For some startups security is the last priority on a very long list of priorities. It seems like such a daunting task, one that will only cost money, take up time, and slow down the business. But the reality is that security is an important factor in any startup’s success. Many customers will ask for…
“Do you have ISO 27001 certification?”, “We only do business with organisations who have SOC2 accreditation”. As a startup you may be asked questions just like this frequently by customers, auditors, regulators, the board, and many others. But, if there is a choice of ISO 27001 vs SOC 2, which one should you be pursuing?…
Cybersecurity best practice states that organisations should incorporate encryption into their cybersecurity practices in order to protect user data. However, traditional encryption technology has only provided coverage for data when it is in transit or at rest, and there have been limited tools available for encryption of data in use. The lack of encryption of…
Any startup who works with a United States healthcare organisation of any kind must demonstrate HIPAA compliance. HIPAA, the Health Insurance Portability and Accountability Act set out in US law in 1996 requires anyone who touches the protected health information of users to appropriately protect the privacy and security of this data. Done properly, demonstrating…
As a start up or small business owner, you’ll be asked again and again about your information security certifications. One of the most internationally recognised certifications is the ISO 27001 information security certification which requires the creation of an information security management system (ISMS). While you may pursue certification in order to please potential customers,…
The increasing prevalence of software supply chain attacks has grabbed headlines and industry attention alike. Where headlines may focus on victims (especially when there are high profile victims), within the cybersecurity industry the focus may be on the consequences of the attack for the supplier at the centre, and what this could mean for other…
Isn’t it great to be able to have all the information you could possibly need for any car journey at your fingertips? And even better to get rewards for using the car? But sadly, nothing ever comes for free as customers of General Motors discovered recently. Once again mainstream media headlines have been consumed with news of…
Your business is up and running. Your first product is ready for release. But wait, have you verified its security with external penetration testing? Fast forward a year, and you are happily getting on with day to day business. Business is growing, new systems are coming online, upgrades are being made to your product. But…
Data protection is one of the central pillars of cybersecurity, everything we do in the profession is to protect data before it is attacked. So for us, every day is Data Protection Day. For many organisations, data protection feels like a daunting task. It requires investment of both time and resources, and it never ends.…
Zero trust is one of the most celebrated concepts in cybersecurity right now. The basic tenet of zero trust architecture is – trust nothing, always authenticate in order to protect the network. We explore what is a zero trust security model, the benefits of adopting it, and how to implement a zero trust architecture in…
Today’s cyber attackers are becoming ever more inventive in the way they achieve big bang cyber attacks, using tactics such as hacking suppliers in order to gain access to their customers, or compromising vulnerabilities inside an application’s code in order to attack an organisation. As a result, developers need to be more threat conscious than…
Now that 2022 is here, we are all waiting to see what the new year will bring. While no one has a crystal ball that can tell us what to expect, this set of cybersecurity predictions for 2022 encompass the evolution of existing threats and how organisations can keep themselves safe. 2021 was another busy…
As startups and small businesses know well, small doesn’t mean insignificant. Size doesn’t matter when you are intent on making an impact on your field. Growth is the name of the game, and you will do everything you can to maintain an upwards trajectory. Including looking for cybersecurity tips for startups, because you know that…
Cybersecurity is a living thing, constantly moving in new directions. The size and scope of attacks grow, the biggest cybersecurity threats change (although previous biggest cybersecurity threats rarely disappear), and the methods of attack evolve. That’s why it is important for organisations of all shapes and sizes to stay on top of current cybersecurity threats.…
As with all technology, the Covid-19 pandemic has created both opportunities and challenges for the FinTech industry. User take up of FinTech products increased as users became more accustomed to doing things remotely and contactlessly. And cyber criminals took the opportunity to release a flood of ever more sophisticated attacks on users and companies alike.…
As the risk of cyber attack increases, and the cost of those attacks rises, many organisations of all sizes and across all sectors and industries have invested in cyber liability insurance coverage to mitigate the impact of a cyber attack when it occurs. As of now, 43% of businesses and 29% of charities in the…
Cybersecurity never sits still. While you may have created a programme that addresses the current cyber threats towards your organisation, the chances are that it will not stay that way. New threats emerge, new techniques and technologies are put into play by cyber criminals, and employees change. You can’t manage what you don’t know, and…
Ransomware attacks are increasing in frequency, scope, and severity. Ransomware demands are also getting higher, and desperate companies are paying up in order to try to get to normal as quickly as possible. The official stance from governments and law enforcement agencies has always been that companies shouldn’t pay the ransomware demand, but that doesn’t…
In 2020, 39% of businesses in the UK reported a cyber security breach or attack. When an attack takes place, it kicks off a cyber security incident response effort aimed at mitigating the impact of the event, limiting the damage to the organisation’s operations, finances, and reputation. However a successful cyber attack incident response begins…
The cyber security world was rattled last week with the revelation of the largest ever ransomware attack – the Kaseya ransomware attack. A complicated mix of zero-day, supply chain, and ransomware attacks, the Kaseya ransomware attack was a sophisticated ransomware attack which compromised the on-premises version of the Kaseya VSA, a tool used by Managed…
IT security teams face a constant battle to keep on top of the security controls provided by their core suppliers. They are required to show how a move to this platform, operating system or cloud will enhance their organisation’s security, and why. The Security Stack Mappings for Azure research project from Microsoft and MITRE-Engenuity is…
Ever fallen into the trap of the ‘streetlight effect’? Looking for the most obvious things, the factors based on known knowns, without looking past them into the darkness for the hidden or less obvious factors that someone is desperately hoping you won’t see. Many organisations do exactly that when they analyse the indicators of compromise…
It’s long been acknowledged that human beings are the weakest link in any organisation’s cybersecurity. Education and training campaigns by employers, government agencies, and other professionals have raised awareness of social engineering tactics, and regularly remind users to be alert, but as with any form of cyber attack, the methods used by cyber criminals to lure…
Cynance is delighted to welcome our new advisory board member Naor Penso. Naor is an exceptional cybersecurity executive leader who brings a wealth of knowledge, vision, and most importantly passion to help guide Cynance through the next stage of our growth and development. A cybersecurity veteran with over 20 years of experience, Naor is an…
Crypto wallets with their valuable contents are an attractive target for cyber criminals. Cyber attackers look for any opportunity to breach both hot and cold crypto wallets, and wallet users rely on their wallet providers to keep their crypto currency safe. As a result, crypto wallets implement information security controls to keep them safe, from…
Security vulnerabilities are a real problem for software developers everywhere, and the organisations that employ them. Many issues are annoying but harmless, but the worst vulnerabilities in a piece of software could compromise security, and cause it to be vulnerable to a breach, which if realised, could cause untold damage to the organisation. The traditional…
Are you considering implementing RPA (robotic process automation or bots) as part of your digital transformation? RPA security best practices will help you utilise this growing trend safely and for maximum benefit. RPA usage grew by 63.1% to $1.3bn in 2019, and is expected to reach $7.2bn by 2025, making it the fastest growing segment…
To borrow a phrase from Oscar Wilde, to fall victim to a ransomware attack once may be regarded as a misfortune. To fall victim to a ransomware attack twice looks like carelessness. And yet, that is exactly what happened to an organisation just this month. They paid the ransom, received the decryption key, restored systems,…
You know all about phishing scams via email, and you are careful to never click on a link you don’t recognise. But how careful are you when it comes to messages on your phone? Are you confident that the SMS from the bank, or the link sent to you via WhatsApp from your friend is…
2020 has been described by some as the ‘Cybercrime Peak’. While it is undeniable that cyber crime increased dramatically in 2020, based on current form, the cyber security trends for 2021 look to be heading the same way. 2020 saw some old cyber security trends increase in popularity (did anyone say ransomware?), and some new…
The battle against phishing, spam, and malicious emails is never ending. 3.1 billion domain spoofing emails are sent every single day, forcing email provider filters to work extra hard to filter out malicious emails and prevent them from reaching inboxes. In this ongoing, multifaceted battle, DMARC email authentication is one way that every organisation can…
Information security is important to everyone. Many of your current and future clients may add ISO 27001 certification as a condition of doing business with you, putting you in a position where you need to start assessing your policies, processes, and procedures. While ISO 27001 alone won’t guarantee you have effective information security practices in…
Not all malware are created equally. And of all the malware out there, the Emotet malware is one of the most potent. Throughout its long life, Emotet has been linked to major malware attacks, and has consistently topped the Global Threat Index since September 2020. The only exception was a relatively quiet November, during which…
The new WhatsApp privacy policy released this week raised several key questions for data protection experts everywhere (and everyone else really). The new privacy policy sets out the information that WhatsApp shares with Facebook, and makes it clear that this policy is non-negotiable – if you don’t like WhatsApp sharing your data with Facebook, your…
What happens after a data breach? Discovery of a data breach is only the tip of the iceberg. Even as companies complete their initial incident response and begin their recovery, trying to minimise the leak and reduce the damage, the chances are that the stolen data has already been passed onto the next stage of…
You may have seen the interesting tale of Cellebrite’s Signal hack claims that they cracked Signal’s at rest encryption, giving them access to encrypted messages on the app when they are physically on the device. This claim was quickly ridiculed, Cellebrite had to roll back their blog giving away their secrets, and Signal’s creator, Moxie…
2020 has been a busy year for cybersecurity around the world with hacks, ransomware attacks, and data breaches making the news on a regular basis. According to analysts there were double the number of cyber attacks in 2020 than in 2019. Some of this increase follows trends from previous years, but it also appears as…
The US Treasury cyber attack is yet another example that absolutely anyone can be the victim of a cyber attack, and another warning that cyber attackers are becoming ever more sophisticated. This time, it was a sophisticated supply chain attack that allowed the US Treasury, and at least one other US government department or agency…
As cyber security professionals, we constantly remind the people around us that it’s not if a cyber attack will happen, it’s when a cyber attack will take place. No organisation is exempt from at least an attempt to hack them, and the FireEye cyber attack, on one of the world’s leading cybersecurity firms is no…
Cyber security mistakes made by individuals are the most common cause of cybersecurity breaches. Learn how to avoid making these mistakes and protect your networks
Shop safely online this Black Friday, and ensure that you don’t become a victim of an online shopping scam with these simple tips
The Manchester United cyber attack could have been worse. Their cybersecurity policies, procedures, and defences prevented a major data breach
Almost every account we use on a day to day basis is protected by a password, but secure passwords alone are not enough to keep your networks safe.
Stolen health data is extremely lucrative on the black market, and private health clinics are attractive targets for cyber criminals.
PASTA threat modelling is a risk-centric, offensive minded methodology which identifies threats and priorities for risk mitigation. Not be confused with pasta…
Hackers have used vulnerability chaining combining known vulnerabilities in their VPN and Windows programs to hack into US government networks
H&M are the latest organisation to receive a fine for data protection failings – this time though it was their own employee data that they failed to protect
A ransomware attack on a hospital in Dusseldorf, Germany resulted in the first ever related death. We explore the morality of this attack, and how it could have been avoided
Your startup is up and running, but how secure are you? Begin your cybersecrurity journey with our introduction to the essentials of cybersecurity for startups.
There is a global shortage of cybersecurity professionals, leaving many companies with inadequate protection. Now’s the time to think outside the box.
Newcastle University is under cyber attack, causing chaos in the leadup to the new academic year. Who did it, what is ransomware, why Newcastle University?
Seven years on from Snowden’s revelations about the NSA’s call tracking program, privacy rights campaigners have had a victory as the courts have called it unlawful and unconstitutional.
Confusing times like the current Covid-19 pandemic are fertile grounds for social engineering scammers – and boy have they been busy over the last few months.
Have you ever wondered what if every time you add a new skill to your Amazon Alexa you are giving an attacker access to your personal information?
This latest scam starts by announcing you will receive a council tax refund and ends with a malicious site which asks for enough personal information to scam you for money.
The EU’s Court of Justice declared today the Privacy Shield data transfer framework invalid because they argue that US state surveillance powers are excessive, and the Privacy Shield does not provide adequate protection.
A 38-year-old Nigerian Instagram influencer, was surprised by the authorities, ambushed and arrested amid claims of a £350 million cyber scam.
Malicious actors use various techniques in order to obtain information from unsuspecting users, utilising successful identify theft attacks.
OSINT refers to information that can be freely and legally gathered from publicly available sources. As a company, you have to be aware of OSINT, and how you can use OSINT tools and techniques to protect yourself from risk.
The Spanish data protection authority fined Twitter with €30,000 for violating cookies regulation and required it to take appropriate remediation measures.
Who should be held responsible for cyber attacks and data breaches? Fingers are being pointed at Chief Executives Officers.
What you need to know about meeting GDPR information security requirements and how much it should cost you : Our quick practical guide.
Britain faces a new model of working due to the lockdown imposed by the Government due to COVID-19.
Cynance information security consultants are here to help you with security advice regarding teleworking security risks.
If you are in London this Thursday, come and hear Cynance’s CEO, Stav Pischits, speaking about good #cybersecurity practices for bad times at the #BCS, The Chartered Institute for IT. Stav will try to answer these questions.
Virgin’s communication strategy can be easily analysed by non-PR people as myself, but the important thing we should learn here is how critical it is to identify company assets, and more specifically “incorrectly configured” assets, a term used by Virgin in its breach notice.
Poor Cathay Pacific: Not only does it have to deal with #Coronavirus catastrophe, but also the UK #ICO. The Hong Kong flag carrier flight company was issued with a 500K£ fine by the ICO for a security breach it has reported, and due to a catalogue of errors found as part of the regulator’s investigation into the breach.
How many of you thought of their Apache Tomcat servers this morning?
A journey of a thousand miles begins with a single step. The road towards #cybersecurity #compliance starts with management’s deep commitment, and team engagement. A journey of a thousand miles begins with a single step. The road towards cybersecurity compliance starts with a company’s management’s deep commitment and team engagement. Two months ago Cynance launched…
A new malware named Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems.
Come see us at #PragueGamingSummit next week, and hear Cynance CEO Stav Pischits speak about cybersecurity matters as part of the “Advising the Big Companies’’ panel, alongside gaming industry legal-gurus as Tal Itzhak Ron and Genia Gurevich
Can some technologies simply not meet the GDPR requirements, no matter what you do?
GDPR provides the guidelines and framework under which companies can process personal data, allowing companies to assess their practices and apply required protective measures.
Palo Alto launches the new Cortex XDR Managed #ThreatHunting Service. 7 trillion threat artifacts and 14 billion #malware samples crowdsourced from 35,000+ organizations inform Palo Alto’s researchers and machine learning models, providing deeper context on active threats and proactive impact reports to shut down emerging threats with confidence.
ICE London is the one place that brings together the international online and offline gaming sectors.
Cynance will be there too. We are eager to meet you and discuss the meaning of information security risk management in today’s growing need for extended cybersecurity solutions.
Join us to hear Cynance CEO Stav Pischits’ presentation at the Institute and Faculty of Actuaries about what good #cybersecurity practices look like and to what extent can #actuaries, as business professionals analysing financial consequences of #risk, implement these practices operationally.
Over the past few years, most European companies have taken steps and made critical investments in response to the increased data protection compliance requirements, as part of which data inventory and mapping are a key milestone.
New Orleans’ government has declared a state of emergency after falling victim to a cyber attack which forced the shutdown of all its government computers.
For some organisations operational resilience means shutting down their computers and moving to pen and paper. For others, it’s having their systems resilient to advanced phishing campaigns, ransomware attacks, APTs and more…Which kind of organisation do you work for?
Over the past few years, most European companies have taken steps and made critical investments in response to the increased data protection compliance requirements, as part of which data inventory and mapping are a key milestone.
Monzo called hundreds of thousands of customers to pick a new PIN code, after realizing it was storing users’ PIN codes as plain-text in log files.
You probably heard of the enormous data breach suffered by Capital One, exposing personal data of nearly 106 million of the bank’s customers.
In computing, a race condition may occur when two or more threads access shared data and try to change it at the same time.
New technologies can be super exciting, but when you want to keep your assets protected from cyber threats, new technologies actually pose a complex risk.
Over the past decade, numerous cyber attacks have made headlines, each attack more serious than the previous ones: larger in scope, greater in sophistication and more advanced in data exfiltration.
A major electricity supplier in South Africa’s largest city has suffered a ransomware attack, leaving some residents without power.
Who here doesn’t work from public places every once in a while?
The news that British Airways has been told by the Information Commissioners Office they face a record fine for breach of GDPR rules has come as a shock to many.
| Cookie | Duration | Description |
|---|---|---|
| _GRECAPTCHA | 5 months 27 days | This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis. |
| cookielawinfo-checkbox-advertisement | 1 year | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement". |
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| elementor | never | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time. |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
| Cookie | Duration | Description |
|---|---|---|
| _ga | 2 years | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
| _gat_UA-176747747-1 | 1 minute | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. |
| _gid | 1 day | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form. |
| CONSENT | 16 years 5 months | These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video. |
| Cookie | Duration | Description |
|---|---|---|
| IDE | 1 year 24 days | Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile. |
| test_cookie | 15 minutes | This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies. |
| VISITOR_INFO1_LIVE | 5 months 27 days | This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website. |
| YSC | session | This cookies is set by Youtube and is used to track the views of embedded videos. |
