About the study: This study is based on publicly available data up to Q3 2023 and aims to outline the various active Vulnerability Disclosure initiatives within the 100 largest banks and the EU countries. Bug Bounty? A Bug Bounty program…
Category: Cybersecurity & Digital Trust
Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or…
During the Wavestone OT Cyber Day, Loïc Lebain and Benoit Bouffard conducted a workshop in which they noted that IT departments were still struggling to develop a catalogue of cybersecurity solutions for OT. Based on their experience with our customers,…
Containers represent an opportunity for rapid, flexible, and efficient application deployment. In 2019, 84% of production infrastructures were already using containers[1]. As it is often the case, this massive adoption has taken place without the integration of Cybersecurity teams, sometimes…
Securing privileged access through access management is vital because it ensures that an organisation’s people are only granted access to what they need to do their jobs, and only for the period for which they need it. Access management also allows…
“Talent shortage”, “skills gap”, “employee burnout in cybersecurity”, “high turnover rate” – as a cybersecurity professional, you must be familiar with these expressions, for better or for worse. You may have seen the big headlines pointing out talent shortage issues…
The PIPL (Personal Information Protection Law) has emerged as an unprecedented first example of highly protective regulation of personal data, establishing an uncertain framework that reinforces China's control. Despite recent clarifications from China’s authorities, the centralisation of information systems continues…
China may soon ease PIPL cross-border data transfer requirements, but your privacy compliance strategy should focus on the long term. Your company operates in China. You compile personal data relating to your Chinese employees and transfer them to your headquarters…
The industrial control system (ICS) is the set of resources and machines used to supervise and control an industrial process. This article looks at the security issues surrounding Windows devices of the ICS supervision and maintenance layer: SCADA servers and…
Confidential and strategic, the due diligence phase that precedes an acquisition regularly takes place behind closed doors. This phase aims to analyse the target company for an acquisition, in order to determine its level of maturity and compliance on various…