Insight

The landscape of ransomware has undergone rapid evolution, shifting from a relatively straightforward form of malicious software primarily affecting individual computer users, to a menacing enterprise-level threat that has inflicted substantial harm on various industries and government institutions. Ransomware attacks are strategically designed to either encrypt or delete critical data and system files, compelling organisations to meet the attackers’ financial demands. These assaults specifically focus on compromising data repositories, backup systems, and vital records that are essential...

Despite being widely used in Industrial Control Systems (ICS), Modbus has been recognised as an insecure protocol. Securing and attacking Modbus has therefore been a topic for years, and it was first in 2018 that the Modbus Security protocol (MSP) was published, nearly 40 years after the initial introduction of Modbus. This article will introduce some common Modbus reconnaissance attacks, as well as briefly discussing the impact of MSP on those attacks.   Modbus in...

The IT Security Guru caught up with Tarnveer Singh a CISO and finalist in the Security Serious Unsung Heroes Awards 2023 for his thoughts on how to get more professionals involved in the cybersecurity industry:   There are many ways we can inspire new cybersecurity professionals to join our industry. One way is to increase awareness about the importance of cybersecurity and its increasing demand. This can be done through educational programs at schools, colleges,...

Modern digital transformations have been fuelled by APIs, altering how many businesses and organizations run. However, the recent innovation and digital transformation wave have also opened up new attack surfaces for cybercriminals. Companies are forced to respond to an increase in API threats, but they quickly learn that traditional, static methods of API security are ineffective. Machine learning (ML) and artificial intelligence (AI) become helpful allies in stopping API attacks. The topic of whether to...

In today's digital age, where organisations heavily rely on technology and data, ensuring strong Cyber Security practices is paramount, and one often overlooked aspect, is the departure of staff members. The departure of an employee can introduce vulnerabilities and risks if not handled properly. Establishing a well-defined process for staff departures is crucial not only for maintaining operational continuity but also for safeguarding sensitive information from potential cyber threats. Chris White, member of International Cyber...

In the fast-paced world of gaming, the allure of achieving the next level, unlocking a new weapon, or solving an intricate puzzle can be irresistible. Just as irresistible, though, is the allure of cybercriminals seeking easy targets in the vast digital playground of the gaming world. With the UK and US gaming markets being amongst the largest and most lucrative, the need for gamers to understand cybersecurity has never been greater. This article provides resources...

BizDevOps in a nutshell Many organisations claim to be data-centric and data-driven. Making informed decisions based on what their organisation’s data is telling them. But how many organisations can truly say they have an effective and operational Data Management framework in place? The good news is that it is relatively easy to remove the toil and burden with automation and implementing a Data Model program to improve the accuracy and quality of the underlying data....

A few years ago, DLP was a hot security buzzword and a relevant single offering. Now, it’s been swallowed up as part of other, beefier solutions that offer a buffet instead of an entrée. However, to understand where to find DLP today and what exactly it’s doing, it helps to get a sense of the whole picture. Let’s review the rise, decline and – reincarnation? - of the Data Loss Prevention category. Where DLP Started...

As the world moves increasingly online, risk management professionals and business owners must continue to invest in the prevention of cyber threats. It’s surprising, to see just how many businesses have plans in place for all sorts of things such as fire, flood and COVID-related issues, yet don't have any action plans in place should a cyber attack occur.  What happens in the minutes, hours and days after an attack is crucial. This is where...

Cybersecurity is a matter of national and international security and should be prioritised as such. This is particularly important when it comes to protecting Critical National Infrastructure (CNI) and the services that UK citizens rely on in their daily lives, as the consequences of disruption to these services has the potential to be devastating. With the world more digitised and interconnected than ever, a significant attack on CNI could lead to physical harm or even...