Large organisations are facing unprecedented change, such as adapting to remote working and managing operational risk in a post-pandemic world. Identity & access management (IAM) – the provision and verification of identities and their access rights – is once again…
Organising a cyber crisis exercise is not an easy task. From the preparation to the D-Day, a lot of unforeseen events can occur and the preparation teams need to remain a step ahead of the players. This article will break down the steps to a successful cyber crisis exercise…
DECRYPTION CYBER CRIMINAL NETWORK DISMANTELING The last 6 months, large-scale coordinated international actions have dismantled several of the biggest cybercriminal networks such as Emotet, Netwalker, Egregor or even Cl0p. Let’s have a closer look at some of them. What is Emotet?…
Due to the ever-growing use of certificates in modern applications, a large number of Active Directory infrastructures make use of Public Key Infrastructures (PKI) features. These features are provided by Certification Authorities (CA) which are either external to Active Directory…
Create a relationship of trust with the executive committee: step 2, solidify the organisation's posture and explain the lines of action Creating a relationship of trust with the executive committee is a long-term action. After a first step that often involves raising awareness and putting the cyber risk into perspective…
Over 40 assessments of industrial sites Over the past two years, Wavestone’s auditors have conducted more than 40 cybersecurity assessments of industrial sites in various sectors (pharmaceutical, food processing, energy, etc.). These assessments have enabled us to benchmark the level of…
Security organisation are facing more and more employees leaving. There is an urgent need to rebuild a more readable operational model with a trend in pooling and eliminating redundancies. This article will present an attempt at explaining this situation and…
Networks are at the backbone of every modern systems; for the ecosystems of connected objects, this is no exception. In this article, we will provide you with a methodology to use from the get-go to help in choosing a secure…
[nota bene: this article has been translated to English for accessibility reasons. It does not address UK or US regulations, but only French ones regarding Security Accreditation (“homologation” in French). It is nonetheless useful for any organization wanting to implement…
Monthly indicators TOP ATTACK Two French hospital under ransomware attacks Ransomware attacks struck two French hospital groups in less than a week, prompting the transfer of some patients to other facilities but not affecting care for Covid-19 patients or virus…