Istari

Spotlight

15 Sep 2021

The Anatomy of Cyber Risk

Wouldn’t it be great to have an overview of how countries across the globe differ in their exposure to cyber risk? This research piece provides the answer by analysing quarterly earnings calls of more than 12,500 companies.

By Manuel Hepfer

What is the Dark Web and Why Does It Matter for Cybersecurity?

15 Sep 2021

What is the Dark Web and Why Does It Matter for Cybersecurity?

When we read about yet another data breach, we often hear about personal data appearing in the Dark Web – a mysterious substrata of the internet that is often used for illicit purposes. But what exactly is it, and how does it relate to cybersecurity?

By Manuel Hepfer

The SEC Is Serious About Cybersecurity. Is Your Company?

15 Sep 2021

The SEC Is Serious About Cybersecurity. Is Your Company?

Regulators are tightening their grip on improper handling of cyber breaches. The Security Exchange Commission now regards cyber risk as an existential risk to business. How can companies avoid big fines?

By Manuel Hepfer

Organisational Cyber Maturity: A Survey of Industries

18 Aug 2021

Organisational Cyber Maturity: A Survey of Industries

Some companies are more mature in their cybersecurity capabilities than others. But are companies that do well in cybersecurity also more profitable? A McKinsey survey shines light on differing maturity levels of companies and explores the correlation between cybersecurity maturity and profitability.

By Manuel Hepfer

Inside a Sophisticated Cyberattack – “Sygnia, Praying Mantis: An Advanced Memory-Resident Attack”

18 Aug 2021

Inside a Sophisticated Cyberattack – “Sygnia, Praying Mantis: An Advanced Memory-Resident Attack”

We’ve all read or heard about these “sophisticated cyberattacks” that many companies suffer, such as SolarWinds, Kaseya, or NotPetya. But how does a sophisticated cyberattack actually look like? Recent research from Israeli cybersecurity firm Sygnia takes us inside a sophisticated cyberattack.

By Manuel Hepfer

3 Strategies to Secure Your Digital Supply Chain

18 Aug 2021

3 Strategies to Secure Your Digital Supply Chain

Almost every company relies on software provided by a vendor. But those vendors will often use software code that they themselves haven’t written, but rather imported from other vendors or open-source libraries. Such complexity introduces vulnerabilities. How can companies secure their digital supply chains?

By Manuel Hepfer

Addressing Third Party Cyber Risk: Moving Beyond a False Sense of Security

14 Jul 2021

Addressing Third Party Cyber Risk: Moving Beyond a False Sense of Security

Businesses don’t operate in isolation. That makes them vulnerable to supply chain cybersecurity risk. NotPetya, SolarWinds, and Kaseya are all examples of supply chain cyberattacks. But what can we do about them?

Mis-spending on information security measures: Theory and experimental evidence

14 Jul 2021

Mis-spending on information security measures: Theory and experimental evidence

Evidence suggests that companies tend to overinvest in preventive measures while neglecting to invest in preparing to respond. But the reasons for this were speculative – until now.

By Manuel Hepfer

Predictable Surprises: The Disasters You Should Have Seen Coming

14 Jul 2021

Predictable Surprises: The Disasters You Should Have Seen Coming

No one comes to work expecting a cyberattack, which makes them feel random, or unpredictable. But in reality, cyberattacks are predictable surprises – disasters you should see coming. What can be done to anticipate such predictable surprises?

By Manuel Hepfer

Ransomware: Should paying hacker ransoms be illegal?

11 Jun 2021

Ransomware: Should paying hacker ransoms be illegal?

It seems as if we are living in a ransomware ‘epidemic’. Ransomware is a specific type of malware that encrypts data and systems and asks for a payment (the ransom) for the release of decryption keys.

By Manuel Hepfer