A Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. But with so much in the news about AI, Cloud security and other niche areas of cyber security, it’s easy to overlook the importance of such solid, tried-and-tested qualifications in information security. Adesoji ‘Soji’ Ogunjobi is a cyber security specialist and instructor, with nearly two decades of experience as a cyber security professional and IT auditor. He also has an MSc in Information Technolog ..read more

In the UK, cyber security has been dropping down the board’s list of priorities. A 2022 Proofpoint study found that 76% of UK board members believed their organisation to be at risk of a material cyber attack in the next 12 months – higher than the global average of 65%. However, the 2023 edition of that study found that this had dropped to 44% in the UK, whereas the global average had climbed to 73%. The UK government’s Cyber Security Breaches Survey 2023 confirms this trend. Fewer directors, trustees and other senior managers of both UK businesses and charities see cyber security as a high p ..read more

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties. Previously, we’ve interviewed Leon about secure remote working and what the best VPN (virtual private network) solutions are. More recently, we got his insights into the ‘mother of all breaches’, which ..read more

29,530,829,012 known records breached so far in 4,645 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Use the links in the ‘On this page’ section below to navigate. To get our latest research delivered straight to your inbox, subscribe to our free weekly newsletter, the Security Spotlight. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other inf ..read more

How networks have evolved and how to secure them Adam Seamons is the information security manager of GRC International Group PLC, after more than 15 years’ experience working as a systems engineer and in technical support. Adam also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications. We sat down to chat to him. What trends in network security have you noticed recently? One of the big impacts to networks has come from the changes in technology, particularly in terms of the Cloud. Networks have moved from self-conta ..read more

DORA’s supply chain security requirements IT Governance’s research for November 2023 found that 48% of the month’s incidents originated from the supply chain (i.e. were third-party attacks). For Europe, this number rises to 61%. Admittedly, it only takes a comparatively small number of supply chain attacks to skew the number of incidents. It’s in their nature for one attack to compromise potentially hundreds or even thousands of organisations. However, that doesn’t stop the numbers from being worrying. It can be challenging to secure your supply chain – organisations tend to simply trust that ..read more

Making compliance easy with our Cloud-based solution CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws, including ISO 27001, the GDPR (General Data Protection Regulation), and more. This SaaS (Software as a Service) will help you manage all your cyber security and data privacy obligations in one place. You will gain immediate visibility into critical data and key performance indicators, and stay ahead of regulatory changes. Recently, CyberComply has seen some major updates. But we’re not done yet – th ..read more

The cost of living crisis is affecting us all. Energy bills are soaring, petrol prices have reached record highs and, as the BBC reported this week, even the humble cheese sandwich has been struck by inflation. Despite these rising costs, one area that remains unchanged is digital transformation. Organisations worldwide are investing in technologies at an unprecedented rate, with an IDC study published last year reporting that digital transformation spending is expected to hit $3.4 trillion (£2.73 trillion) by 2026. These estimates are driven by organisations’ desire to automate projects and t ..read more

Insider threats are one of the most difficult security challenges that organisations face. Staying safe isn’t simply about stopping criminal hackers from breaking into your systems, because the vulnerabilities already inside your organisation. A malicious threat can be an employee, contractor or business partner who is liable to leak sensitive information. Preventing this from happening requires a nuanced approach to information security, and it’s one that organisations are increasingly struggling with. According to the 2022 Verizon Data Breach Investigations Report, insider threats account fo ..read more

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation? Data minimisation requires organisations to process personal data only if it serves a specific purpose, and to retain it for only as long as it’s needed to meet that purpose. Article 5(1) of the GDPR provides further guidance, explaining that organisations should consider three f ..read more