The importance of Security Awareness Training

In today’s digitally interconnected world, organizations face an ever-growing array of cyber threats that can compromise sensitive information, disrupt operations, and damage reputation. To combat these threats effectively, organizations must recognize that their employees are both the greatest asset and potential vulnerability. This is where security awareness training plays a pivotal role. In this article,…

Read more

ISO 27001 – What’s new in the latest (2022) version?

The ISO 27001 standard sets the foundation for information security management systems (ISMS) and provides guidelines for organizations to implement effective controls and protect their valuable information assets. In 2018, ISO 27001 underwent significant updates, and now, in 2022, the standard has been further revised to address the evolving cybersecurity landscape. This article aims to…

Read more

Thing you’re not a target? Think again

Many organisations that we speak to feel that their company is not at risk from cyber attacks, often because they think they are either too small or their data or business wouldn’t be of interest to attackers. Unfortunately, while it would be wonderful if companies could rule themselves out from the risk of attack, criminals…

Read more

MFA Fatigue and the resilience of phishing

As we discussed last month, while MFA is a great layer of protection it is not full-proof, something which UBER discovered recently much to it’s dismay. As ever in fraud and ‘cons’, sometimes the simplest methods are the most effective.  While there has been a rise in advanced Phishing as a Service (PhaaS) offerings that aim…

Read more

Chinese cyber criminals are targetting Intellectual Property (IP)

While many cyber security attacks are driven by criminal organisations looking to make a pay day, the APT41 hacking groups – who allegedly have close ties to the People’s Republic of China (PRC) government – have been running a sophisticated campaign targeting manufacturing, research and development firms.  Their aim?  To make off with intellectual property…

Read more

Whaling & CEO Impersonation: A simple (free) way to avoid it

While there is always a lot of focus on phishing emails directing users to malicious pages or capturing credentials using cloned websites, a still-very-common scam catches organisations out every day: the ceo impersonation scam. The aim of these scams is to have an employee – often a new one in the organisation – sent an…

Read more

An interview with a cyber criminal

Last week, journalist Dmitry Smilyanets published an article on The Record detailing his interview with cyber criminal Mikhail Matveev, who has gone by various monikers (Babuk, BorisElcin, Wazawaka, unc1756 and Orange). Mikhail is provides some very open and interesting insights in to the cyber criminal world, dispelling some myths and discussing the ways he and…

Read more

There are no silver bullets

An article today by TechRadar about a new Phishng-as-a-Service with MFA bypass as a key selling point reminded me of something from a few years back, I was at a security event and attending a presentation by a reputable cyber security form on social engineering. Towards the end of the presentation they began summarising some…

Read more