Ancient seafarers and accountants are not normally the subjects of cyber security related articles. This post will seek to address this oversight by considering how these two communities made use of the virtual environment to go about their business. By doing so we can take a broader perspective on what the virtual means to organisations today and how this translates into protecting against cyber threats.

Cyber security has been in the public’s awareness for a number of years. …

Cyber security can be confusing particularly if you are engaging with the area for the first time. One of the sources of confusion is the variety of products and services on offer that all seem the same or at least very similar. Penetration testing (aka pentesting), red teaming and cyber exercising are three such services that can be easily confused. This article will aim to describe the similarities and differences between these three services. …

There have been a number of large fines handed out in recent weeks to businesses that suffered a cyber breach. British Airways and Marriott International are due to be fined £183m and £99m respectively by the UK’s Information Commissioner’s Office while Equifax has agreed to pay between $575m and $700m to US authorities. These are large numbers and they have received a lot of press coverage, but are they the only numbers that organisations should be worried about?

Organisations face a fundamental challenge when trying to decide how much to invest in cyber security. This challenge exists because of the…

The NCSC’s Exercise in a Box has a simulator that allows you to mimic a common malware command and control technique. The simulator is just one of several exercises that make up the “Exercise in a Box” that can be downloaded and used for free from the NCSC. The majority of the scenarios are conducted in a tabletop format but this simulator now lets these exercises test technological security controls.

This means you now have a free tool to test the actual performance of your security team in responding to an incident. This is good for organisations with well established…

The multi-billion dollar Dutch provider of accountancy software, Wolters Kluwer, has been experiencing a cyber incident since the 6th of May. Since then they have confirmed that malware was on their system but there has been a significant failure to effectively communicate much more than that to their customers and to the public. This has caused significant frustration and anger to their large user base, many of whom are facing looming deadlines.

Earlier in 2019 another multi-billion dollar company, Norsk Hydro, experienced a serious cyber incident. Unlike Wolters Kluwer, their response to the incident was widely praised as being one…