Skip to main content

July

Incident response plans: The journey is as important as the destination 

Incident response plans: The journey is as important as the destination

In an era where cyber threats are ubiquitous and increasingly sophisticated, having a robust cyber incident response plan (CIRP) is indispensable for any organisation. However, the process of developing this plan is as critical as the finished document itself.   

Join our guides Alistair Purdy and James Thoburn as they explain how this journey to creating a CIRP, whether on your own or with expert support, fosters a deeper understanding of your organisation, strengthens its defences, and ensures a state of preparedness that a pre-packaged plan simply cannot provide.    

 

June Cyber Summary

June Cyber Summary

In this week's Cyber Series, threat intelligence lead Stephen Green summarises just what happened when the Qilin group's attack on an NHS provider caused massive disruptions across hospitals in London; reveals the infiltration of Scattered Spider's web by law enforcement, and explains why the LockBit gang got caught out by greatly exaggerating (or lying) about its exploits. 

 

June

The cyber security retainer explainer 

The cyber security retainer explainer 

A cyber security retainer is – or should be – an essential part of overall risk management. But what is a cyber security retainer, exactly? Why does it matter so much? And how do you know you're getting value for money?  

From the cost efficiencies to the peace of mind that comes from knowing that experts have your back, Kevin Groves and Edward Starkie explain the ins and outs of cyber retainers and why you don't want to start thinking about them only after an incident is underway. 

 

Cybersecurity regulation: What should we expect?

Cybersecurity regulation: What should we expect?

From AI-washing to operational resilience, regulators have a lot to think about when it comes to cybersecurity -- which means the organisations they regulate have a lot to think about too. Ed Starkie looks at what can be expected from cybersecurity regulation over the next few years, based on the current direction of travel and recent case law.

Personal liability and the CISO: The consequences of accountability

Personal liability and the CISO: The consequences of accountability

When most of us discuss cybersecurity threats, we tend to focus on the threat actor and their actions. But in the wake of many recent major cyber incidents, the actions taken (or not taken) by CISOs are under just as much scrutiny as those of the threat actors. CISOs are increasingly being held personally responsible for cybersecurity failings.


Edward Starkie explains why this is, and why holding CISOs accountable for cybersecurity weaknesses could benefit CISOs in the long run.

Mythbusting: Realising value from cybersecurity in M&A due diligence

Mythbusting: Realising value from cybersecurity in M&A due diligence

Despite the increasing emphasis on cybersecurity and the part it plays in the economy, there are still some widely held misconceptions about its role in the M&A process. This knowledge gap creates common pitfalls and missed opportunities for investors. Ed Starkie busts some common myths about cybersecurity and M&A due diligence in this week’s edition of Cyber Series. 

May

May in review: UniSuper weathers storm after Google Cloud glitch

May in review: UniSuper weathers storm after Google Cloud glitch

May was another eventful month in cyberspace:

  • The US SEC has announced a regulatory update that will put pressure on financial institutions to better protect client data
  • Australian pension fund UniSuper lost its data – twice! – thanks to a “glitch” with Google Cloud
  • Law enforcement scored a rare win against a dark web marketplace (at least for now).

Join threat intelligence lead Stephen Green for a review of the month that was and a look at the trending digital threats facing the financial sector.

Review and strengthen: How to get value from a penetration test

Review and strengthen: How to get value from a penetration test

So you have your pen test results – now what? In part 2 of our look at how to get the most out of your penetration testing, Ed Starkie, Director of Governance, Risk and Compliance (Cyber) explains why the actions you take after your pen test are as important as the test itself.

Penetration testing for regulatory compliance

Penetration testing for regulatory compliance

Penetration tests are now a cyber security essential, thanks to the number of advanced persistent threats (APTs) firms need to ward off, and the increasing scrutiny from regulators across all industries. Edward Starkie explains the red flags to look out for when you’re commissioning and undergoing a penetration test, what traps you should avoid, and provides a checklist for anyone who wants to ensure their next pen test delivers all it should.

Outsourced SOCs and MDR services – Mind the MDR expectation gap

Outsourced SOCs and MDR services – Mind the MDR expectation gap

Mind the MDR expectation gap! The number of organisations that are heavily reliant on a security operations centre (SOC) or managed detection and response (MDR) provider is growing. But in an age of increasing cyber risk, who watches these watchers? And what are the warning signs that an ‘MDR expectation gap’ is turning into a chasm?

 

Our cyber experts explain how to get the most out of your relationship with your SOC/MDR provider, and maximise value and efficiency in this critical area.