Blog

Blog

A large fish pulling fishing a man out of water Information Security

Did you get caught Phishing this summer?

Business Email Compromise (BEC) attacks have become one of the most successful and damaging forms of Phishing, as attackers switch tactics to avoid detection and typical end-user awareness.

According to the NCSC and insurance provider AIG over 23% of all cyber insurance claims in 2018 were because of BEC attacks, even over-performing other popular attacks:

Ransomware at 18% and data breaches at 14% of total claims were relegated to second and third places. Total claims (for Business Email Compromises) in 2018 amounted to more than those in 2016 and 2017 combined.

Source: https://www.ncsc.gov.uk/report/weekly-threat-report-6th-september-2019
Read more “Did you get caught Phishing this summer?”
Information Security

It’s time to get serious with Passwords

Whilst I’m not an avid radio listener, this week I tuned into a spokesperson from the NCSC (UK’s Cyber Security Centre) discussing cyber security and in particular a new top 1000 passwords list that has been compiled in conjunction with Troy Hunt (haveibeenpwned.com). It won’t take you many guesses to find out which passwords were in the top 5 still, but in-case you’re interested here’s a snippet below:

Read more “It’s time to get serious with Passwords”
1 in 5 businesses never update their senior executives regarding cyber security activities. Information Security

Cyber security activities – are you kept up to…

  • 1 in 5 businesses never never update their senior executives regarding cyber security activities…
  • only 17% updated weekly.
  • 5% are only made aware when there’s a breach.

The UK governments annual Cyber Security Breaches Survey (2018) highlights the lack of regular reporting regarding cyber security activities and events to senior executives (business owners, board members etc) and line management.

Read more “Cyber security activities – are you kept up to date?”
Data Protection

Have you paid the ICO yet?

  • Over 900 ‘intent to fine notices issued’.
  • > 100 fine notices issued since December 2018.
  • Any business processing personal data required to register and pay a fee (unless exempt).
  • Fines for not paying can be up to a maximum of £4,350.

The ICO announced at the end of 2018 that is has started issuing fines to businesses over a number of sectors for failure to renew or register with the ICO.

Read more “Have you paid the ICO yet?”
Data Protection

Happy Data Protection Day!

January 28th marks the internationally recognised Data Privacy / Protection day.  A day used to raise awareness of data protection rights and risks globally.  The date is set around the original Council of Europe adoption in 1985 of “Convention 108” the first of it’s kind to “protect individuals against abuses which may accompany the collection and processing of personal data”.

2018 also now ranks as an important year in the data protection calendar as the year the EU “General Data Protection Regulation” (GDPR) came into force on May 25th.  With just over 8months under it’s belt I thought it would be interesting to review some effects and events over 2018 and how GDPR has influenced some of these events. Read more “Happy Data Protection Day!”