Trust our Experience-Get the Best Services
Lessons Learned from the Legal Aid Agency Data Breach
GDPR

Lessons Learned from the Legal Aid Agency Data Breach

The MoJ (Ministry of Justice) has disclosed that the LAA (Legal Aid Agency) suffered a data breach last month, in which criminals accessed data relating to hundreds of thousands of people, dating back to 2010. Exfiltrated data may have included “contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments”. According to the BBC, more than 2 million pieces of information were taken, including data relating to “domestic abuse victims, those in family cases and others facing criminal prosecution”. It’s not known whether
The post Lessons Learned from the Legal Aid Agency Data Breach appeared first on IT Governance Blog.

Read More
The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware
Cyber Security

The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware

The recent DragonForce cyber attacks on the Co-Op, Marks & Spencer and Harrods show the threat of ransomware is as prevalent as ever – and, despite warnings from the attackers that they’re “putting UK retailers on the Blacklist”, it’s obviously not just the retail sector that needs to be concerned. For all organisations, it can be disastrous when systems are encrypted and data is exfiltrated. According to Sophos’s State of Ransomware report for 2024, 59% of organisations were hit by ransomware attacks last year. So what can you do to counter the risk? Ransomware as a service Ransomware is, of
The post The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware appeared first on IT Governance Blog.

Read More
Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers
Cyber Security

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences before a criminal hacker exploits them. This helps organisations proactively strengthen their security posture and keep up with the cyber landscape. Ethical hackers use the same methods as malicious actors, but with the crucial difference of operating within the law and not misusing any information
The post Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers appeared first on IT Governance UK Blog.

Read More
Boost Your Security Posture With Objective-Based Penetration Testing
Cyber Security

Boost Your Security Posture With Objective-Based Penetration Testing

To maximise value from your security investments, your measures must be effective How can you be confident your measures are fit for purpose – and prove it to stakeholders like customers, partners and regulators? Penetration testing (also known as ‘pen testing’ or ‘ethical hacking’) offers a vital tool for identifying gaps and opportunities to strengthen your security programme. Our head of security testing, James Pickard, explains further. In this interview Is your security programme effective? What are key challenges when implementing a security programme? Resources and costs are often top of the list. Many organisations have a tight budget for
The post Boost Your Security Posture With Objective-Based Penetration Testing appeared first on IT Governance UK Blog.

Read More
The Insider Threat: Strategies to Safeguard Against Malicious Insiders
Security Testing

The Insider Threat: Strategies to Safeguard Against Malicious Insiders

Your biggest security threat may be hiding in plain sight: your employees. No business can operate without trusting its people. Without access to confidential information and essential systems, staff can’t perform their roles. But if an insider turns malicious, regardless of their motivation, they can significantly damage your organisation. After all, their account is supposed to have access to sensitive data! So, how can your organisation protect itself from malicious insiders? Our head of security testing, James Pickard, explains. In this interview Insider threat vs insider risk Do you consider accidental breaches caused by staff, like clicking a phishing link,
The post The Insider Threat: Strategies to Safeguard Against Malicious Insiders appeared first on IT Governance UK Blog.

Read More
How to Address AI Security Risks With ISO 27001
Cyber Security

How to Address AI Security Risks With ISO 27001

AI penetration tests, user education, and more Artificial intelligence is taking the world by storm. But for all its potential, there are legitimate concerns around, among other things, data security. Bridget Kenyon is the CISO (chief information security officer) for SSCL, a member of the UK Advisory Council for (ISC)2, and a Fellow of the Chartered Institute of Information Security. She also served as lead editor for ISO 27001:2022, and is the author of ISO 27001 Controls. Bridget’s interests lie in finding the edges of security that you can peel up, and the human aspects of system vulnerability. Just the
The post How to Address AI Security Risks With ISO 27001 appeared first on IT Governance UK Blog.

Read More
X