Who would have known that locking your employees in a room for 15 minutes could become their new favorite way to learn about cybersecurity? In a never-ending quest to find innovative ways to raise awareness on cybersecurity topics, the Wavestone team…
Regularly rethinking your cyber strategy is a must for cybersecurity teams. Changes in the threat, regulations, business priorities, etc., necessitate an in-depth review of the action plan at least once every three years, or yearly, if necessary. To accomplish this,…
In our last Assume Breach engagement, the client gave us a domain-joined computer and a VPN access telling it was the only option to access the internal domain. Other computers would be able to access to some resources using specific…
Once again, the CERT-W 2022 report confirms that the main motivation of attackers continues to be financial gain and ransomware remains the most common means of extortion. Ransomware attacks are among the most severe cyberattacks in terms of their impact on…
FOCUS TECH BRING YOUR OWN VULNERABLE KERNEL DRIVER (BYOVKD) Facing the EDR behavioral supervision, attacker develops techniques for successful attacks by staying under the radars. One of these techniques is called BYOVKD: Bring Your Own Vulnerable Kernel Driver. Even if…
The encryption of data in transit and at rest now makes it possible to ensure a good level of security. For data being processed, a solution is now emerging confidential computing. I had the opportunity to organize a round table…
Dashboards are an essential tool for CISOs to measure and control risks in their scope, to steer their projects and to inform their management of the company’s cyber health evolution. However, according to Wavestone’s Cyber benchmark results from 2022, 47%…
EDITO What are the supply chain threats? What’s a picture of the current situation? Since 2019, there has been a growing focus on third-party attacks. With good reason: CyberArck estimates in a study from 2022 that 71% of organizations suffered…
Introduced just over 10 years ago by Forrester, Zero Trust is a security philosophy that starts from the premise that the cyber threat is omnipresent, both outside and inside the IS, and consequently proposes an access management strategy based on…
During protests in Philadelphia towards the end of May 2020, two police vehicles were set on fire. Photos of the event posted on Instagram and cross-referencing of aliases, visible on Etsy, Poshmark and LinkedIn, will lead[1] an FBI investigator to…
