TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout.
TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout.
Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be proportionate in your control selections. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains further. In this interview Risk–benefit analysis How do you choose appropriate security controls? You need to be clear on two things: Then hopefully, the benefit outweighs the risk.
The post How to Select Effective Security Controls appeared first on IT Governance UK Blog.
Richard Horne, the head of the U.K.’s National Cyber Security Centre, says that hostile activity has “increased in frequency, sophistication and intensity.”
As the year draws to a close, let’s look at: 3 major data breaches from 2024 COMBs (compilations of many breaches) aside – like the MOAB (mother of all breaches) in January 2024, which leaked more than 26 billion records – let’s look at three major breaches from 2024: 1. National Public data breach In August 2024, NPD (National Public Data) confirmed a breach that compromised sensitive information, including Social Security numbers, affecting nearly all Americans. The breach was linked to unauthorised access attempts in December 2023 and potential data leaks in April and summer 2024. Personal data of up
The post Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches appeared first on IT Governance UK Blog.
The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.
TechRepublic asked cyber experts to predict the top trends that will impact the security field in 2025.
Blue Yonder, a prominent supply chain software provider, has been targeted in a ransomware attack, leading to disruption at major retail outlets.
Australia’s landmark Cyber Security Act has been passed, setting new standards for incident reporting, ransomware payments, and critical infrastructure protection.
The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences before a criminal hacker exploits them. This helps organisations proactively strengthen their security posture and keep up with the cyber landscape. Ethical hackers use the same methods as malicious actors, but with the crucial difference of operating within the law and not misusing any information
The post Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers appeared first on IT Governance UK Blog.
Top tips to achieve Cyber Essentials certification from our cyber security assessor How can you sail through your Cyber Essentials and Cyber Essentials Plus assessments? How can you prepare? What support can you expect from an assessor? What does the ‘technical audit’ for Cyber Essentials Plus involve, exactly? And what are some common pitfalls? We put these questions to cyber security advisor Ash Brett, who has carried out hundreds of Cyber Essentials Plus assessments. In this interview SAQ (self-assessment questionnaire) Previously, you said that Cyber Essentials involves completing an independently verified SAQ. Could you tell us a bit more
The post How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work? appeared first on IT Governance UK Blog.