Cybersecurity blog

News, articles and thought leadership.

an act of war

Zero Trust

Zero Trust from conviction
Security isn’t about locking doors after intruders have come and gone. It’s about designing a world where they never get in. Imagine waking up to find someone’s broken into your house. You change the locks, install cameras, maybe even adopt a loud dog. But deep down, you know the truth: you acted too late. That’s … Read more
A comprehensive cybersecurity assessment is a proven method to achieve insight and overview. But how exactly does such an assessment work, and why is it vital to safeguarding your business?
The Purdue Model has long served as a foundation for securing OT environments, but its limitations in addressing modern cyber threats are evident. Zero Trust enhances OT security by enforcing strict access controls, continuous monitoring, and micro-segmentation.
Community banks play a vital role in local economies, yet they face increasing cybersecurity challenges. Unlike larger financial institutions, they often struggle with limited resources, outdated technology, and complex regulations.
Let’s clear something up right away: Zero Trust does not mean we don’t trust people. It means we don’t blindly trust the digital traffic moving through our networks. And yes, that distinction matters, a lot.
An image showing the title of the blog (Zero Trust: A New Year's resolution worth keeping) as well as an image of a list of 2025 resolutions.
As the year draws to a close, it’s time to reflect on the past 12 months and make plans for the year ahead. For those of us in cybersecurity, the question is clear: what did we do to strengthen our security posture this year, and how can we do even better next year?

Threat InTEL

On May 23rd, 2025, stakeholders from various large insurers met in New York City to dicsuss how cyber insurance is evolving, and how Zero Trust is increasingly at the center of the major cyber insurance shift.
Once a primarily technical position, the role of Chief Information Security Officer (CISO) now comes with a range of new responsibilities. Executives increasingly rely on CISOs; but this can be risky.
The rapid technological advancements of the past few years (or decades, depending on how far back you want to scroll) are only picking up speed, and the threats we face will keep evolving just as fast. But what does that actually mean for 2025?
Some CISOs fear auditors more than they fear actual hackers… Compliance has become a crucial focus with the implementation of regulations like the GDPR, CCPA, and various global data privacy directives. But whilst many organizations have rightfully turned their focus to said compliance, does it actually ensure better (cyber)security?
Though the recent Baltimore bridge collision wasn’t a cyber-attack, it did showcase a serious vulnerability in ship systems. A vulnerablity that could’ve easily been exploited by hackers, highlighting a truth that can no longer be denied – ships are easy targets for cybercriminals.
In these cyber warfare episodes of Threat Talks, we explore whether or not we stand a chance in this continuous arms race in cyber technologies, what Advanced Persistent Threats (APTs) are, and how these modern threats can affect literally everyone.

Business & Technology

an act of war
When we think of war, most of us picture something loud and visible. Tanks rolling through fields, soldiers in uniform, fighter jets in the sky. It’s an image shaped by decades of physical conflict. And one that still holds true in many parts of the world. But today, some of the most serious attacks do … Read more
signed, sealed, subverted.
The Trusted Signature You’re alone in a quiet gallery of the Rijksmuseum, the soft hum of security systems barely audible beneath the air conditioning. A dim spotlight falls on a delicate sketch, its ink lines sharp against aged parchment. The plaque reads: Rembrandt van Rijn, ca. 1640. Experts have certified it. It’s catalogued, insured, cited. … Read more
We challenge you to look at cybersecurity assessments through a different lens. IT and executive leaders alike should recognize assessments for the sanity check they are, as well as a way to build trust within the organization. Not as some sort of score card or grading system, but as a way to figure out where to start and where to go next. 
Even if you’re an IT professional feeling a bit skeptical about the board’s intentions, you can still see that their involvement is a great chance to align security measures with the company’s broader goals. It’s all about framing this as a partnership, not a critique. One of the best ways to do that is through a cybersecurity assessment that actually makes sense.
Though Zero Trust is here to stay, that doesn’t mean implementation is easy. Rob Maas is one of the leading Zero Trust consultants and the Field CTO at ON2IT. In this second part of his blog series he answers the question: what part does business alignment play in cybersecurity implementations?
Palo Alto Networks published vulnerability CVE-2024-3400 that allows unauthenticated command injection (RCE) in the GlobalProtect feature of Palo Alto Networks PAN-OS software. Specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.