CSIDB in 2025: a new “At a glance” dashboard, and a quieter (but productive) New Year
Every January I normally publish an annual “state of the database” write-up with charts and headline figures (last year’s post is a good example). This year, I’ve changed the format.
Instead of me picking a handful of stats and presenting them one way, CSIDB now has a new interactive dashboard …
Cyber Incident Breakdown for 2024
It's that time of year where we get the opportunity to look back on 2024.
The year 2024 presented a dynamic landscape of cyber threats and responses. With an increasing reliance on digital systems across industries, the challenges of securing sensitive data and critical infrastructure became more pronounced. Below, …
Latest CSIDB updates: There are many.
Over the past few months, I’ve been working on enhancing CSIDB (csidb.net) to deliver a more intuitive, insightful, and future-proofed threat intelligence experience. My recent updates are all about streamlining workflows, improving clarity, and aligning more closely with industry standards for cyber threat intelligence. Below, with the assistance of some …
Cybersecurity Mesh Architecture and the Move to Platformization
As the complexity of digital infrastructures grows, businesses are increasingly turning towards modular and scalable cybersecurity solutions to meet their evolving needs. Two pivotal frameworks driving this shift are the Cybersecurity Mesh Architecture (CSMA) and Platformization. These approaches are transforming how organisations protect their assets and manage their security tools, …
Quantum Resistant Cryptography: Preparing for a Post-Quantum Future
The advent of quantum computing represents a seismic shift in the field of cryptography. While quantum computers promise to revolutionise various industries with their immense computational power, they also pose a significant threat to the cryptographic systems that currently secure our digital communications and data. Traditional encryption methods, such as …
SaaS Security Posture Management (SSPM): An Essential Strategy for Modern Enterprises
The proliferation of Software as a Service (SaaS) applications has transformed the way businesses operate, offering unmatched flexibility, scalability, and efficiency. However, this shift has also introduced a complex and expansive attack surface that traditional cybersecurity tools are ill-equipped to manage. In response, SaaS Security Posture Management (SSPM) has emerged …
UK's New Cyber Security and Resilience Bill: A Step Towards Stronger Defences
In a bid to bolster its defences against the rising tide of cyber threats, the UK government has recently unveiled the Cyber Security and Resilience (CSR) Bill. This legislation aims to address critical gaps in the country's cyber defences and enhance its resilience against an ever-evolving landscape of cyberattacks. With …
Cyber Security Certification in 2024: Paths to Success in Defensive, Offensive, and Managerial Roles
The landscape of cyber security certifications is more robust and diverse than ever, catering to a wide range of career paths in defensive (blue team), offensive (red team), and managerial roles. When I say vast I mean vast.. there are close to 500 certifications available in many different disciplines (e.g. …
Social Engineering: The Human Element of Cyber Attacks
The term "cybersecurity" often evokes images of hackers breaking into systems through sophisticated coding and technical prowess. However, one of the most significant threats to cybersecurity isn't a piece of malicious software or a network vulnerability; it's the human element. Social engineering, the manipulation of individuals to divulge confidential …
Securing Remote Work: Best Practices for a Hybrid Workforce
The hybrid workforce model has become increasingly popular, blending remote and in-office work to offer flexibility and maintain productivity. While this model provides numerous benefits, it also introduces new challenges, particularly in terms of cybersecurity. As employees access company resources from various locations, organisations must ensure that their data …
The Role of Blockchain in Cybersecurity
With the increasing number of cyber threats and attacks, traditional security measures often fall short. Enter blockchain technology—a revolutionary approach that promises to transform the landscape of cybersecurity. Initially designed as the backbone of cryptocurrencies like Bitcoin, blockchain has proven to have vast potential beyond financial applications. Its decentralised, transparent, …
Ethical Dilemmas in Cybersecurity
Cybersecurity professionals face numerous ethical dilemmas and difficult decisions. These challenges are compounded by the rapid evolution of cyber threats and the critical need to balance security with privacy, legality, and ethical considerations. This article explores some of the most pressing ethical dilemmas and the complexities involved in making decisions …
Top 10 Cyber Security Incidents of the 21st Century
As technology has advanced, so too have the tactics and scale of cyber security incidents. The 21st century has witnessed a significant escalation in both the frequency and sophistication of cyber attacks, affecting individuals, corporations, and governments worldwide. These incidents have caused widespread disruption, financial losses, and in some cases, …
NIST Standards in Cyber Security: A Comprehensive Overview
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. NIST's mission is to promote innovation and industrial competitiveness by advancing measurement science, standards, and technology. In the realm of cyber security, NIST plays a critical role by developing guidelines, standards, …
7 Threat Intelligence Frameworks, Standards & Technologies You Should Know About Today
Cyber threats evolve with unprecedented speed and organizations must remain vigilant to safeguard their digital assets. Threat Intelligence frameworks, standards and technologies play a pivotal role in identifying, understanding, and mitigating these threats. This article delves into some of the prominent Threat Intelligence enablers, including STIX, TAXII, OpenIOC, and others, …
Adapting Ransomware Techniques 2024
Ransomware, once a relatively simple cyber threat that involved encrypting files and demanding payment for their release, has evolved dramatically over the years. The increasing sophistication of these attacks, fueled by technological advancements and strategic innovations by cybercriminals, poses significant challenges for individuals, organizations, and cybersecurity professionals. In 2024, …
Hacking Large Language Models (LLMs): An Analysis
Large Language Models (LLMs) like GPT-4 are revolutionary tools that have transformed various domains, from content generation to customer service automation. However, as with any powerful technology, they come with their own set of vulnerabilities. This article explores the concept of hacking LLMs, focusing on techniques, defenses, and implications, drawing …
API Security in 2024
As we navigate through 2024, API security has emerged as a critical area of focus for organizations worldwide. The rapid expansion of digital services, coupled with the increasing reliance on APIs for seamless integration and communication, has necessitated a robust and comprehensive approach to API security. This article delves …
Understanding Cloud-Native Application Protection Platforms (CNAPP)
Cloud-Native Application Protection Platforms (CNAPPs) represent the next evolution in cloud security, integrating various security and compliance capabilities into a unified platform to safeguard cloud-native applications throughout their lifecycle. According to Gartner, CNAPPs "are a unified and tightly integrated set of security and compliance capabilities designed to secure and protect …
The Strategic Imperative of Microsegmentation in Modern Cybersecurity
In today's rapidly evolving digital landscape, where hybrid and multi-cloud environments have become the norm, traditional perimeter-based security measures are no longer sufficient. This shift has necessitated a more granular approach to network security, known as microsegmentation. This technique not only enhances security postures but also aligns with the principles …
