Category: Security Advisory Blog

Category: Security Advisory Blog

Colonial Ransomware Attack: It’s time to rethink your backup & restoration strategy.
13/06/2021 CISO Blog, Security Advisory Blog EditoratLarge

No doubt, if you’re following the news, you may have seen an uptick in the number of ransomware attacks doing the rounds. There have been quite a few. In particular, the Colonial Pipeline attack. It’s beginning to seem a lot like Groundhog Day! You would think, after seeing how the ransomware attack in January 2020 crippled

Read More
Denial of Suez: What can we learn about risk assessing SPOF?
27/03/2021 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Single points of failure (SPOF) creep into many business processes. Often unintentionally. Some exist from the outset but were simply not assessed, or were assessed and deemed low risk. That legacy server running a critical piece of code wasn’t legacy at the beginning. That retiring SME, the one who wrote the code, had just started.

Read More
Virtual CISO – Running a Business. Thinking Differently about Security!
22/03/2021 CISO Blog, Security Advisory Blog EditoratLarge

It’s Monday morning and I have already been up for a while. I have had a few cups of tea. I have answered a few emails. I have written and submitted a proposal for a new piece of work. It’s a great client too. When I submitted the proposal I had a sense of relief

Read More
EU/UK GDPR Lawful Bases – Getting accountability right
15/03/2021 DPO Blog, Security Advisory Blog EditoratLarge

Working out the lawful bases for your processing activities can be a challenge. Whilst the ICO has guidance and a useful tool to help organisations determine the lawful bases of processing, the final decision will always rest on the Controller organisation to defend. A Controller thus needs to document their lawful bases properly because if

Read More
Is your Managed SOC starting to smell a bit fruity? Here’s what to do if it is
06/03/2021 CISO Blog, Security Advisory Blog EditoratLarge

Remember a couple of years ago (when life was so very different). Remember reaching that point in your security maturity journey where you needed a way of detecting security events without the help of the BBC News letting you know? Remember looking at all those complex SIEM solutions? Remember deciding the time and effort involved

Read More
EU has drafted its adequacy decision on the UK…and it seems we’re adequate.
21/02/2021 DPO Blog, Security Advisory Blog EditoratLarge

As predicted in an article I wrote earlier this year, the EU are on the cusp of finding the UK’s data protection regime adequate. The draft decision has been published and so you don’t have to read the whole 87 page document I took one for the team and have summarised the bits I thought might be of interest,

Read More
Brexit Deal and GDPR – Adequacy will follow [shortly]
29/12/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any subject matter So…it’s here! Despite many saying it was not possible, a free trade deal has been done. Whether it’s a good deal or a bad deal for the UK is yet to

Read More
We need to talk about Information Security Policy…
08/12/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

I’m sure you’re already well on the way to planning your 2021…what it’s December already? Yup, the annus horribilis that is 2020 is coming to an end. With multiple vaccines in the pipeline, 2021 should [hopefully] be a year where we can get things back to normal. Well, a new normal! Whilst 2020 has placed a number of restrictions

Read More
Ticketmaster Fine – ICO may hold you to PCI-DSS…and most likely Cyber Essentials and ISO 27001 too!
19/11/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

On an Ominous Friday the 13th, the UK Data Protection Regulator, the ICO, fined Ticketmaster UK Ltd £1.25million for a data protection breach that occurred over 9 weeks in 2018. In an interesting twist, some of the breach occurred pre-GDPR and some occurred post-GDPR. The 7-figure fine reflects the part of the breach that occurred

Read More
The Nightmare [Cyber Attack] before Christmas
15/11/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

We’re now in the period between Halloween and Christmas. The Christmas music is now in the supermarkets (as they’re the only things open at the moment) and people are looking towards cobbling together some semblance of a family get-together subject to the local Coronavirus restrictions. Some people have already put up their decorations whilst others

Read More