RiskInsight

Successful Ransomware Crisis Management: Top 10 pitfalls to avoid

2 years ago
Read Time: 8 minutes
by Nicolas Gauchard
Leave a comment

Once again, the CERT-W 2022 report confirms that the main motivation of attackers continues to be financial gain and ransomware remains the most common means of extortion. Ransomware attacks are among the most severe cyberattacks in terms of their impact on…

2 years ago
Read Time: 4 minutes
by CERT-W
Leave a comment

FOCUS TECH BRING YOUR OWN VULNERABLE KERNEL DRIVER (BYOVKD) Facing the EDR behavioral supervision, attacker develops techniques for successful attacks by staying under the radars. One of these techniques is called BYOVKD: Bring Your Own Vulnerable Kernel Driver. Even if…

2 years ago
Read Time: 6 minutes
by Etienne Lafore
Leave a comment

Confidential Computing: Revolution or New Mirage?

The encryption of data in transit and at rest now makes it possible to ensure a good level of security. For data being processed, a solution is now emerging confidential computing. I had the opportunity to organize a round table…

2 years ago
Read Time: 7 minutes
by Mathieu Bouchot and Rémi Bossuet
Leave a comment

Turn your dashboard into a real management asset against global cyber threats

Dashboards are an essential tool for CISOs to measure and control risks in their scope, to steer their projects and to inform their management of the company’s cyber health evolution. However, according to Wavestone’s Cyber benchmark results from 2022, 47%…

2 years ago
Read Time: 4 minutes
by CERT-W
Leave a comment

EDITO What are the supply chain threats? What’s a picture of the current situation? Since 2019, there has been a growing focus on third-party attacks. With good reason: CyberArck estimates in a study from 2022 that 71% of organizations suffered…

2 years ago
Read Time: 7 minutes
by Etienne Lafore, Omar Zamani and Justin Leblanc
Leave a comment

Zero trust and identity as the new perimeter : what about tokens ?

Introduced just over 10 years ago by Forrester, Zero Trust is a security philosophy that starts from the premise that the cyber threat is omnipresent, both outside and inside the IS, and consequently proposes an access management strategy based on…

2 years ago
Read Time: 5 minutes
by Axel Petersen and Thomas Rousseau
Leave a comment

During protests in Philadelphia towards the end of May 2020, two police vehicles were set on fire. Photos of the event posted on Instagram and cross-referencing of aliases, visible on Etsy, Poshmark and LinkedIn, will lead[1] an FBI investigator to…

2 years ago
Read Time: 6 minutes
by Jérôme de Lisle and Cristian Michael Tracci
Leave a comment

Improving Incident Response through Automation: An overview of SOAR platforms

The increase in cyberattacks witnessed over the last few years can be partially attributed to the evolution and spread of automation tools, which are leveraged to perform wider attacks with fewer resources. Many steps of an attack can be automated…

2 years ago
Read Time: 8 minutes
by Jean Marsault
Leave a comment

Defcamp finals 2022: Feedback on our first Attack/Defense CTF

Yesterday, the team YoloSw4g from Wavestone's Cybersecurity practice took part in the 2022 Defcamp CTF finals. Defcamp is one of the top cybersecurity conference in Europe and every edition is hosted in Bucharest, Romania. Wavestone had the opportunity to play…

2 years ago
Read Time: 4 minutes
by Arnaud Soullié
Leave a comment

If you work in cybersecurity, you have probably heard of the OWASP TOP 10: a standard awareness document that represents a broad consensus about the most critical security risks to web applications. However, in Industrial Control Systems, we never talk…

Artificial Intelligence, Industrials, and Cyber Risks: What’s the Current State?

Shift towards the 3rd Payment Services Directive: what will the impacts be?

Generative AI applications: risks and mitigations

LoadLibrary madness: dynamically load WinHTTP.dll

Adopting MLSecOps: the key to reliable and secure AI models

Successful Ransomware Crisis Management: Top 10 pitfalls to avoid

Confidential Computing: Revolution or New Mirage?

Turn your dashboard into a real management asset against global cyber threats

Zero trust and identity as the new perimeter : what about tokens ?

OSINT or Intelligence 2.0

Improving Incident Response through Automation: An overview of SOAR platforms

Defcamp finals 2022: Feedback on our first Attack/Defense CTF

Top 20 Secure PLC Coding Practices