Security Insights
Pragmatic cybersecurity advice, industry analyses, and tactical advisories from the technical advisors and incident response leaders at THOR.
Business Email Compromise Response Checklist for Small Businesses
An emergency checklist to respond to a Business Email Compromise (BEC). Learn how to preserve evidence, recall fraudulent wire transfers, and secure mailboxes.
Read ArticleThe CMMC 2.0 Level 2 Self-Assessment Playbook
A step-by-step playbook for defense contractors preparing for a CMMC 2.0 Level 2 assessment, covering NIST SP 800-171 controls, scoring, and documentation.
Read ArticleCyber Insurance Requirements for Small Businesses: What Carriers Actually Look For
A complete guide to cyber insurance requirements for small businesses. Learn what controls underwriters expect, from EDR and MDR to incident response plans.
Read ArticleThe Cyber Insurance Playbook: Mandatory Security Requirements
What cyber insurance underwriters expect in today's market, the mandatory security controls required to get coverage, and how to lower premiums.
Read ArticleDeposing a Cybersecurity Expert: Key Questions & Technical Traps to Avoid
A guide for litigators deposing an opposing digital forensics or cybersecurity expert witness. Learn key questions, credential checks, and Daubert vulnerabilities.
Read ArticleFractional CISO vs. Full-Time CISO: A Realistic Cost & Value Comparison
Hiring a full-time CISO is a massive financial commitment. We break down the salaries, benefits, equity, and retainer models to help you choose the right leadership model.
Read ArticleFractional CISO vs Managed Security Services: Which Do You Need?
Understand the difference between a Fractional CISO and managed security services (MSSP/MDR). Learn when you need leadership, operations, or both to protect your business.
Read ArticleFTC Safeguards Compliance Guide: Auto Dealerships & Financial Services
A practical guide explaining the revised FTC Safeguards Rule requirements, who must comply, and step-by-step security implementation playbooks.
Read ArticleMDR vs MSSP vs SIEM: What Does Your Business Actually Need?
Compare MDR vs MSSP vs SIEM. Learn the differences between log management, security outsourcing, and active response to find what your business needs.
Read ArticleMicrosoft 365 Account Compromised? What to Do Immediately
An emergency response guide for Microsoft 365 account compromise. Step-by-step containment steps, auditing suspicious inbox rules, and when to bring in forensic experts.
Read ArticlePre-Acquisition Cybersecurity Due Diligence: Protecting Private Equity Valuations
Why pre-acquisition cybersecurity due diligence is a critical element in PE transaction risk, and how standardizing portfolio security controls protects EBITDA.
Read ArticleRansomware Readiness Checklist for Small and Mid-Sized Businesses
A comprehensive ransomware readiness checklist covering backup testing, MFA, EDR/MDR, privileged access, patching, incident response, and cyber insurance. Assess your preparedness before attackers do.
Read ArticleThe Step-by-Step SOC 2 Type II Readiness Guide
A practical, zero-fluff playbook explaining how to prepare for a SOC 2 Type II audit, select control systems, and avoid audit pitfalls.
Read ArticleDigital Forensics in Trade Secret & IP Litigation: Preserving Evidence Before You Sue
When an employee steals source code, client lists, or trade secrets, quick and legally defensible forensic collection is vital. Learn how to preserve key digital evidence before filing suit.
Read ArticleHow to Vet a Cybersecurity Expert Witness: Credentials That Stand Up in Court
Selecting the wrong cybersecurity expert witness can sink a case during a Daubert challenge. Learn how to vet candidates based on certifications, deposition history, and forensic expertise.
Read ArticleSecuring Identity: Why Default MFA Is No Longer Enough
Phishing kits and session hijacking have evolved. Learn why default push notifications fail and how to secure your identity infrastructure.
Read ArticleDefending Against Ransomware: The 5 Controls That Actually Matter
Ransomware operators target known vulnerabilities and weak credentials. Here are the 5 high-impact controls that dramatically reduce your risk of a successful breach.
Read ArticleNeed a dedicated risk or threat review?
Schedule a consultation with a THOR advisor to review your organization's defenses.