Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On 15th July 2022, a team of Bulletproof penetration testers took part in the online Hack the Box Business CTF competition. The CTF (Capture the Flag) event consisted of almost 3000 participants, with each player putting their ethical hacking expertise to use in a number of challenges. There were also prizes up for grabs for the top three teams on the leaderboard. This was the first year Bulletproof entered the competition and we look forward to competing in next year’s event.

As the leading international standard on information security management, ISO 27001 is an important certification for businesses and is increasingly being demanded by customers as part of their supply chain management. With its standardised processes and reputational status, ISO 27001 shows interested third parties and prospective clients that you take the confidentiality, integrity and availability of their data seriously.

In 2018, the implementation of the GDPR signalled a seismic shift in how businesses target, collect and store personal data. As individuals entrust businesses with their personal data more than ever before, the GDPR has ensured that the right to privacy for individuals is protected through its regulation. Not since the result of Brexit, and the GDPR ceasing to protect the rights and freedoms of UK Citizens (since 1st Jan 2021), has there been significant changes to the GDPR.

Businesses that incorporate Internet of Things (IoT) into their daily operations have rarely, if ever, had access to so many resources to help improve your customer reach, collect more personal data and reduce your internal operational expenses due to IoT automation. IoT devices are ubiquitous, and as technology advances, so does the invention and use of connected devices within workplaces and our homes.

With businesses constantly at risk of cyber threats, leveraging a Security Operations Centre (SOC) is one way for organisations to proactively monitor and manage their threat landscape. Whether it’s in-house or outsourced, a SOC can help companies implement a process-driven security framework that secures business information against the constant threat of a cyber attack.

It's not uncommon to hear about businesses storing large volumes of personal data. There are endless reasons as to why personal data may be collected and processed, such as to build user profiles in order to send targeted products and services. However, many businesses fail to consider what should be done with the data once it has served its purpose, without negatively influencing their reputation and infringing upon a data subjects' rights.

In today’s world where information security is fundamental to businesses to protect their systems, network and data, compliance to ISO 27001 is crucial. ISO 27001 is an internationally recognised set of standards that helps organisations manage their information security by establishing, implementing, and maintaining an information security management system (ISMS).

Passwords are the first line of defence for protecting your devices and systems against improper access and malicious actors. They are used across almost all digital systems including software, cloud and infrastructure. Therefore implementing effective password management is one of the simplest ways of improving your cyber defences. And the best part? It costs next to nothing to have in place.

Measuring risk is key to business continuity. A growing attack surface will present many businesses with challenges of how to manage their enterprise assets and maintain a robust cyber security posture. An expanding remote workforce, increasing levels of data and the continuous rollout of evolutionary solutions can all present hackers with potential entry points to exploit if security measures are not in place.

When discussing the GDPR, a common confusion we run into is the difference between consent and legitimate interest, as well as when to use them as your legal basis for collecting, processing and storing personal data. Each of these are incredibly important in ensuring you’re connecting with your prospective customers and not stalking them.