Cyber-attacks are commonplace these days; so commonplace in fact that they tend to be overlooked or ignored by many of us. We assume that as hacking is generally carried out by determined and seasoned criminals targeting specific institutions, it’s not a problem that will affect us. Sadly that assumption is incorrect. Anybody can be a …
Ask yourself, have you acknowledged all your cyber risks? Do you have suitable information security controls in place?
ISO27001 Gap Analysis- Is your business looking to start the passage towards ISO 27001 certification? Krypsys can help with an independent verification of your Information Security Management System.
Just how serious is the threat of cyber-attack to the UK? Are our government and industrial secrets being targeted globally by cyber criminals? Most people have been lulled into something of a false sense of security. They are aware of the fact that governments and businesses take great care to protect their valuable assets and information, using intrusion protection and advanced penetration testing to filter out the threats, and that by and large such practices have managed to keep a lid on the problem.
The UK Home Office has launched a new £4 million information security awareness campaign, designed to educate businesses and consumers about rising hacker threats and network vulnerabilities. The first stages of this new campaign will begin in the autumn, and will sit alongside other more-established information security initiatives like Get Safe Online, and form part of the broader government National Cyber Security Programme.
In today’s climate of business insecurity it is becoming increasingly important for businesses to take every conceivable precaution to protect themselves and their assets from risk and breach. You only have to look in a newspaper or go online to read about the latest hack attack or security breach to realise that business are facing these dangers every day. Millions of pounds are being lost, and countless crucial data sets are being compromised. These security breaches can cause loss or significant damage to people, brands, reputation and profits.
What’s the difference between a vulnerability assessment and a penetration test? The answer to that question depends on who you choose to ask. For some people they are effectively one and the same thing; for others there are clear distinctions. So what’s the true position? Are vulnerability assessments and penetration test effectively two sides of the same coin, or are there clear differences between the two? The short answer is that whilst a penetration test may be a form of vulnerability assessment, a vulnerability assessment is definitely not a penetration test.
It’s a well-known fact that small businesses are more susceptible to cyber-crime than many of their larger counterparts. A lack of funding and resources means that few small to medium-sized businesses can afford to pay for vulnerability assessments or penetration testing of their network security. But just how much money is this failure to protect online networks costing small businesses? Well, according to Federation of Small Businesses it’s something in the region of £785 million every year. That staggering figure is the price SMEs pay when they fall victim to fraud and malware.
If you ever doubted that security risk management was critical for businesses and enterprise, then your opinion might be changed after reading the information contained in the recent Verizon report. The latest study was published to coincide with Infosec – an annual security conference in London.
What is one of the most popular blogging systems in use on the web? Answer, WordPress. It is used by 14.7% of Alexa Internet’s “top 1 million” websites powering over 60 million internet sites worldwide. Due to this popularity, abjectly this makes WordPress an open target for hackers.
With an increasing number of critical systems being placed within virtual environments, security is now understandably a prime concern. Systems can be attacked, and valuable information and assets can be compromised. Vulnerability management systems are designed to address these issues. Vulnerability assessment is the process of identifying how vulnerable an infrastructure is to known vulnerabilities—the number one threat to all networks today. The threats/risks found in the vulnerability assessment are then ranked and prioritized to expose the current security position, and to facilitate the re-mediation process.
Whether you’re an end user or an IT administrator, Bring Your Own Device (BYOD) is becoming a reality in many workplaces these days. Advances in technology have now made this possible. There’s no doubting that BOYD can deliver rewards and have positive impacts on productivity. However, these rewards can also involve risk. Although BYOD may be convenient for your employees, businesses will also need to consider its potential impact on corporate security models and data.
Will vulnerability assessments and penetration testing find all the security vulnerabilities in your network and systems? Well, the simple answer to that is probably not; that is, of course, unless you are prepared to spend an awful lot of time, effort and money on it. So why bother having your systems tested then? Well, because it is still vitally important to protect your network from vulnerabilities. What is required is closer co-operation between the client and the pen tester. From a client’s perspective it’s about the importance of setting expectations and defining the requirements for penetration testing. From a tester’s point of view it’s a question of gathering as much information as possible about the internal workings of the business and the systems to be able to do a comprehensive vulnerability assessment.
The internet around the world was slowed down last week in what network security experts are describing as the biggest cyber-attack of its kind in history. As network security attacks go, they can’t have come much bigger than this one. The slow-down was caused because of an escalating row between the spam-fighting group, Spamhaus, and a hosting firm, Cyberbunker. This led to a series of retaliation attacks which eventually affected the wider internet. Experts are now expressing concerns that this row has the potential to escalate even further and could eventually affecting global banking and email systems. The threat of the retaliation attacks was so overwhelming that five national cyber-police forces are now running investigations.
You may never have heard of Gil Shwed, yet there’s every likelihood that your home or business is using internet security software that has been designed, or influenced, by the company he founded, Check Point. Shwed is an Israeli programmer and entrepreneur who is rightly regarded as one of the founding fathers of modern Internet security.
The UK’s national cyber security strategy, published in November 2011, set out the government’s intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information. However there is still confusion around which standards are best followed. As a consequence the government has announced that it plans to select and endorse a preferred organisational standard that best meets the requirements for effective cyber risk management.