It has been an important week for Cyber Security in the United States with several key announcements from President Biden and his administration on funding and appointments as well as a response to the Solar Winds attack.
The news of US sanctions on Russia has made headlines around the world with President Biden’s remarks on Russia firmly attributing the extensive “SolarWinds” hack on the US Government to Russia.
You don’t need to celebrate, just take stock, and look to the future. With all that’s changed in the world, the arrival of the third anniversary of the General Data Protection regulation may seem trivial, even irrelevant.
“War stories”? Sounds a bit dramatic, but the life of a Pen Tester is spent on the frontline of an ongoing conflict between individuals and organisations, and an army of hackers seeking to scam or undermine them. And just as in any war, the ‘intelligence’ services play a huge role in protecting good people from bad outcomes; work that takes place mainly in the shadows.
It’s nearly a month since the UK Government released The Integrated Review 2021 detailing ‘the vision for the UK’s role in the world over the next decade’.
The Bank of England’s financial policy committee recently underlined the importance of cyber stress testing when assessing the operational resilience of financial services.
In late 2020, the American cyber-security community discovered a widespread breach of private-sector and government networks. A primary vector for the breach appeared to be the hacking of software provided by the US information-technology company SolarWinds.
There are a number of security benefits that can be gleaned from threat monitoring, automated vulnerability scanning and stringent security policies. However, penetration testing can be a useful asset in identifying exploitable security vulnerabilities and real threats facing your organisation.
The NCSC issued advice to the education sector at the end of last week on the growing threat from ransomware attacks targeting the sector.
We are all aware that ransomware poses an operational, financial and reputational threat for organisations. At a time when the pandemic has meant that we are all far more digitally dependent, there has been a dramatic increase in the number of ransomware attacks and the range of sectors targeted.
Penetration testing and red team assessments are terms sometimes used interchangeably but in reality, they serve different purposes and relate to different testing procedures. In this blog, we break down the differences between them and discuss when to start thinking about red team assessments.