What is ethical hacking and how can it protect you against threats?

Ethical hacking has become big business in the cyber security industry, with organisations embracing a seemingly radical approach to data protection. What is ethical hacking? As the name suggests, ethical hacking is an approach to cyber security in which people exploit an organisation’s networks and applications not for malicious purposes but to highlight weaknesses that must be addressed. The … [Read more...]

The GDPR: How to perform due diligence of Cloud service providers

One overlooked aspect of the GDPR (General Data Protection Regulation) is that it’s now much harder for organisations to pass the blame when a third party suffers a data breach. Data controllers – the organisations that dictate what information is processed – must give instructions for how data processors – the service providers – handle personal information. Unless the third party has explicitly … [Read more...]

How to defend against man-in-the-middle attacks

Amid the growing dominance of automated cyber crime tools like ransomware, it’s important to remember the dangers of traditional hacking methods such as MITM (man-in-the-middle) attacks. Let’s take a look at how MITM attacks work and how you can guard against them. What is a man-in-the-middle attack? Picture someone on their computer. When they visit a website, their device sends the instruction … [Read more...]

How to protect backups from ransomware: 4 top tips

When the aluminium giant Norsk Hydro was hit with ransomware in March 2019, it signalled a landmark event in the way organisations responded to cyber attacks. All the pieces were in place for Norsk Hydro to simply admit defeat and pay the ransom. It was a huge organisation that could ill-afford any delays, it had the money to make the payment and – to top it off – the president and CEO confirmed … [Read more...]

2019 cyber security news in review

At this time of year, news feeds are chock full of Predictions For The Next Year – and for good reason. Everybody wants to be prepared for what lies ahead.  But if you’re looking for guidance on what 2020 has in store, we suggest you follow the maxim that the best predictor of future behaviour is past behaviour.  So, as we enter a new year – and indeed a new decade – let’s take a look back at … [Read more...]

Why your organisation should conduct regular penetration tests

It might sound crazy to the uninitiated, but organisations across the globe pay people to break into their systems and find sensitive information.  The reason they do this is simple: to catch a thief, you must think like one. Organisations hire ethical hackers, otherwise known as penetration testers, to make sure they have someone who’s one step ahead of the tactics that crooks use.    What … [Read more...]

How does ransomware infect organisations?

Ransomware has become one of the most infamous types of cyber crime in recent years, with security professionals and the public alike fearing the prospect of attack.  But although many of us broadly understand how ransomware works – computers are infected with malware, locking users out of their files until they make a payment – there is little in-depth knowledge about why the attacks are so … [Read more...]

How can cyber security protect your organisation?

‘Cyber’ is a word we use all the time. But what does it mean? What are the implications for us as directors and general managers? Or as IT security managers and auditors?  ‘Cyber’ is thought to derive from the older term ‘cybernetics’ – based on electronic/mechanical control systems and the degree to which man-made and human worlds interact. Cybernetics is derived from the Greek word ‘kubernan’ – … [Read more...]

Worried about data breaches? Check out our 8-step incident response guide

The key to a successful cyber security strategy is preparation. If you have a plan for how to manage data breaches and other disruptions, you can get to work on remediation immediately.  And what’s more, everyone in your organisation knows their roles. There’ll be no one wandering around unsure what to do as a crisis unfolds.  Instead, people will turn to management, who can relay instructions and … [Read more...]

Microsoft is the most frequently impersonated brand in phishing scams

With hundreds of millions of phishing emails sent each day, we are all familiar with dodgy messages supposedly from a service we use telling us that we need to urgently address some “suspicious activity”.  In fact, we probably receive more phony security alerts than real ones. It’s getting to the point where many of us see an email from our most trusted brands and assume that it’s a scam.  This is … [Read more...]