With the new NIS2 Directive from the EU, cybersecurity has been raised to a whole new level. The Directive will make a number of new demands on companies, which must be ready to comply with them in just eighteen months.
Cybersecurity risks are a result of three elements: threat, vulnerability, and impact. This blog specifically addresses vulnerability management. Patching is an important aspect of this, but there is more to it than meets the eye. As always in information security we have to balance the risk and the cost.
The digitalisation of business operations took a big leap when the Tax Administration experimented with using e-services in establishing a company for a foreign individual and in transmitting business data securely between organisations.
Are you expecting your IT department to work on a certain budget and keep things secure? Think again! Because you could probably lift some weight of their shoulders, so that they can do more with less.
My colleague Anne Oikarinen has written a blog or two about secure software development and how to incorporate ‘Evil user stories’. The idea is that you envision how an evil user could misuse the system you are developing and, subsequently, you mitigate your code. From a CISO perspective, it makes more sense to analyze and take things a step further: How would an evil person compromise the company? How would he commit fraud? How would he go about stealing goods or money? How would he abuse your organization’s vulnerabilities?
Nixu Certification, press release, Monday December 5, 2022, at 8:30 a.m. EEST
IT security essentially reduces information-related risk to an acceptable ratio of risk to cost. For this reason, the process begins with an extensive risk assessment – a tried and tested process that can be improved. I am inspired by the work of Douglas Hubbard on this topic. Here’s why.
Ejner Hessel is a family business founded in 1968 by road haulier Ejner. Today, the company is Denmark's largest car dealership with brands such as Mercedes-Benz, Ford, Renault and Dacia.
Sveaskog is Sweden's largest forest owner selling sawlogs, pulpwood, and biofuel.
Nixu’s cybersecurity consultant Aapo Oksman has been researching vulnerabilities that allow intercepting secure network connections made by devices and software. The research revealed a vulnerability in the App Store application in the Apple iOS. This vulnerability allows an attacker to listen in and alter network traffic made by some parts of the App Store application.
Nixu Corporation, Press release on February 26, 2020 at 10 AM EET
The Finnish Tax Administration, together with cybersecurity company Nixu and Digital Living International, piloted SisuID to identify foreign entrepreneurs online so that registering a new company in Finland could be made digital, easy, and fast. This user-friendly process would help Finland to attract more companies and more tax revenues to Finland. The pilot shows that Finland already has all the technologies needed to reach this vision.
Nixu Corporation, Stock exchange release, December 23, 2022 at 9.00 a.m. EET, Inside information
The Corona virus has provided for challenging times, impacting businesses globally. It is very likely IT security is no longer a top priority for companies, when the only outlook is surviving the current crisis. Of course, companies are handling things to the best of their ability. The current situation reminds me of 2009, when the world was battling the swine flu pandemic. In hindsight, that flu was comparable to the seasonal flu. It looks like the Corona virus is completely different, with far more severe consequences. We are now faced with the same review, and the comparisons are striking.
The world is driven by risk assessments. Crossing the street, ordering some gadget online or lying to your boss… It’s all risk assessment. Doing business is no different, but there is more to life than risk alone. What about ethics?
Nixu Threat Intelligence has become aware of a warning by Ukraine's defense intelligence agency saying that Kremlin-backed hackers are planning to carry out massive cyberattacks on the country's critical infrastructure – targeting especially the energy sector.
From a security perspective, workstations (desktops, laptops, smartphones) can never be completely controlled, equating to a plethora of possible breaches CISOs must foresee and navigate. Simply advising employees to be wary of predatory behavior from unknown attackers is not sufficient. Knowing a) what to protect, b) which possible dangers exist and c) who the hypothetical attackers are, is necessary for every CISO.
IT security essentially reduces information related risk to an acceptable ratio of risk to cost. For this reason, the process begins with an extensive risk assessment – a tried and tested process that can be improved. I am inspired by the work of Douglas Hubbard on this topic. Here’s why - part III.
For 10 years, Nixu has been helping to handle the cybersecurity at Semler Services
IT security essentially reduces information related risk to an acceptable ratio of risk to cost. For this reason, the process begins with an extensive risk assessment – a tried and tested process that can be improved. I am inspired by the work of Douglas W. Hubbard on this topic. Here’s why ‘Part II’.