Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Throughout the year, we have conducted hundreds of penetration tests. 20% of all tests contained a critical to high flaw. We define a critical issue as a flaw which poses an immediate and direct risk to a business. Having a critical flaw in an app or network will leave you vulnerable to a costly, reputation damaging data breach. Among these, default or poor passwords, as well as access control issues make up a large portion with outdated software being the worst offender.

The nights are drawing in and the world outside has been painted with autumnal colours once again. The year is ending and, as such, it is a time for reflection before the inevitable glance towards the white light of the future breaking upon the horizon. Flowery prose aside, we've just had our latest Quarterly Business Update (QBU). We’ve had a pretty good year. We’ve grown, innovated, added to our services and taken on more clients than ever.

Cyber Essentials and Cyber Essentials Plus are Government-backed schemes which highlight key technical controls that need to be in place in order to defend against the most common cyber threats. By becoming Cyber Essentials certified your organisation can display the logo on your website and marketing materials, improving trust with your customers. Many Government contracts will only consider applications from Cyber Essentials certified companies.

The digital world has become a dangerous place. It’s like the Wild West (the movie kind, not the real kind, which was decidedly less wild than it’s portrayed), with outlaws out to do you harm and make off with your precious data. Fortunately, like any good western, there are also honour-bound gun slingers seeking to bring law, order and – most importantly – security to the digital landscape.

If you’re in your mid-twenties or beyond, you will be familiar with people at family gatherings saying ‘remember when we didn’t have all these gadgets, and we used to actually talk to each other?’ The answer to this is ‘no’ – the level of conversation has remained largely unchanged, it’s just now we have gadgets and gizmos to occupy our attention during these moments of strained silence. I put it down to the Mandela effect.

The cyber kill chain illustrates the structure of a successful cyber attack. It is effectively the hacker’s process from beginning to end, from scoping a target (reconnaissance) all the way to achieving their objective, whether that’s data theft or dropping and executing malware. When approaching your cyber security strategy, you should align your defences to the cyber kill chain. Like Batman becoming fear, to defeat the hacker, you must become a hacker.

Cyber security may be about to become more than AOB for organisational boards across the country. British Airways has been struck with a record-breaking £183-million fine as a result of its data breach last year in which around 500,000 customers had their data stolen, including credit card and CVV numbers.

According to Google, Ryuk is ‘a fictional character in the manga series Death Note’. I have no idea what this is, but I imagine it’s significantly less interesting than the Ryuk ransomware campaign that’s currently hitting businesses right across the world. The UK’s NSCS is investigating such campaigns and has recently published an advisory on it, and we’re no strangers to Ryuk at Bulletproof either.

Working from home used to mean an unofficial day off, but it’s becoming an increasingly common way for people to – well, actually work. For these people, pitching up at a coffee shop is not unusual. Lots of people do it. They're no longer the reserve for would-be screenwriters. There are numerous benefits, such as easy access to overpriced coffees and the option to be sociable but with no obligation to actually be so.

Magic seems to be very popular at the moment. Just look at last week’s Britain’s Got Talent, which featured an improbable number of magicians in its line-up. These included ‘X’, the masked magician who was wearing something that looked suspiciously like an anonymous mask and managed to supposedly hack Instagram. A lot of cyber security technology seems to work like magic, so is this a coincidence? Is ‘X’ a reformed hacker turned stage magician? Spoiler alert: no.