will not only help you understand the NIST framework but will find a cybersecurity framework that works for you and your business. Published by the US National Institute of Standards and Technology (NIST), the NIST cybersecurity framework is a set of guidelines used for mitigating organisational cybersecurity risks. The framework is based on existing guidelines, standards, and practices.   The NIST framework provides … Read More

How malware has evolved over time 

How malware has evolved over time 

One of the key reasons that organisations of all sizes can’t take their cybersecurity for granted is that nothing stays still for long. The methods that cybercriminals use to breach organisations’ defences and steal or compromise their sensitive data constantly evolve and grow increasingly sophisticated – and this is especially true of malware. To understand how to protect yourself from cyber … Read More

How to prevent a pharming attack

How to prevent a pharming attack

A recent study has revealed that 88% of organisations worldwide have suffered a DNS attack in the past year. More alarmingly, each organisation experienced seven attacks on average – at $942,000 (£836,000) per attack. One of the most common forms of attack on DNS servers is known as pharming.   Let’s explore what a pharming attack is, how they occur, … Read More

What are vulnerability management tools for? 

What are vulnerability management tools for

Vulnerability management tools are security applications that scan networks and software to identify weaknesses that malicious actors can exploit. Once a scan pinpoints a weakness, the vulnerability software initiates or recommends remediation action, which reduces the risk of attack.  Vulnerability management tools incorporated alongside other security measures are key for businesses to not only prioritise possible threats but to minimise attack surfaces … Read More

What is killware and how it can threaten your organisation

What is killware and how it can threaten your organisation

Cyberattacks are appearing in a new guise, in the form of killware. Killware is a code or program that deploys on machines with the sole intention of causing harm to people. As the name suggests, its aim is to kill. This deadly malware is, unfortunately, a growing threat right around the world.  Killware attacks might sound strange to some, but they’ve … Read More

How to protect yourself from a cyber threat

Cyber threat

Cybersecurity or cyber threat is an intentional act designed to steal data, damage data or disrupt daily digital life. Cyber threats can range anywhere from data breaches or viruses to Denial of Service (DoS) attacks and other kinds of attacks.   Cyber threats can refer to cyberattacks that have caused widespread disruption, damage or destruction. They can also be classed as those that allow hackers … Read More

How to build a crisis communication plan for cyber threats 

Crisis communication plan for cyber threats

In today’s digital age, cyber threats are a potential crisis that hovers over every organisation – regardless of industry, size, or prominence. That’s why eevry organisation needs to have a crisis communication plan for cyber threats.  A crisis caused by a cyber attack can be debilitating: it’s not simply a case of your computer systems being compromised; they can infiltrate … Read More

Utility Sector Cybersecurity Risks — And What Can Be Done About Them 

Utilities cybersecurity

An increasingly dangerous cyber threat landscape poses a risk to critical national infrastructure, particularly in the utility sector. Any kind of large-scale disruptive attack will cause a massive impact on government and corporate systems. Just last year, a double-extortion ransomware attack on Colonial Pipeline, a private fuel provider servicing the East Coast, caused a shutdown of its pipeline operation and IT systems. … Read More

Log4j zero day vulnerability: How to protect yourself

Log4j zero day vulnerability

The Log4j zero day vulnerability (CVE-2021-44228) is a remote code execution (RCE) vulnerability that allows malicious actors to take complete control of vulnerable devices and execute arbitrary code.  The Log4j 0-day vulnerability has to date, been detected in more than 3 million vulnerable instances. Researchers also found that nearly 68,000 vulnerabilities were present in cloud workloads and containers within the … Read More