Mid-Year Threat Landscape Report

whitePaper | October 31, 2022

As cloud-based software solutions become prominent, discussions continue to revolve around security. When organizations implement a cloud-based solution, they put their trust in the solution provider to protect their data and deliver a secure platform.

whitePaper | June 15, 2022

There’s an old saying, “How do you eat an elephant? One bite at a time.” In some cases, the task of technology modernization is akin to eating an elephant. Government agencies are filled with legacy applications, many of which have been heavily customized over decades of operation.

whitePaper | March 14, 2023

Targeted intrusions for gaining long-term access and collecting data about industrial control systems (ICS) are becoming much more frequent. Many of these attacks are about understanding the network and preparing for future activities without causing any immediate impact. The most recent Dragos Year in Review6 report shows that the ransomware groups Lockbit 2.0 and Conti were responsible for more than half of the observed ransomware attacks in industrial environments in 2021, and that these instances resulted in actions on objectives. These attacks have been observed in almost every industrial vertical, primarily targeting small to medium-sized organizations in manufacturing.

whitePaper | November 9, 2022

The CISA Stakeholder-Specific Vulnerability Categorization (SSVC) is a customized decision tree model that assists in prioritizing vulnerability response for the United States government (USG), state, local, tribal, and territorial (SLTT) governments; and critical infrastructure (CI) entities. This document serves as a guide for evaluating vulnerabilities using the CISA SSVC decision tree. The goal of SSVC is to assist in prioritizing the remediation of a vulnerability basedon the impact exploitation would have to the particular organization(s).

whitePaper | December 6, 2022

Cybersecurity can seem overwhelming, and there’s plenty of long to-do lists. The Center for Internet Security (CIS) has the Critical Security Controls, the International Organization for Standardization (ISO) has its 27000-series publications, and ISACA manages its COBIT 5 framework. Layer those atop compliance mandates like the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act (GLBA) — and it’s often hard to know where to start.

whitePaper | December 17, 2019

At CGI, cyber security is part of everything we do. For more than 40 years, we have helped clients manage complex security challenges with a business focused approach – protecting what is most valuable to them. As our economy becomes even more digital in nature, securing our organisations against cyber-attacks and data breaches has become one of the most important business issues facing senior management.