CHECK and CREST are two separate accreditations approved for use by the National Cyber Security Centre (NCSC), and the Council of Registered Ethical Security Testers (CREST). CHECK, which is an abbreviation of IT Health Check Service, is an NCSC initiative for protecting government and public sector systems in line with government policy.
Cloud computing is a highly convenient and cost-effective way of storing data, but it also comes with risks. Businesses often use this technology without understanding how vulnerable they are to security breaches. With the rise in cybercrimes, businesses need to be more vigilant about their data security than ever before. This article will discuss some of the most common cyber security risks associated with cloud computing and provide information on how they can be managed.
Digital cookies have become a ubiquitous tool in how websites identify visitors, understand their online behaviour, and make browsing more convenient for the user. Cookies are small text files which store data to identify your computer. Cookies aren't necessarily bad. They're useful for encryption, delivering webchats, improving marketing campaigns by personalising the content displayed, and many other digital services.
In what is being described as the most significant update to the scheme since it launched in 2014, the National Cyber Security Centre (NCSC) has announced that the technical controls for Cyber Essentials and Cyber Essentials Plus will be updated as of 24th January 2022. The change is to bring the scheme in-line with the evolving cyber security challenges that organisations now face, particularly around the adoption of cloud services and hybrid working.
Hackers are often associated with young adults who are constantly on their computers, staring at the screen full of codes and sitting in a dark room away from society. But don’t be fooled, hackers might just be some of the most intelligent people in today’s digital world; breaking into systems to test their abilities and expanding their knowledge to find new and innovative techniques- and strange as it may sound, not all of them want to steal your data.
Supplier due diligence is an action taken by an organisation to identify and understand the credibility and suitability of a prospective partner or vendor. Conducting supplier due diligence can help guide decision-making when choosing the right vendor, detect risks with potential suppliers and protect customer data in the process. It's also considered good business practice and can help mitigate future financial and reputational damage caused by a data breach.
Over the last two weeks, many have had flashbacks to 2012 when Heartbleed was released and everyone scrambled to fix broadly used OpenSSL. Due to their nature, some applications and services are so prolific that when a vulnerability is identified it causes massive issues for vendors and customers alike. The latest of this kind of issue is the Log4j vulnerability that has been dominating the press.
The most common application vulnerabilities will come as no surprise to cyber security experts. If we know about them, why do they persist?
No-one would lend or borrow money without expecting some form of agreement to be in place covering the term, the interest, the repayments and so on. Even lending the garden hose to a neighbour comes with an expectation of it being returned at some stage and being returned in the state that it was lent.
We’ve previously discussed what social engineering attacks are and what you can do to prevent them. Here, we’re going to review the reasons why threat actors persist with these types of attacks and why every single employee is potentially susceptible to a social engineering attack.
