Category: Operational Resilience Blog

Cyber Security - Resilience - Data Protection

vuln scan - info

Vulnerability Scanning – It’s not all about the High and Critical items!

Don’t blindly trust the output of automated scans. This article talks about the key mistakes made when scanning for vulnerabilities.

Christmas Hacking Season

Let’s Avoid a Cost-of-Hacking Crisis this Christmas!

Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling this…
Read more


P&O – What’s in a Name: A Case Study in Brand Risk

What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations…
Read more

Coloured Card

ISO 27001:2022 – Information Classification – Is it now time for #ABIC

Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect…
Read more


2022 – Business Leaders don’t need our security predictions, they need these recommendations!

It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite…
Read more


What would WW3 look like if it started now? – Thinking the unthinkable to aid better Risk Management.

When managing risk it’s easy to dismiss certain events from happening because they seem too far removed from our perceived reality. The reality is however that our perception of what we think is far from reality can be vastly skewed. Humans tend to underestimate the likelihood of certain events occurring. For example, the risk of…
Read more

Business Leaders: Ransomware is actually all-around at Christmas!

It seems to me that ransomware is everywhere. More often than not, it’s particularly undignified and highly newsworthy, but it’s always there: headquarters and subsidiaries, major organisations and SMEs, charities and financial services, logistics, aviation, ransomware is our old friend. When ransomware hits a company without good security, as far as I know, none of the phone…
Read more

Know your enemy and yourself: MITRE ATT&CK and D3FEND

Sun Tzu, wrote in the Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in…
Read more

Calling time on time-based billing – use service-based billing if you want to save £££

When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be…
Read more

The Black Swan Fallacy: Why a failure of imagination is irrelevant to Resilience Planning

Every time there is a major incident, whether it be a global pandemic or a natural disaster. Whether it be an IT Outage or a bout of unseasonably hot or cold weather, the rallying cry of those trying to defend the paucity of their response to the unfolding events is now cliche: “We never thought…
Read more