Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So, what is a cybersecurity policy? Well, it is defined in the Gartner IT Glossary as, “an organization’s statement of intent, principles and approaches to ensure effective management of cybersecurity risks in pursuit of its strategic objectives.”

Authenticity and non-repudiation are two core concepts in information security regarding the legitimacy and integrity of data transmission. Because we transmit data every day, it's important to verify the sender's origin (authentication) and ensure that during transmission, the data was not intercepted or altered in any way (integrity).

As the leading international standard on information security management, ISO 27001 is an important certification for businesses and is increasingly being demanded by customers as part of their supply chain management. With its standardised processes and reputational status, ISO 27001 shows interested third parties and prospective clients that you take the confidentiality, integrity and availability of their data seriously.

Typosquatting forms the basis of cyber attacks that aim to take advantage of users who mistake a malicious website for a legitimate one. Attackers register domain names that are similar to popular brands or products in the hopes that users will mistype the name and end up on their malicious site instead. Once on the site, users may be tricked into providing sensitive information or installing malware.

In 2018, the implementation of the GDPR signalled a seismic shift in how businesses target, collect and store personal data. As individuals entrust businesses with their personal data more than ever before, the GDPR has ensured that the right to privacy for individuals is protected through its regulation. Not since the result of Brexit, and the GDPR ceasing to protect the rights and freedoms of UK Citizens (since 1st Jan 2021), has there been significant changes to the GDPR.

Data is the most valuable asset of any organization, and most employees have access to secure business data. This makes them the first line of defense against combating a cyber-attack. However, hackers target vulnerable employees with insecure devices and sophisticated techniques to access the company's network and compromise valuable data. Human error enables a vast majority of cybersecurity problems. Many employees are already aware of the dangers that their mistakes can pose.

The web browser is probably the most used application on your computer. It’s used for basically everything from checking email, communicating via social media, video conferencing to shopping, banking, gaming, and much more. While we are moving toward a more app-based mobile lifestyle, we are far from getting rid of the traditional web browser.

Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s get some clarifications for the non-initiated.

As organisations speed up their cloud migration strategies, security remains a prime concern. Despite the adoption of various security solutions on cloud computing platforms, we continue to see detrimental data losses and cybersecurity breaches being reported. The consequences of such an event range from financial losses and fines, to reputational damages which lead to a loss of market share.

The saying “data is king” has been around for quite a while and we all know that the world operates and makes decisions on digital data 24x7x365. But, is data king in the field of cybersecurity? I believe that evidence - not data - is what is needed to speed defenders’ knowledge and response capabilities, so let's talk about both.