Ransomware is a rapidly increasing risk to businesses and organisations around the world.Although there are arguably now fewer ransomware attacks against consumers, attacks against organisations are clearly increasing. A report by Malwarebytes indicates that there has been a +300% increase in ransomware attacks on businesses in the first half 2019. There has also been a …
If you followed our previous article about whether ISO 27001 will benefit your organisation, you may, by now, have evaluated your strategic security goals and hopefully have a better idea of whether ISO 27001 might help you. For a little extra help with your decision about whether or not to get certified, let’s look at …
The ISO 27001 standard is now becoming the de facto standard for information security management.It offers a well-known framework to implement industry best practices in areas such as physical and technical security as well as security incident management. But is ISO 27001 certification worth the trouble? Will it make a difference for your organisation? ISO …
GDPR (General Data Protection Regulation) officially came into force across the European Union on 25th May2018, with the aim of updating laws and obligations around personal data and ensuring they are fit for the digital age. Organisations had plenty of warning and years to prepare for GDPR. However, many appeared to end up in a …
KRYPSYS has long been a supporter of Mozilla Foundation and the Firefox Browser, so we were pleasedto hear that Mozilla has announced its intention to reduce the ability of websites to track the browsing habits of users of the Firefox browser. Backing up its decision at the back end of 2018, Mozilla is taking initial …
Cyber security is becoming a top priority for UK businesses as the attack landscape continues to grow.Cyber-attacks are constantly improving and diversifying, putting UK businesses at increasing risk. Ransomware and Crypto-Mining During the previous 12 months ransomware attacks such as WannaCry have been a persistent threat to organisations and it’s becoming more common for businesses …
What is Threat Intelligence? As you may imagine, there are a number of popular definitions.According to Gartner – Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace …
The latest changes to General Data Protection Regulation, or GDPR, states that organisations must report any breach withinthree days of its occurrence. In the case of British Airways, it took them just 24 hours to report that they had been victims of a cyber-security breach between the 21st of August and the 5th of September. …
Almost every organisation in the modern day relies on technology, systems and information in some way to support their business. It is vital that a business applies the same level of scrutiny when assessing risks to their systems and information assets as they would when assessing risks with a material impact such as regulatory, financial …
With internet privacy becoming a hot topic in 2018 more people than ever are concerned about protecting themselves online.ere are ten tips to help you keep yourself safe on the internet. 1) Don’t forget to log out Logging out of your accounts such as social media and online banking after using them is a quick …
It’s likely that your company has a web presence which gives your customers the ability to interact with your web sites through web applications that service their requests. Whilst this is great for them, it also gives potential attackers an opportunity to interact with you as well. In 2017 around 40% of all data breaches …
Universal Plug ‘n’ Play, a KRYPSYS favourite hot button, has recently been identified as facilitating larger denial-of-serviceattacks. Industry researchers observed suspect traffic from UPnP implementations, while analysing a Simple Service Discovery Protocol (SSDP) amplification attack during April 2018. They spotted that while some of the attack packets were coming from familiar UDP ports, others were …
Cybercriminals and penetration testing companies have a lot in common. Both search for vulnerabilities in your infrastructure; however, whilst the former may be looking to exploit these vulnerabilities in a way that would be detrimental to your business, the aim of the latter is to support you to better protect your company and its customers. …
The privacy enhancing techniques of ‘anonymisation’ or ‘pseudonymisation’ of data are recognised by the GDPR and candiminish some of the more onerous provisions of the regulations. Preventing or reducing the likelihood that personal data can be tracked back to the original owner can allow companies to use such information freely, or at least under different …
A saying, especially appropriate for GDPR, states that “there is no privacy without security” (not necessarily vice versa). Technical security measures are mentioned several times throughout the GDPR text. The GDPR does not, however, specify any particular security technology as mandatory although a some methods are suggested as optional solutions in some cases. The choice of …