More than 70% of cyber attacks exploit patchable vulnerabilities


Virtually every web-based attack (98%) is opportunistic in nature, and aimed at easy targets, according to the 2015 Verizon Data Breach Investigations Report (DBIR). Unlike a targeted attack, where an attack is perpetuated against a specific target, an opportunistic attack aims to exploit any one vulnerable. This could be propagated through a variety of methods, […]

Businesses dangerously slow to react to vulnerabilities

businessman with laptop in network server room

Average time it takes an organisation to remediate a vulnerability: 176 days. Average time it takes a cyber criminal to exploit a vulnerability: 7 days. And that’s not taking zero-days into account. NopSec’s 2015 State of Vulnerability Risk Management report examined the extent to which unaddressed security vulnerabilities are affecting the security of organisations across […]

Government phishing alert: Government Legal Department/Bona Vacantia Division


The government has issued an alert that emails purporting to come from employees of the Government Legal Department/Bona Vacantia Division are part of a phishing campaign. “Neither GLD nor BV Division will ever issue emails making such offers. If you receive such an email, you should treat it with suspicion.” Phishing attacks Every day, 156 […]

PSNI reports that ransomware almost forced NI company out of business

Computer security

We’ve said it before, and, alas, we’ll say it again: small businesses are underprepared for cyber security incidents and stand to lose the most when they strike. While SMEs face the same threats as larger organisations, many lack the security posture and incident response plans necessary to defend against, and react to, attack. Statistical evidence […]

6 truly shocking cyber security statistics

Shocking cyber security stats

We’re now halfway through the year, so I thought I’d take a look back at some of the most shocking cyber security statistics so far. 98% of tested web apps are vulnerable to attack Trustwave’s 2015 Global Security Report found that a staggering 98% of tested web applications were vulnerable to attack. Web apps are […]

Tech Partnership Training Fund – save £500 on the cost of UK cyber security training

TP logo

I am pleased to announce that IT Governance’s cyber security training courses now qualify for up to £500 of funding from the Tech Partnership Training Fund. This scheme provides direct grants to employers in order to stimulate increased investment in IT training that further promotes business growth and competitiveness in the UK. Supported by the […]

Encryption for PCI DSS v3.1


The Payment Card Industry (PCI) Security Standards Council (SSC) requires merchants and service providers to use industry standards and best practices for strong cryptography and secure protocols. With recent vulnerabilities discovered in SSL and TLS, along with vulnerabilities in RC4, the PCI SSC has raised the lower boundary for strong cryptography. With PCI DSS v3.1, […]

Using ISO 27001 to combat cyber threats


According to PwC’s 2015 Information Security Breaches Survey (ISBS), ISO 27001 remains the leading standard for information security management in the UK. ISO 27001 in large vs small organisations The 2015 ISBS reveals that small organisations are lagging behind large companies in terms of implementing the Standard. 25% of large organisations surveyed have completely implemented […]

Cisco patches multiple default SSH key vulnerabilities in virtual appliances

98% of tested web apps vulnerable to attack

According to a Security Advisory issued yesterday, many of Cisco Security’s virtual appliances employ default SSH host and private keys associated with remote management – meaning an attacker in “possession of compromised keys, who is able to intercept traffic between the WSAv or ESAv and a host it is communicating with, would be able to […]