Social Engineering can be summed up as ‘hacking the human’. Traditional malicious hacking attacks a digital instance of an organisation (i.e. website, network or system) and attempts to gain unauthorised access or cause harm by exploiting a vulnerability. Social engineering instead focuses on a person and attempts to exploit human frailties by coercing or tricking […]
21
Nov
Nov
Employee error still reigns as the number one threat for data breaches even with modern day security solutions. The numbers don’t lie, with anywhere from 70 – 80% of all breaches being attributed to staff. Yet many organisations do not have a mature information & cyber security awareness programme in place. As we mentioned in […]
11
Nov
Nov
SPEAR PHISHING, WHALING, BUSINESS EMAIL COMPROMISE AND CEO FRAUD IS ON THE RISE AND COSTING COMPANIES BILLIONS Have you heard of the acronym: FUD? It stands for ‘Fear, Uncertainty & Doubt.’ Unfortunately, the Information Security industry has a bit of a bad rep for selling their services off the back of FUD: “Don’t want the […]
30
Oct
Oct
I noticed on the news the other day that there is (yet another) Terminator film out: Dark Fate, where Sarah Connor is back, now looking like a cross-between The Golden Girls meets Super Gran. …And of course, good old Arnie has come good with his famous promise: “I’ll be back” although perhaps it would be […]
24
Oct
Oct
Being a CISO in today’s rapidly changing and evolving technological landscape is no easy task. Add to that the constant and increasing threat of attack by rapidly more sophisticated and devious malicious actors and you begin to understand the talk of sleepless nights, high attrition and incredibly high-stress rates attributed to the profession. Like fighting […]
07
Oct
Oct
If you’re about to embark on the journey to ISO 27001, or if you’ve achieved the certification and are now in the process of maintaining it, then the new privacy information management extension to ISO 27001 could be something you may want to consider. It was purposefully developed to address and assist organisations in meeting […]
04
Oct
Oct
How do you communicate ROI on Penetration Testing to gain buy-in? Did you get your car insurance renewal quote in recently? Chances are it’s gone up and chances are you are wondering whether it’s worth it. For non-tech savvy finance folk and to be fair, some tech-savvy non-finance folk, you can understand why they might […]
25
Sep
Sep
‘Massive’ YouTube content creator hack confirmed – 23 million influencers and creators could be affected. If you, like me have memories of just three TV channels, recording the Top 40 on your cassette player and of course the board game Battleship then the phrase social media influencer may have you scratching your head, set your teeth on edge or something in-between. It turns out […]
24
Jul
Jul
The Amazon Ring Tale “Update: 29/01/2020: so far, when yet more tales of woe (usually regarding the Amazon Ring) come in I have just been adding the stories in the comments section below the original article. However, when an actual Amazon engineer, usually known for their fierce loyalty, sticks their head above the parapet and effectively […]
12
Jul
Jul
Sometimes the truth grows wings and takes flight How UK media reported the ICO’s intention to fine BA & Marriott Hotels and a penetration tester’s view on what BA could of and should of done. Oh, and what’s happened so far with the fine that they actually did issue to Facebook On the 8th July, […]