Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

While the rise of ChatGPT and other AI chatbots has been hailed as a business game-changer, it is increasingly being seen as a critical security issue. Previously, we outlined the challenges created by ChatGPT and other forms of AI. In this blog post, we look at the growing threat from AI-associated cyber-attacks and discuss new guidance from the National Institute of Standards and Technology (NIST).

With so many cyber security priorities to balance, it isn’t always easy to know where to start. The mistake that many organisations make is to view threats originating from outside as their sole focus. However, with insider threats proving a persistent presence, this can often be a very costly oversight. This guide seeks to provide clarity on the different types of insider threats you need to be aware of and the controls and processes you can put in place to defend against them.

In this article, we outline likely threat landscape trends for 2024, based on what has been observed in 2023, and predict key areas of concern for the months ahead.

OWASP pen testing is the assessment of web applications to identify vulnerabilities outlined in the OWASP Top Ten. An OWASP pen test is designed to identify, safely exploit and help address these vulnerabilities so that risks can be mitigated before they are exploited by adversaries.

While it can serve as part of a security strategy, it also presents some challenges. In this blog post, we outline what automated pen testing is and compare its key benefits and risks with those of manual pen testing.

With NIST recently releasing an updated draft version of the framework, we outline the main proposed changes.

This plays a vital role in helping organisations mitigate cyber risk by shutting down vulnerabilities before they can be exploited maliciously. In this blog article, we outline what PTaaS is and how it can help you advance your cyber resilience.

Cyber security pen testing can vary widely, covering applications, wireless, network services and physical assets. These could include internal and external infrastructure testing, web or mobile application testing, API testing, cloud and network configuration reviews, social engineering and even physical security testing.

This rise in social engineering was seen alongside significant increases in phishing, smishing, vishing, the use of valid accounts and other tactics – adding up to the highest volume of incidents seen in 2023. These, as well as other notable trends from the previous quarter, are discussed in the report, Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage.

To defend against rapidly evolving cyber threats, businesses need to continually adapt and innovate. This means that red and blue teams must work together on an ongoing basis to maximise their individual and collective impact. Purple teaming allows them to achieve this more effectively, significantly advancing organisations’ security posture.