NormShield Blog

thirdy-party risks

2018 Guide to Select 3rd Party Cyber-Risk Assessment Tool

A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Another survey conducted by Deloitte in 2016 was more depressive, reporting that 87% of organizations have experienced a disruptive incident with third-parties in the last 2-3 […]

supply chain hacker attacks

Are You Ready for Hackers Incoming Supply-Chain Attacks?

Are you ready for hackers’ incoming supply-chain attacks? A recent report released by 401TRG (the Threat Research & Analysis Team at ProtectWise) reveals that Chinese hackers, who have abundant experience on APTs, are now getting prepared for software supply-chain attacks. Are your ready? What is software supply-chain attack? Hackers usually insert a backdoor to a […]

normshield supply chain

Supply Chain Cyber Risk are Finally Part of the NIST Cybersecurity Framework!

Recently, National Institute of Standards and Technology (NIST) released new version of its Cybersecurity Framework (v. 1.1), which includes several additions such as cyber risk originated from supply chains. The version 1.1 is a risk-based framework to improve cybersecurity of critical infrastructure in the US. However, it is used by many companies as a guideline […]

iot devices security

Add Your IoT Devices to your Third-Party Cyber Risk Assessments

Internet of Things (IoT) is a new concept surrounding us every day. But security of IoT devices is defined by S in the abbreviation of the term. You may say “but there is no S in IoT”. Well, that is exactly my point. In April, a casino was hacked through a thermometer, an IoT device […]

gdpr ready

Is Your Website Ready for GDPR?

The Europe Union (EU) General Data Protection Regulation (GDPR) proposed by Europe Commission becomes active after May 25, 2018. GDPR has very strict rules about collecting, storing, and processing data. Gathering even very small piece of information about an EU citizen requires consent from customer/visitor and very high responsibility for the companies. The fines are […]

Banks or Cryptocurrency Exchange Markets

Which One is More Secure: Banks or Cryptocurrency Exchange Markets?

Banks or Cryptocurrency Exchange Markets? Financial institutions like banks have been facing cyber attacks almost everyday. The cyber security experience obtained by this status quo makes banks more careful and prepared against cyber attacks. However, they are still highly valuable targets and cyber criminals explore new vulnerabilities that sometimes make banks defenseless. It does not […]

cyber security risk brief 2018

How hackers leverage your IP addresses? IP Reputation as a Cyber Risk Assessment Metric

IP Reputation can be used as a cyber risk assessment metric to better understand how hackers leverage and exploit your IP addresses listed in websites used by hackers. What is IP Reputation? Employees may download applications that compromise computers and network. As a result, IP address can become part of a hacker’s network and hosting […]

cyber security scorecard posture

Cyber Risk Scorecard: A Compact View to Your Cyber Security Posture

Is there a way to see your cyber risk in a compact report? Yes there is, it is called cyber risk scorecard. Many companies use public and private tools to assess their cyber risk, but it requires processing of data gathered from many different sources and analysis and contextualization ın order to convert data to […]

Rapid Cyber Risk Scorecard

Cyber Security Services: Do Companies Really Need Them?

Cyber security services: a question of debate in our century. The last decade witnessed more technological developments than we ever imagined. In business world, there is almost nothing left to do manually; everything is digital and across networks. Companies that worth thousand and even million dollars are keeping their vital information in these digital networks […]

Malicious JavaScripts

Malicious JavaScripts: How Can You Get Hacked?

Malicious JavaScripts: How Can You Get Hacked? Detecting the vulnerabilities and leaking are of the essence in hacking. That’s why maintaining cyber security is quite crucial for individuals and corporations. In 2017, even a big firm like Yahoo was hacked by a simple phishing e-mail. Equifast -one of the largest credit bureaus- was hacked through […]