Insight

Hackers are using weak and stolen credentials in a significant way to compromise business-critical environments. Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on other vulnerabilities. Therefore, using good password security and robust password policies is an excellent way for organizations to bolster their cybersecurity posture. What characteristics make up an effective password policy? Developing an effective reporting structure for...

It was long overdue, but Netflix has finally started to explore ways to address its password problem. By prompting viewers to prove that they live with the holder of that account by receiving a code, sent via text or email, they are hoping to weed out password freeloaders who, let’s face it, are probably costing Netflix millions of dollars each year. The issue of password sharing, which isn’t just a Netflix problem, is almost universally...

Although cybercrime as a whole has seen a rise during the pandemic, arguably ransomware has been one of the more successful and lucrative attack types. According to the World Economic Forum 2020 Global Risk Report, ransomware was the third most common, and second most damaging type of malware attack recorded last year, with payouts averaging a hefty $1.45M per incident. Our own research report, the State of Encrypted Attacks Report 2020, found that there had...

By the time you have finished reading this sentence, an organisation somewhere in the world will have fallen victim to a ransomware attack and had at least some of its corporate data encrypted. Globally, on average, the criminals behind ransomware attacks hit a new organisation every 10 seconds, but less than five years ago, it was every 40. Recently, Colonial Pipeline, a major US fuel company made headlines after falling victim to such an attack...

Ransomware is a growing threat to every organisation on the planet; it seems we can’t go a day without seeing another high-profile ransomware attack being detailed in mainstream media. Cyber-criminals are innovating at a phenomenal pace in this growing ‘industry’, because they have the funds to do so. In fact, many cyber-criminal groups have more funds than most enterprises. Staggeringly the cost of cyber-crime was reported to be more than $1 trillion in 2020, more...

It comes as no surprise that the Covid-19 pandemic has resulted in an increase in security gaps. The global crisis revealed a multitude of nascent cyber-security shortcomings, including a lack of agility to support homeworking and an overreliance on on-premise security. It also created a whole host of new challenges, from scam Covid-related domains to an increase in phishing attacks. Indeed, the pandemic has seen cyber-crime flourish. In its Annual Review 2020, the UK’s NCSC...

Passwords are the first line of defense when it comes to digital security. For most businesses, each employee is going to have at least one username and password that they need to remember. In many cases, there will be many. This is, of course, is in addition to all of their personal accounts and passwords which are sometimes used on the same device as their work accounts.   With this in mind, it should come as no surprise that somewhere between 20% and 50% of calls...

In March 2020, many people began working from home due to the COVID-19 pandemic.  The email to your teammates stating that you were “working from home” instantly had new meaning. Working from home resulted in additional risk management and security challenges for employees, executive leadership, and information technology (IT) teams.  Organizations that had not embarked upon the journey that is IT Modernization or that had not implemented identity and access management (IAM) struggled with business...

What is an IT Health Check (ITHC) An ITHC (IT Health Check) is a series of tests to ensure that your organisation is impenetrable to unauthorised persons. Specifically, organisations or individuals conduct an ITHC to confirm that they meet key requirements for PSN compliance. Direct from the ITHC supporting guidance: “Your ITHC should aim to provide assurance that your organisation’s external systems are protected from unauthorised access or change, and they do not provide an unauthorised entry...

What will the legacy of security leaders be in the years to come? Will they be remembered as the defenders of the cyber realm, heroes or will history view them as annoying barriers who did nothing but slow down innovation? Many security leaders agree that too many times, the security team is viewed as the Department of No. Now, some may believe that the end justifies the means. Every third party needs to be audited...