FAQs on how to prepare for, prevent or detect a hack
On 30 July 2020, NCC Group Australia held a webinar on Cyber incident Response Planning, explaining how to prepare for, prevent or detect a hack. This blog provides responses to the Q&A questions asked by attendees during the webinar.
Webinar: Breaking Free From the Hamster Wheel of Third-Party Risk Management
Editor’s note: Looking to get more out of your Third Party Risk Management Program? Be sure to register for our upcoming webinar, “Breaking Free From the Hamster Wheel of Third-Party Risk Management”.
Risk vs cost: cyber in the face of economic uncertainty
As the Covid recession starts to bite, many organisations will be looking at ways to reduce their costs. Cyber security, beyond pure compliance activities, can often be seen by CFOs as purely a cost, making it a prime candidate for the review and ultimate reduction or removal. But recent research by Portsmouth University in the UK has shown that as GDP falls, criminal activity, including fraud, ri
APRA’s CPS 234 and Supply Chain Compliance: FAQs
In June 2020, we hosted a webinar on APRA’s CPS 234 Information Security Standard (“CPS 234”), addressing supply chain risk management and compliance, as well as how to apply for the deadline extension. We have provided responses below to the questions asked by attendees on CPS 234 compliance and the process for ensuring that supply chain risk is managed effectively.
Hospitals and ransomware: The human cost of weak cybersecurity
In our latest blog we investigate why healthcare organisations are a prime target for ransomware attacks and provides guidance on how to best deal with an attack.
Easing lockdown - UK hospitality starts to open for business
The gradual relaxation of lockdown restrictions brings opportunity and complexity as businesses get ready to reopen their doors in a new way in order to keep staff and customers safe and secure. As we navigate new challenges and adapt to new working procedures, it is important to ensure that we continue to prioritise people’s privacy and that data protection legislation is adhered to.
The road to a successful implementation of SIEM and SOC
Having a SIEM solution or a managed SOC in place can be hugely rewarding, providing you with “eyes and ears” on what happens on your systems and network, while supporting your ongoing compliance efforts. But it can also be an extra expense that does not live up to your expectations, providing little true value, or even worse: a false sense of security.
Three Important Nuances of the CCPA
The California Consumer Privacy Act (CCPA) became a law about two (2) years ago and went into effect January 1, 2020. Since then, the CCPA has undergone some proposed changes that have recently been f
On the Road to Zero Trust in Transport: Introducing Automotive Ethernet
As part of our Always On, Always Here campaign, Security Consultant, Liz James, explains how Automotive Ethernet can make connected vehicles safer and more secure by providing opportunities for zero trust.
When assessing a third-party, is a SOC 2 report enough?
Editor’s note: NCC Group and Privva work together to help organizations improve their third party risk management (TPRM) processes, combining Privva’s vendor risk assessment platform and NCC Group’s p
Exploring deepfake capabilities and mitigation strategies with University College London
In this research blog Matt Lewis, research director at NCC Group, gives an overview of his work exploring deepfake capabilities and mitigation strategies with University College London.
Are you FedRAMP Ready?
For Cloud Service Providers (CSPs) with dreams of seeing their Cloud Service Offering (CSO) in use by all federal agencies, FedRAMP Ready will be essential. We've put some thoughts together on what organisations need to consider when taking on a FedRAMP Readiness assessment.