Mandiant 2015 M-Trends report: malicious actors spent a median of six months on breached systems before detection

businessman with laptop in network server room

Mandiant’s new M-Trends report (M-Trends 2015: A View from the Front Lines) examined 2014’s “seemingly never-ending series of breach disclosures” to discern common trends. It concludes that “organizations should consider data breaches… a business reality”, and that, although the threat landscape is becoming more complex, “far too many organizations were unprepared for the inevitable breach, […]

15 reasons to choose us as your penetration testing provider


A few weeks ago, my colleague Desi blogged about why penetration testing was necessary and what IT managers needed to know about it. In Desi’s article, she spoke to our resident technical services guru, Geraint Williams – PCI QSA, CREST-registered tester, CISSP, CEH, CHFI (he’s probably acquired more qualifications by the time I finish this […]

Free guide to writing an information system audit report


Auditing and the production of clear audit reports are crucial activities in ensuring the effective management of information systems. They are also mandatory requirements for the implementation of IT best practices and standards that include ITIL®, PRINCE2®, COBIT® 5, PCI DSS and ISO27001. ISACA® recently published Information Systems Auditing: Tools and Techniques, which provides a […]

Staysure fails to comply with the PCI DSS and is fined £175,000 by the ICO


Online travel insurance provider has been fined £175,000 by the Information Commissioner’s Office, following a data breach involving payment card data caused by a cyber attack. The company had stored three-digit card verification code data (also known as the card security code) – a practice that is expressly prohibited under the Payment Card Industry […]

Only 25% of directors are actively involved in reviewing security and privacy risks

Side view of two blurred businessmen talking in conference room

PwC’s 2015 Global State of Information Security Survey reveals that 50% of organisations now have cyber insurance to protect themselves against cyber risks and the misuse of personal data. This statistic supports the commonly accepted view that cyber risks will only continue to increase in potency and impact. In fact, the number of respondents that […]

PCI SSC announces changes to the PCI DSS and PA-DSS: SSL “no longer acceptable”

The PCI SSC (Payment Card Industry Security Standards Council) has announced “impending revisions” to PCI standards affecting all compliant organisations that use the Secure Sockets Layer (SSL) cryptographic protocol: “The National Institute of Standards and Technology (NIST) has identified the Secure Socket Layers (SSL) v3.0 protocol (a cryptographic protocol designed to provide secure communications over […]

Cyber security career guide for IT professionals


With the cyber security sector growing rapidly, career opportunities for IT professionals are increasing. Employers are competing for skilled cyber security professionals, which is driving up salaries for people with the requisite skills and qualifications. The latest salary survey by British recruitment company Robert Walters reveals that cyber security professionals can expect large pay increases […]

Fraud risk for thousands of TalkTalk customers following data breach – some have already lost “thousands of pounds”


Phone company TalkTalk has confirmed that leaked customer data is being used by criminals to defraud its customers. Personal information including the phone numbers, addresses and account details of TalkTalk customers were leaked when a third party suffered a data breach last year. TalkTalk is taking legal action against the supplier. The breach first came […]

Misunderstanding cyber threats puts a third of SME revenue at risk


New research by the government’s Cyber Streetwise campaign has found that SMEs “are putting a third (32%) of their revenue at risk because they are falling for some of the common misconceptions around cyber security, leaving them vulnerable to losing valuable data and suffering both financial and reputational damage”. Asked if they agreed with a […]