Trust our Experience-Get the Best Services
5 Cyber Security and ISO 27001 Myths
Expert insight

5 Cyber Security and ISO 27001 Myths

Common misconceptions and what you can do about them Contrary to common belief, the external threat – a threat actor hacking their way into your systems through technical skill alone – isn’t your biggest problem. In our previous interview with Damian Garcia, our head of GRC (governance, risk and compliance) consultancy, we learned about the internal, or insider, threat and its significance. If you don’t invest in cyber security or staff training, accidental breaches pose a far bigger threat than technically skilled hackers. Think about it from the attacker’s point of view: why bother taking the time and effort to
The post 5 Cyber Security and ISO 27001 Myths appeared first on IT Governance UK Blog.

Read More
CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity
Expert insight

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

Mitigating supply chain risk After widespread coverage, the CrowdStrike outage from 19 July 2024 hardly needs an introduction. But as a reminder, here are some key facts about the CrowdStrike incident: Without question, this is one of the most expensive IT outages to date, with significant global impact. To find out more about what we can learn from the event, and protect ourselves from ‘Strike 2’, we talked to our information security manager, Adam Seamons. In this interview A low-tech but laborious fix The full financial impact of the CrowdStrike incident is becoming clearer, and the figures are staggering. The
The post CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity appeared first on IT Governance UK Blog.

Read More
Your Biggest Security Risk: The Insider Threat
phishing

Your Biggest Security Risk: The Insider Threat

Expert insight from our head of GRC consultancy Our analysis of the ICO’s (Information Commissioner’s Office) public data set found that 29–35% of reported personal data breaches between 2019 and 2023 in the UK had been caused accidentally. That is, the incident type was one of: Sector patterns However, when we investigated the sectors suffering the most accidental breaches, we found that the entire top 3 comprised the public sector, with numbers as bad as 36.4%, 40.4% and 57.1% of all data breaches caused through human error. When we asked Damian Garcia, our head of GRC (governance, risk and compliance)
The post Your Biggest Security Risk: The Insider Threat appeared first on IT Governance UK Blog.

Read More
GDPR Article 28 Contracts: What You Need to Know
supply chain security

GDPR Article 28 Contracts: What You Need to Know

An overlooked GDPR requirement AND a business enabler Andy Snow has trained thousands of people on the GDPR (General Data Protection Regulation). So, he’s a good person to ask about what areas people find challenging. His response? “The data-sharing aspects of contracts.” As a trainer, Andy regularly receives praise for his engaging delivery style, bringing the subject matter to life with real-world examples. In this conversation, he did the same. Andy’s explanations show the importance of this overlooked area of GDPR compliance. Contracts aren’t just a GDPR requirement. Doing your due diligence can save your organisation a lot of money,
The post GDPR Article 28 Contracts: What You Need to Know appeared first on IT Governance UK Blog.

Read More
Security Trends for 2024 and Beyond
Expert insight

Security Trends for 2024 and Beyond

Expert insight from our head of security testing As we get deeper into 2024, we felt it was time to sit down with our head of security testing, James Pickard, to talk about what trends in cyber security he’s seeing. He pointed to the rise of AI, and how this is changing cyber security, particularly in terms of social engineering attacks. We also covered other areas, including ransomware trends and how organisations can protect themselves. About James Pickard James is an expert penetration tester – and our head of security testing – with more than a decade in the field.
The post Security Trends for 2024 and Beyond appeared first on IT Governance UK Blog.

Read More
Worrying Ransomware Trends, and What to Do About Them
ransomware

Worrying Ransomware Trends, and What to Do About Them

Expert insight from our cyber incident responder When talking to clients or taking questions at the end of webinars, many ask us about ransomware. In fact, ransomware is often the first thing people ask about! Organisations seem really worried about it – and understandably so. Ransomware features a lot in the news. A particularly noteworthy attack was MOVEit, which was also a zero-day exploit, but we see plenty of ‘run-of-the-mill’ attacks too. There are even daily ransomware victim feeds! Admittedly, threat actors can and do claim attacks that didn’t happen or are exaggerated. Nonetheless, the risk of a cyber incident
The post Worrying Ransomware Trends, and What to Do About Them appeared first on IT Governance UK Blog.

Read More
A Practical Guide to Cyber Incident Response
Cyber incident response

A Practical Guide to Cyber Incident Response

Expert insight from our cyber incident responder Cyber attacks and data breaches are a matter of when, not if. No single measure is 100% foolproof. A determined attacker will always be able to find their way around your defences, given enough time and resources. Furthermore, as Vanessa Horton, our cyber incident responder, pointed out in an interview about anti-forensics: The cyber world is changing all the time, which means we’re playing a bit of a cat-and-mouse game. Basically, as one side improves, so does the other. In this interview, I pick her brain on cyber incident response more generally, gaining
The post A Practical Guide to Cyber Incident Response appeared first on IT Governance UK Blog.

Read More
Maintaining GDPR and Data Privacy Compliance in 2024
Expert insight

Maintaining GDPR and Data Privacy Compliance in 2024

Expert tips from Alan Calder Alan is the Group CEO of GRC International Group PLC, the parent company of IT Governance, and is an acknowledged international security guru. He’s also an award-winning author, and has been involved in developing a wide range of information security and data privacy training courses, has consulted for clients across the globe, and is a regular media commentator and speaker. We sat down to chat to him about industry challenges in 2024. There are still more than ten months to go in 2024. What challenges do you think we’ll see before the year ends? For
The post Maintaining GDPR and Data Privacy Compliance in 2024 appeared first on IT Governance UK Blog.

Read More
Your CVSS Questions Answered
v4.0

Your CVSS Questions Answered

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties. Previously, we’ve interviewed Leon about secure remote working and what the best VPN (virtual private network) solutions are. More recently, we got his insights into the ‘mother of all breaches’, which saw more than 26 billion records leaked.
The post Your CVSS Questions Answered appeared first on IT Governance UK Blog.

Read More
Expert Insight: Adam Seamons on Zero-Trust Architecture
risk management

Expert Insight: Adam Seamons on Zero-Trust Architecture

How networks have evolved and how to secure them Adam Seamons is the information security manager of GRC International Group PLC, after more than 15 years’ experience working as a systems engineer and in technical support. Adam also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications. We sat down to chat to him. What trends in network security have you noticed recently? One of the big impacts to networks has come from the changes in technology, particularly in terms of the Cloud. Networks have moved from self-contained, on-site setups to multiple Cloud services that
The post Expert Insight: Adam Seamons on Zero-Trust Architecture appeared first on IT Governance UK Blog.

Read More
X