Our Blog
Ransomware is a type of malware that has become increasingly prevalent in the field of cybersecurity. This software encrypts an organization's data and demands a ransom in exchange for the decryption key.
The aim is to make them inaccessible, thereby preventing people from working and businesses...
In the cybersecurity environment, understanding and managing vulnerabilities are essential for protecting systems, applications, and data. Among the fundamental tools in this fight against cyber threats, the Common Vulnerabilities and Exposures (CVE) system plays a key role.
CVEs are a publicly ac...
The due diligence process, also known as reasonable diligence, is an essential in-depth investigation that companies must perform before establishing business relationships with third parties, particularly suppliers. This process often includes a supplier due diligence to assess the inherent risks...
In today's digital age, protecting information systems is a priority for all organizations, regardless of their size (SMEs, mid-cap companies, large corporations) and their sector of activity (banking, insurance, manufacturing, automotive, aviation, logistics, agri-food, etc.). The information syst...
In June 2024, 77 entities, including 10 French banks, fell victim to a remote access Trojan called "DroidBot." Resold to cybercriminal networks, more than 776 infections were detected in Western Europe within banking organizations, cryptocurrency platforms, and financial companies.
The urgent need...
In a context where digital exchanges are at the core of business processes, securing application traffic and APIs is no longer optional but an operational requirement.
This article explains to CISOs, CIOs, and security leaders why the TLS protocol and strict management of X.509 certificates...
Facing the growing threat, companies and organizations have no choice but to invest in their cybersecurity. In addition to technological tools for cyber risk management, taking out cyber insurance has become essential.
The consequences of a cyberattack are numerous, and being covered against its...
A data leak refers to the unauthorized disclosure of personal or sensitive information belonging to an organization or its users. These disclosures can involve millions of records, including personal data such as social security numbers, contact details, or other confidential information....
In the healthcare sector, the security and confidentiality of personal data are essential issues. With this in mind, the Healthcare Data Hosting (HDS) certification was introduced to meet these requirements.
HDS certification aims to strengthen the protection of health data and establish a trusted...
TPRM (Third-Party Risk Management) is part of a proactive approach to monitoring and controlling risks associated with supplier failure. In a context where companies and government agencies rely heavily on external partners (IT service providers, SaaS publishers, HR firms, etc.), third-party assessm...
TPRM (Third-Party Risk Management) is part of a proactive approach to monitoring and controlling risks associated with supplier failure. In a context where companies and government agencies rely heavily on external partners (IT service providers, SaaS publishers, HR firms, etc.), third-party assessm...
With the rise in cyberattacks and the introduction of new European regulations (NIS2, DORA, CRA), digital services companies (DSCs) are facing a strategic challenge: protecting t...
The NIS2 directive, expected to be transposed into French law in September 2025, would impose new obligations on local and regional authorities, particularly those with more than 30,000 inhabitants. It would involve strong measur...
As a business, you rely on numerous suppliers and partners to carry out your activities. While outsourcing can be a source of agility and performance, it can also expose you to risks and lead to data loss or business interruption.
And the consequences can be far-reaching, affecting your finances,...
The digitization of corporate working practices has accelerated since the Covid-19 crisis, amplifying a worrying shortage of cybersecurity professionals. While many organizations are investing in increasingly complex IT infrastructures, professionals capable of understanding the very nature of cyber...
The number of cyber incidents handled by ANSSI fell by 20% in 2022; yet, with regard to local authorities, the threat is not waning. Quite the contrary: at the presentation of the latest cyber threat panorama, the new director of ANSSI (January 2023), Vincent Strubel, indicated that 23% of ransomwar...
Will we have to wait for a new "cyber Pearl Harbor" to become aware of cyber risks? The term "cyber Pearl Harbor" was coined by a U.S. senator after the December 2020 attack on the U.S. federal government, via software supplier SolarWinds. The SolarWinds affair was a global trauma, prompting many or...
For a company, the added value of a reliable, controlled cyber rating is significant. As Julien Steunou, Associate Director - SOC CERT CWATCH at Almond, a Board Of Cyber partner, explains, "cyber rating is an important decision-making element in r...
While a growing number of companies of all sizes have understood the importance of a controlled cyber rating, some still perceive it as an intrusion.... Julien Steunou, Associate Director - SOC CERT CWATCH at Almond, a Board Of Cyber partner, points out th...
In 2016, if you asked a CISO what his day was made of, he would answer "Cloud", "Antivirus", "General Data Protection Regulation" or "connected objects". He would tell you about his fears of cyber-attacks and his company's lack of maturity, still too fragile...
The upcoming version, ISO 27002:2021, also brings a lot of new elements, both in substance and in form. These changes will not be without consequences for CISOs. They echo the normative inflation observed in recent years and deserve in-depth analysis.
In 2021, the flagship fra...
