Cyber Security

As organisations start to consider life after COVID-19, they’ll realise that it’s not as simple as putting everything back the way it was in the Before Times. That ship has sailed. There have simply been too many benefits to remote working for organisations to demand a return to office life on a full-time basis. Indeed, a Gartner survey found that 47% of organisations will give employees the choice of working remotely full-time once the pandemic is over, and 82% said employees can work from home at least one day a week. But can organisations afford to continue as they are

The post How COVID-19 has made us rethink our IT teams appeared first on IT Governance UK Blog.

Read More How COVID-19 has made us rethink our IT teams

Hackers and their tactics are always developing. With the evolving cybersecurity environment, hackers have been pushed to devise different cyber strike techniques. As a result, cybersecurity issues are now more common and sophisticated than they were years ago.  Security On The Digital Battlefield  When hackers utilize advanced tools to cause chaos on your app, you […]

The post Penetration Testing 101: How To Make Sure Your App Is Secure appeared first on CyberDB.

Read More Penetration Testing 101: How To Make Sure Your App Is Secure

 Folks,I hope this finds you all doing well. As some of you may now, over the years, I have shared numerous perspectives on foundational cyber security and on Active Directory security, both here (i.e. on this blog) and at my second blog.Unfortuna…

Read More New Coordinates

Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the UK government’s Cyber Security Breaches Survey 2021. Among those, 35% reported negative effects including the loss of money, data or other assets. These are alarming figures, but how exactly are organisations being affected? After all, there are many ways that cyber criminals can target your organisation – from scamming employees with bogus emails to exploiting vulnerabilities to hack into databases. Each of those attacks will result in different problems. In this blog, we look at five of the most common causes

The post How do cyber attacks affect your organisation? appeared first on IT Governance UK Blog.

Read More How do cyber attacks affect your organisation?

I don’t think any of us would have thought in March 2020 that remote working would be as popular as it has become. The scepticism perhaps came from the hurriedness with which the measures were implemented, as many people worked from kitchen tables and between childcare responsibilities. Or maybe it stemmed from organisations’ historic reluctance to adopt remote working. Their reason for that is understandable: remote working makes it almost impossible to keep an eye on employees and make sure they’re acting responsibly. For many, the concept of employee monitoring conjures the idea of a workplace-turned-panopticon, with bosses logging each

The post Organisations are struggling to monitor remote employees appeared first on IT Governance UK Blog.

Read More Organisations are struggling to monitor remote employees

Cyber security affects companies of all sizes in all sectors. Moreover, threats are constantly evolving and your legal and regulatory requirements have become major issues – particularly with the introduction of the the GDPR (General Data Protection Regulation) and NIS Directive. All of this means that regular communication between management and the board regarding cyber security is more important than ever. It’s only by discussing these issues regularly and in a formal environment that you can protect your sensitive data and company interests. As you have probably seen, failure to do that could result in staggering financial penalties. So how should

The post 12 cyber security questions to ask your CISO appeared first on IT Governance UK Blog.

Read More 12 cyber security questions to ask your CISO

As organisations prepare for what life looks like in a post-pandemic world, one of the many issues they’ll have to address is IT security for home workers. A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – to complete tasks. And you better hope they have technical skills, because should they experience any technical issues, there’s only so much your IT team can do to help. According to the Velocity Smart Technology Market Research Report 2021, 70% of remote workers said they had experienced IT problems during the pandemic,

The post The cyber security risks of working from home appeared first on IT Governance UK Blog.

Read More The cyber security risks of working from home

Welcome to our first quarterly review of cyber attacks and data breaches. For several years, we’ve produced a monthly list of security incidents, comprised of publicly disclosed breaches from mainstream publications. At the start of 2021, we decided to expand our research to learn more about the organisations that are being breached and how they were falling victim. We’ll present our findings at the end of each quarter, providing key statistics and observations. This includes year-on-year comparisons in the number of incidents that were detected, a review of the most frequently breached sectors and a running total of incidents for

The post Data breaches and cyber attacks quarterly review: Q1 2021 appeared first on IT Governance UK Blog.

Read More Data breaches and cyber attacks quarterly review: Q1 2021

Too often, organisations fall into the trap of thinking that cyber security is only about preventing data breaches. Their budget is dedicated to anti-malware software, firewalls, staff awareness training and a host of other tools designed to prevent sensitive information falling into the wrong people’s hands. But what happens when those defences fail? It’s a question all organisations must ask themselves, because even the most resilient systems can be compromised. You can’t assume that an employee who has taken a training course will never make a mistake, or that a trusted third party won’t have a misconfigured database. Data breaches

The post Would you know if your organisation had suffered a data breach? appeared first on IT Governance UK Blog.

Read More Would you know if your organisation had suffered a data breach?

So, your computer screen has been hijacked by ransomware and the criminals behind the attack are demanding money to return your systems. Now what? That’s a question countless organisations are asking themselves nowadays, with attacks increasing and, according to Mimecast’s The State of Email Security Report 2020, organisations suffering three days of downtime on average following a ransomware attack. The problem often stem from a malicious attachment contained within a phishing email. If an employee opens it, the malware will spread rapidly through the organisation’s systems locking you out of your files. When this happens, many victims feel obliged to

The post How to protect your organisation after a ransomware attack appeared first on IT Governance UK Blog.

Read More How to protect your organisation after a ransomware attack

It’s been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices. And, of course, there is the threat of cyber attacks. According to a UK government survey, 39% of UK businesses came under attack in the first quarter of 2021, with many incidents causing significant damage. The specific costs will depend on the sophistication of the attack and how well executed it was. For example, a DDoS (distributed denial-of-service) attack could

The post The cost of a cyber attack in 2021 appeared first on IT Governance UK Blog.

Read More The cost of a cyber attack in 2021

The UK data protection landscape is a lot more complex following Brexit. Many organisations are now subject to both the EU GDPR (General Data Protection Regulation) and the UK GDPR (General Data Protection). The UK version was born out of the EU GDPR, so you might think that there are only cosmetic differences and that minor actions are required to adjust your documentation and compliance practices. Unfortunately, it’s not that straightforward. If you haven’t done so already, you must ensure that your data protection policies and procedures account for both sets of requirements. In this blog, we look at some

The post Updating your data protection documentation following Brexit appeared first on IT Governance UK Blog.

Read More Updating your data protection documentation following Brexit

Cyber criminals have many tricks up their sleeves when it comes to compromising sensitive data. They don’t always rely on system vulnerabilities and sophisticated hacks; they’re just as likely to target an organisation’s employees. The attack methods they use to do this are known as social engineering. In this blog, we explain how social engineering works, look at common techniques and show you how to avoid social engineering scams. Contents What is social engineering? Why social engineering works Common social engineering techniques How to protect yourself from social engineering What is social engineering? Social engineering is a collective term for

The post How to avoid social engineering scams appeared first on IT Governance UK Blog.

Read More How to avoid social engineering scams

If you’re a small business owner, cyber security might seem impossibly complicated and filled with endless pitfalls. There’s indeed a lot at stake – with ineffective security measures potentially threatening your productivity, your bank accounts, and your employees’ and third parties’ personal data. But fortunately, the path to effective security needn’t be difficult. In this blog, we explain you need to know about cyber security for small businesses. Why cyber security presents unique risks for SMEs The difficulties that small businesses face when addressing cyber risks can be separated into financial costs of the incident itself and the costs involved

The post Small business cyber security: the ultimate guide appeared first on IT Governance UK Blog.

Read More Small business cyber security: the ultimate guide

Documentation is a crucial part of any ISO 27001 implementation project, and one of the most important documents you need to complete is the SoA (Statement of Applicability). In this blog, we explain what an SoA is, why it’s important and how to produce one. What is a Statement of Applicability? An SoA summarises your organisation’s position on each of the 114 information security controls outlined in Annex A of ISO 27001. Clause 6.1.3 of the Standard states an SoA must: Identify which controls an organisation has selected to tackle identified risks; Explain why these have been selected; State whether

The post The importance of the Statement of Applicability in ISO 27001 – with template appeared first on IT Governance UK Blog.

Read More The importance of the Statement of Applicability in ISO 27001 – with template

Protecting your organisation against cyber attacks can sometimes feel like a never-ending game of security whack-a-mole. As soon as you’ve secured one weakness, another one appears. This can demoralise any organisation and make them believe that good information security practices are impossible. However, there is a solution – but it requires a different way of thinking. Organisations must stop looking at each individual threat as it arises and instead build defences that are equipped to handle whatever cyber criminals throw at you. Doing that is simpler than it sounds. That’s because, as much as cyber criminals’ tactics evolve, they tend

The post 5 ways to improve your information security in 2021 appeared first on IT Governance UK Blog.

Read More 5 ways to improve your information security in 2021

If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. Consider how much personal data you collect; if that information is lost or stolen, it will severely damage your customer relationships. In fact, a Ping Identity survey found that 78% of people would stop using an organisation’s online services if it had experienced a breach. So, what should marketing agencies do to reduce the risk of cyber attacks and protect their reputation? Here are our

The post A guide to cyber security for marketing agencies appeared first on IT Governance UK Blog.

Read More A guide to cyber security for marketing agencies

In 2020, we recorded 1,120 breaches and cyber attacks that were reported on in mainstream media, which accounted for 20,120,074,547 leaked records. Compiling this information enables us to see how security incidents occur and the trends to look out for. Did you know, for example, that the number of disclosed incidents shot up in the second half of the year, showing the impact that COVID-19 has had on organisations? Or that there was a 50% increase in breached records compared to 2019? In this blog, we take a closer look at this data. You can also find a summary in

The post 2020 cyber security statistics appeared first on IT Governance UK Blog.

Read More 2020 cyber security statistics

Denial-of-service (DoS) attacks are intended to shut down or severely disrupt an organisation’s systems. Unlike most cyber attacks, the goal isn’t to steal sensitive information but to frustrate the victim by knocking their website offline. The criminal hacker therefore doesn’t profit from the attack, but the loss of service can cost the victim up to £35,000. Why would an attacker be interested in doing this? Typically, it’s because they hold a grudge against the target – many DoS attacks are politically motivated – although some attacks are used to distract the victim as the attacker launches a more sophisticated attack

The post What is a DoS (denial-of-service) attack? appeared first on IT Governance UK Blog.

Read More What is a DoS (denial-of-service) attack?

Your employees encounter potential cyber security threats on a daily basis. Perhaps there’s a new face in the office that they don’t recognise, or a new password they need to remember, or a database of sensitive information that they need to upload onto the Cloud. In The Psychology of Information Security, Leron Zinatullin explains how employees respond to those challenges and explains why they make the decisions they do. For example, he found that employees usually don’t have a solid understanding of information security or their obligations to protect information. In the rare cases where employees are aware of and follow

The post How your staff make security decisions: The psychology of information security appeared first on IT Governance UK Blog.

Read More How your staff make security decisions: The psychology of information security

If there’s one certainty about cyber crime, it’s that criminals are always looking to acquire sensitive data. Whether you’re a small e-tailer with a handful of employees or a multinational, you must take steps to protect the valuable information you collect. In that regard, e-commerce is no different to a physical store that has CCTV cameras to monitor theft and security guards to catch shoplifters. But what is the cyber security equivalent, and what are the threats you need to look out for? We explain everything you need to know in this blog. What are the threats to e-commerce businesses?

The post A guide to cyber security for e-commerce businesses appeared first on IT Governance UK Blog.

Read More A guide to cyber security for e-commerce businesses

No matter what size your organisation is, it will suffer a cyber attack sooner or later. There are simply too many malicious actors and too many vulnerabilities for you to identify. Unfortunately, SMEs often fall into the trap of believing that they are too small to be on cyber criminals’ radars. Why would they even think to target you? But criminal hackers target vulnerabilities rather than specific organisations. They look for weaknesses – whether it’s a flaw in a piece of software or an unprotected database containing sensitive information – and leverage it in whatever way they can. That’s why

The post Cyber security statistics for small organisations appeared first on IT Governance UK Blog.

Read More Cyber security statistics for small organisations

Folks,Given what it is I do, I don’t squander a minute of precious time, unless something is very important, and this is very important.Let me explain why this is so alarming, concerning and so important to cyber security, and why at many organizations…

Read More Alarming! : Windows Update Automatically Downloaded and Installed an Untrusted Self-Signed Kernel-mode Lenovo Driver on New Surface Device

Folks,I trust you’re well. Today, I just wanted to take a few minutes to answer a few questions that I’ve been asked so many times.Here are the answers to the Top-5 questions I am frequently asked -You’re the CEO of a company (Paramount Defenses), so w…

Read More Why I Do, What I Do