Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Baseline submissions for those who were obligated to complete them were due in February (Trusts, Integrated Care Boards, Arm’s Length Bodies and Commissioning Support Units). The full submission deadline is 30th June 2025.

Annual penetration testing serves as the baseline for cybersecurity best practice and can help businesses identify and address vulnerabilities before they turn into exploitable threats. While some businesses assume that once a year pen testing is sufficient, it’s worth understanding that it is a minimum requirement rather than a comprehensive security strategy.

The data protection law does not define PETs; however, The European Union Agency for Cybersecurity (ENISA) refers to PETs as: ‘software and hardware solutions, i.e. systems encompassing technical processes, methods or knowledge to achieve specific privacy or data protection functionality or to protect against risks of privacy of an individual or a group of natural persons.’1 In simple terms, they are strategies and tools designed at safeguarding privacy and empowering individuals.

Manual penetration testing is a meticulous process performed by skilled cybersecurity professionals who simulate real-world attack scenarios to identify weaknesses in systems, applications, and networks. In contrast to the automated approach, manual testing leverages human expertise, creativity, and critical thinking to detect vulnerabilities in the unique context of your organisation’s infrastructure.

At present, after a basic Cyber Essentials assessment is passed and the applicant moves on to CE+, there are no additional steps to clarify the devices in scope beyond getting a fresh list of devices from the applicant and ensuring no major difference between the provided list and the original list of devices declared in the Basic assessment.

A Data Protection Officer’s (DPO) role is varied, encompassing many day-to-day tasks that ensure robust data protection strategies are in place and aligned with relevant regulations.

Imagine you’re in a busy market. Every stall owner is shouting, “I’ve got the best apples!” How do you know who to trust? The answer is you look for the one with the 5* sourcing certification, issued by trusted food inspectors that have been certified by the authority on apples! UKAS (United Kingdom Accreditation Service) are like the authority on apples in this scenario.

The ‘consent or pay’ model, essentially offers a choice between pay with your data, or pay with your money. Meta became the most notable company to use this tactic and were immediately met with questions as to how they could justify such an arrangement, and more importantly, how they could do so lawfully.

Now, you’re probably thinking, "Does this even apply to my business?" Great question. DORA covers a wide range of entities in the financial ecosystem, including but not limited to: If you’re in or serve the financial sector, chances are DORA has its eye on you. But don’t panic yet; we’ll talk about how to figure out if it’s actually relevant to your operations.

The best way to solve this issue is to provide training that is interesting, interactive, and engaging. A great example would be the Defense.com videos offered. They provide a fun, informative and. with the inclusion of exams, interactive way to train staff on cyber security. Even just informal quiz sheets could help staff retain the information and put it into practice when the situation arises.