The Blog

Cyber security is rife with acronyms and confusing overlapping terminology. It makes it difficult to pinpoint exactly what you need to keep your user ‘endpoints’ safe. AV, NGAV, EPP, EDR – what does it all mean? What does it all do? Here, we’re going to break it down and explain some of the fundamental differences … Continued

We all know cyber-crime is a serious and growing threat. According to Cisco, 31% of organisations have experienced cyber attacks. Accenture reports that the average global cost of cyber-crime increased by over 27% in 2017. Cyber-crime isn’t going away without a fight. Cyber security poses the challenge of our times. And as the frequency of … Continued

Traditional antivirus solutions are a complete waste of time! They search through files, looking for recognisable signatures that indicate the presence of a threat. Since the advent of cyber security, these kinds of software have been both the shield and the sword, protecting your system from attack. But the rules of engagement have changed and … Continued

Cyber security is a constantly evolving field with no easy quick fix.  News headlines attest to the fact that big businesses are far from infallible, however as multinationals put more resources into security and breach prevention, cyber criminals are increasingly diverting their activity towards the mid-sized enterprise as a softer target. So, as a business … Continued

Today, most individuals and organisations are familiar with what phishing attacks are and the impact they can have, financially and on business operations. If phishing wasn’t enough of a worry, you are now expected to have further protection against spear phishing attacks. These refer to more malicious emails which are highly targeted to the victim, … Continued

An essential stage of improving your overall cyber security strategy is assessing and identifying the potential risks your organisation face and determining how vulnerable you are. Recent news headings are giving us every reason to reconsider current cyber security practice to fall out of the false sense of security. In fact, cyber-attacks have been ranked … Continued

Cloud computing is quickly changing enterprise IT with applications like Salesforce and Office 365, which are improving productivity, reducing costs, and making management more… manageable. Now, organisations are discovering that those same advantages can be achieved by migrating security to the cloud. Organisations understand that protecting users with a consistent and enforceable policy requires much … Continued

October 2019 Threat Intelligence (CRITICAL ALERT)

#2 “The Inside Job” Financial services company face an internal data theft. Protecting yourself from inside threats is difficult to predict and hard to identify.  Insider data theft may be due to a malicious employee taking or selling your corporate data or simply making an unintentional mistake.  These breaches are significant enough to make front page … Continued

#1 “The Ransomware Heist” UK mid-sized law firm hit by ransomware attack, £2 million ransom paid. Previously thought of as a mass market attack, there’s been a significant shift towards more targeted ransomware attacks where cyber criminals invest time to stake out victims and identify business-critical files making the legal sector a highly attractive target due … Continued

Do you dare to deliberately have your security defences attacked? Red Teaming is a concept that tests your cyber security defences. It emulates a real-world cyber attack and if conducted correctly; like a real-world attack, will seemingly ‘come out of nowhere’. No matter the size of your organisation, Red Teaming will put your defences to … Continued

Passwords are supposed to keep us safe. In fact, they’re a high-security risk. You’d be forgiven for assuming that your junior staff would be the users with the least security awareness. But it’s simply not true. Stats show people who work at high levels use passwords that are simply too weak or follow poor guidelines. … Continued

Passwords are supposed to keep us safe. In fact, they’re a high-security risk. You’d be forgiven for assuming that your junior staff would be the users with the least security awareness. But it’s simply not true. Stats show people who work at high levels use passwords that are simply too weak, or follow poor guidelines. … Continued

Cyber security and associated vulnerabilities never seem to be out of the news. New scams, new methods of attack and new hacking techniques seem to catch even the best known and well-resourced organisations out all the time. Your first step in the plan of action is to ensure your employees are aware of the threats … Continued

We’ve written before about the CIA triad – not a secret service vocal harmony group, but in fact a framework for applying three core principles of cyber security to your organisation. Confidentiality – Ensuring that access to sensitive data is restricted through policy and security measures. Integrity – Preventing the modification of data by unauthorised … Continued

Social engineering is sometimes described as hacking the human mind. It doesn’t require a lot of innovative code – just enough to mimic a trusted individual or organisation with the aim of convincing the victim to act in a way that benefits the attacker. Phishing attacks, baiting, spoofing and tailgating are all means of persuading … Continued

Many organisations saw a shocking increase in social engineering throughout 2018, phishing attacks in particular. Come 2019, cyber criminals have upped their game and according to new research, cyber criminals will continue to target end users. They are increasingly turning to social engineering attacks that exploit the human attack surface to destroy safeguards and gain … Continued

It turns out you don’t always have to be good at manipulating code to hack into secure systems. Being good at manipulating people can deliver the same results. This is known as social engineering – the process of influencing people or tricking them into divulging confidential information. Social engineering is certainly the most successful tactic … Continued

In a recent advisory, the National Cyber Security Centre (NCSC) highlighted a significant trend towards more targeted ransomware attacks, where attackers invest time to stake out victims, identify business-critical files and systems and even wipe out back-ups so the high-stakes ransom demand must be paid. The NCSC noted, attackers have previously concentrated on bulk attacks, … Continued

Hacking is widespread with cyber criminals deploying any viable method to breach your security. Their motives vary, but all represent a threat to your organisation. Even if you already have sophisticated cyber security controls in place, you may feel you have done enough to protect your business. Sadly, there is one vulnerability that remains: Your … Continued

In order to adopt good practices in information security, the UK government Department for Business, Innovation and Skills released a government-endorsed scheme called Cyber Essentials in 2014. Cyber Essentials was developed in collaboration with industry partners such as the Information Security Forum, the Information Assurance for Small and Medium Enterprises Consortium, and the British Standards … Continued

May 2019 Threat Intelligence (CRITICAL ALERT) Microsoft’s May 2019 Patch Tuesday includes updates to fix a massive 79 vulnerabilities, 22 of which are rated “critical”, in addition to 55 “important” updates. Of particular note, Microsoft has taken the extraordinary step of releasing a security patch (CVE-2019-0708) which includes versions for Windows XP, to avoid another … Continued