While a company’s information security controls and policies aim to keep its sensitive data secure, what does that mean in practice? Or, put another way, how can security teams determine whether the information and assets under their purview are actually secure? Confidentiality, integrity and availability, collectively known as the CIA triad, is a model designed to guide a company’s information … Read More
What is integrity in cyber security?
Integrity in cyber security is one of the key components of the CIA triad of confidentiality, integrity, and availability. Every security control and vulnerability can be viewed in relation to one or more of the three concepts. In order for a security program to be deemed comprehensive and complete, it must address all three components of the CIA triad. More on … Read More
What are cloud security metrics?
Cloud migration has surged in recent years, with an estimated 94% of companies adopting cloud services as of 2022. Predictably, cybercriminals have capitalised on this rapid shift to the cloud, and have turned their attention to finding ways to infiltrate the cyber security defences of cloud service providers. Unfortunately, as their sensitive data, applications, servers, and other assets are stored … Read More
What are information security standards?
An information security standard is a series of documented processes that define how to implement, manage, and monitor various security controls. As well as providing a blueprint for mitigating risk and reducing vulnerabilities, cybersecurity standards and cybersecurity frameworks typically detail the necessary steps for achieving regulatory compliance. Let’s look at information security standards, why they’re important, and the consequences of failing … Read More
What is Data Exfiltration?
Data exfiltration is a type of security breach that occurs when a company or individual’s data is retrieved, transferred, or copied from a server or computer without authorisation. Cybercriminals are usually responsible for data exfiltration by stealing data from corporate or personal devices, such as mobile phones or computers, using various data exfiltration attack methods. Another definition of data exfiltration … Read More
How does the Digital Operational Resilience Act (DORA) affect you?
RiskXchange can help you stay on the right side of data privacy regulations anywhere in the world. The ever-increasing risk of cyberattack has prompted the EU to adopt a legislation to improve the cybersecurity and operational resiliency of the financial services sector – the DORA act. The Digital Operational Resilience (DORA) Act was implemented to ensure that the European financial sector is able to remain … Read More
How to avoid a baiting attack
Social engineering attacks are one of the most significant threats to an organisation’s information security. So much so that a staggering 98% of cyberattacks involve some social engineering component. One of the social attacks favoured by cybercriminals is known as baiting. In this article, we look at baiting attacks and how to avoid them. What is a Baiting Attack? Baiting … Read More
How to prevent a pharming attack & what it involves
A recent study has revealed that 88% of organisations worldwide have suffered a DNS attack in the past year. More alarmingly, each organisation experienced seven attacks on average – at $942,000 (£836,000) per attack. One of the most common forms of attack on DNS servers is known as pharming. Let’s explore what a pharming attack is, how they occur, … Read More
Data leakage prevention – 3 simple steps
What is data leakage? The simple answer is when sensitive data is purposely or accidentally leaked. This could mean, in a variety of ways, from data being exposed on the internet, physically or via lost laptops or hard drives. Data leakage could allow cybercriminals unauthorised access to sensitive data without much effort. So, knowing data leakage prevention steps your organisation … Read More