Layered Defences: Building Blocks of Secure Organisations
Every organisation is different in terms of how it uses data, how its processes work, and how their staff conduct themselves. As a result no single security tool, deployment, implementation, or capability can protect them. Layered defences, also known as “defence in depth,” is the approach of implementing multiple layers of security controls to protect […]
Managing Risk in Red Team Engagements
In today’s rapidly evolving digital landscape, organizations face an ever-growing array of cyber threats. To stay ahead, many are turning to red team testing – a proactive approach where skilled cybersecurity professionals simulate real-world attacks to uncover misconfigurations, vulnerabilities, and inconsistent security behaviours. However, as with any initiative, red team testing carries its own set […]
Understanding the Difference Between Red Teams and Penetration Testing in Cybersecurity
Penetration Testing and Red Teaming are both valuable, important, and focussed in their own ways. Too often Penetration Tests are used to assess a system and it is a rinse and repeat of the previous year’s test results, and the organisation states that they have documented and accepted the risks often due to budgetary reasons […]
The Value of Red Teams – Delivering Impact through Analogies
In this blog post, we will explore how red teaming helps identify and then translate intricate technical risks into comprehensible business language, ensuring that stakeholders understand the implications and can take appropriate actions to safeguard their organisations. Understanding Red Teaming Red teaming is a structured process where cybersecurity professionals simulate real world threats to help […]
Prism Infosec launches PULSE agile red team engagement service
Prism Infosec, the independent cybersecurity consultancy, has announced the launch of its innovative PULSE testing service to enable organisations which may not have the bandwidth or resource to dedicate to a full-scale red team exercise to assess their defence capabilities against real-world threats. PULSE addresses the gap that currently exists between penetration testing and red […]
WordPress Plugins: AI-dentifying Chatbot Weak Spots
AI chatbots have become increasingly prevalent across various industries due to their ability to simulate human-like conversations and perform a range of tasks. This trend is evident in the WordPress ecosystem, where AI chatbot plugins are becoming widely adopted to enhance website functionality and user engagement. Prism Infosec reviewed the security postures of several open-source […]
The Dark side of AI Part 2: Big brother
AI: Data source or data sink? The idea of artificial intelligence is not a new one. For decades, people have been finding ways to emulate the pliable nature of the human brain, with machine learning being mankind’s latest attempt. Artificial intelligence models are expected to be learn how to form appropriate responses to given set […]
Exploring Chat Injection Attacks in AI Systems
Introduction to AI Chat Systems What are they? AI powered chat systems, often referred to as chatbots or conversational AI, are computer programs that are designed to simulate human conversation and interaction using artificial intelligence (AI). They can understand and respond to text or voice input from users and it make it seem like you […]
CrowdStrike Incident and Recovery Steps
The recent Crowdstrike incident has caused significant disruptions across the internet, leading to widespread outages. This issue affects windows users worldwide after a CrowdStrike update was pushed, resulting in blue screen errors. The issue occurred due to a defect in a content update for Microsoft users within CrowdStrike. Manual Recovery Steps One of our consultants, […]
How AI is Transforming Cyber Threat Detection and Prevention
The number of global cyber-attacks is increasing each year at a rapid rate. According to a study by Cybersecurity Ventures, in 2023 a cyberattack took place every 39 seconds, or over 2,200 times per day. This is a 12.8% increase from 2022. Attackers are getting more sophisticated and are increasingly using AI tools to automate […]