In our experience as cybersecurity experts and highly qualified penetration testers, there are typically three reasons why you may move forward with a penetration test and start looking around for a provider. Making that initial decision to move forward with an assessment like this is a big step, but what should you do after you make it?

As of June 2024, the European Union's Digital Operational Resilience Act (DORA) is set to become a pivotal piece of legislation impacting financial institutions and their Information and Communication Technology (ICT) service providers. Designed to improve the stability and security of the financial sector amidst increasing cyber threats, DORA mandates several rigorous standards that organizations under its purview will need to accommodate.

In the 2018 Marvel film Black Panther, genius inventor Princess Shuri quips that “just because something works does not mean it cannot be improved.” It’s a message the healthcare industry has taken to heart, as it has continuously searched for ways to improve the patient experience.

In the fast-paced world of business, trust and credibility are table stakes. You've likely invested in compliance certifications to demonstrate your commitment to industry standards. But are you prepared to meet the rising expectations of a new generation of stakeholders who demand more than just compliance?

Picture this: you've signed up for a social engineering attack as part of your organization's penetration test, specifically an email-based phishing campaign. The penetration testing firm is asking you to allow list their campaign through your mail filters and other technical controls. You have all those advanced protections in place - spam filters, web proxies, next-generation phishing protections - designed to protect your end users from phishing attacks. Yet, when it comes to assessing the very risk these controls are meant to mitigate, should you lower them for the tester specifically for the purpose of the test?

As the need for SOC 2 examinations continues to grow domestically as well as internationally, many organizations now either find themselves taking on more and more assessments or trying to appease a client base that requires a SOC 2 examination when the typical product or platform approach may not apply. When these situations crop up, we are seeing more adoption of what’s known as an enterprise services SOC 2 examination.

As of June 11th, PCI DSS v4.0.1 was officially released. This update comes with several clarifications and adjustments to the previous version, ensuring more precise guidelines and addressing various implementation issues.