Implementing a Structured Approach to Security Risk Management: The Role of Penetration Testing and Industry Standards

Implementing a Structured Approach to Security Risk Management

In today’s digitally-driven world, robust security risk management is critical for businesses of all sizes. The increasing frequency and sophistication of cyberattacks highlight the need for a structured, comprehensive approach to managing security risks. This article explores how organisations can implement a structured security risk management strategy, with a particular focus on penetration testing and …

Read More

Lessons from the CrowdStrike Catastrophe: A Wake-Up Call for IT Resilience

The recent global outage caused by a failed CrowdStrike update, which crippled critical systems across industries, serves as a stark reminder of the interconnectedness of our digital world and the potential catastrophic consequences of even a single point of failure. This incident underscores the urgent need for organisations to re-evaluate their IT resilience strategies. The …

Read More

The Vital Role of Penetration Testing in 2024

The Vital Role of Penetration Testing in 2024

In an age where technology permeates every aspect of our lives, cybersecurity has become paramount. With the increasing sophistication of cyber threats, it’s no longer sufficient to merely implement security measures and hope for the best. Instead, organisations must adopt proactive approaches to identify and mitigate vulnerabilities before they are exploited by malicious actors. This …

Read More

Enhancing Cloud Data Security: The Role of Penetration Testing in ISO 27018 Compliance

Penetration testing for ISO 27018

In the dynamic realm of cloud computing, organisations are increasingly entrusting their sensitive data, including personally identifiable information (PII), to third-party cloud service providers (CSPs). This shift brings forth a heightened responsibility for CSPs to safeguard this data in accordance with stringent data protection standards, such as ISO 27018. While ISO 27018 provides a comprehensive …

Read More

The Main Targets for Hackers in 2023 and How to Defend Your Computer Systems

Main Targets for Hackers in 2023 and How to Defend Your Computer

In our ever-evolving digital landscape, hackers perpetually sharpen their tactics, relentlessly seeking vulnerabilities and eyeing prized assets. Taking stock of how things have unfolded in 2023, it’s paramount to comprehend the cyber threats that loom large and, more crucially, how to safeguard your computer systems against their malevolent designs. Let’s delve into the primary targets …

Read More

Is Manual Penetration Testing Still Necessary

Is Manual Penetration Testing Still Necessary

In the world of cybersecurity, organisations often rely on both manual penetration testing and automated vulnerability scans to identify and mitigate security risks. While automated scans can be useful in identifying low-hanging fruit vulnerabilities, manual penetration testing offers several benefits that cannot be replicated by automated tools. In this blog post, we will explore the …

Read More

How Artificial Intelligence is Impacting Cyber Security

How is Artificial Intelligence is Impacting Cyber Security

Artificial intelligence (AI) is rapidly changing the world as we know it, and the field of cybersecurity is no exception. AI is being used to develop new tools and techniques for detecting and preventing cyberattacks, as well as to automate many of the tasks involved in cybersecurity. One of the most important ways that AI …

Read More

What is International Data Protection Day

what is data protection day

Data protection affects almost everybody and everything that we do. From high-street and online shopping, banking, booking holidays, to tracking exercise activity. Whilst most of us are generally aware of the risks involved when sharing personal data, we may not fully grasp the potential impact of unauthorised access to our information. We may also not …

Read More

Is Cyber Essentials Worth Doing

cyber-essentials

Cyber Essentials was introduced in 2014 by the UK Government in collaboration with the National Cyber Security Centre (NCSC). The aim of the scheme is to improve the baseline cyber security posture of small businesses. In essence it is a practical, no-frills approach to addressing the key areas of cyber security. The basic concept is …

Read More

What is ISO 27701 Privacy Information Management

What-is-ISO-27701-privacy-information-management

Following the General Data Protection Regulation (GDPR) and many other similar privacy laws and regulations being introduced around the world, there has been an increasing need for a standard or certification that organisations can use to demonstrate compliance with data privacy best practice. ISO 27701, released in August of 2019, seeks to fill this gap.  …

Read More

Cybersecurity Trends so far in 2022

Cyber security trends so far in 2022

Cybersecurity is now a primary focus for companies and organisations of all types and sizes. Continuous change in technologies deployed to gain competitive advantage inevitably means a corresponding shift in cybersecurity trends. Phishing and ransomware attacks are increasingly with us and news reports of high-profile data breaches are becoming ever more the norm. As well …

Read More

What is Phishing and How Can I Protect Myself?

What is Phishing and How Can I Protect Myself

What is Phishing? Phishing is a very common type of cyber-attack that everyone should learn about in order to protect themselves. Phishing attacks are where attackers send fraudulent communications that appear to come from a reputable source. It is typically done via email although other forms of messaging and social media are used, and can …

Read More

Protect Yourself from Cryptojacking

Protect Yourself from Cryptojacking

What is Cryptojacking? Cryptojacking is a type of cyber-attack where malware is covertly installed onto unsuspecting hosts so it can make use of the host’s processing power to mine cryptocurrency for the attacker. Cryptojacking isn’t attempting to cause damage to host systems or steal their data, but it is far from benign. It is a …

Read More

Is JavaScript Secure?

Is JavaScript Secure

As with any programming language, JavaScript has fair its share of potential security exposures. Exploiting a JavaScript vulnerability can allow you to manipulate and steal data, redirect sessions and lots more. Whilst JavaScript is normally thought of as a client-side application, JavaScript security issues can also create problems on the server-side. Vulnerabilities in JavaScript Source …

Read More

Are CDNs Secure?

Are CDNs Secure

A CDN is a type of overlay network that moves a website’s content closer to the end user in order to improve performance. Typical services offered by Internet overlay networks include edge caching, SSL offloading and edge routing. Internet overlay networks allow websites to benefit from third party infrastructure to improve performance and security. Instead …

Read More