Skip to main content

May

May in review: UniSuper weathers storm after Google Cloud glitch

May in review: UniSuper weathers storm after Google Cloud glitch

May was another eventful month in cyberspace:

  • The US SEC has announced a regulatory update that will put pressure on financial institutions to better protect client data
  • Australian pension fund UniSuper lost its data – twice! – thanks to a “glitch” with Google Cloud
  • Law enforcement scored a rare win against a dark web marketplace (at least for now).

Join threat intelligence lead Stephen Green for a review of the month that was and a look at the trending digital threats facing the financial sector.

Review and strengthen: How to get value from a penetration test

Review and strengthen: How to get value from a penetration test

So you have your pen test results – now what? In part 2 of our look at how to get the most out of your penetration testing, Ed Starkie, Director of Governance, Risk and Compliance (Cyber) explains why the actions you take after your pen test are as important as the test itself.

Penetration testing for regulatory compliance

Penetration testing for regulatory compliance

Penetration tests are now a cyber security essential, thanks to the number of advanced persistent threats (APTs) firms need to ward off, and the increasing scrutiny from regulators across all industries. Edward Starkie explains the red flags to look out for when you’re commissioning and undergoing a penetration test, what traps you should avoid, and provides a checklist for anyone who wants to ensure their next pen test delivers all it should.

Outsourced SOCs and MDR services – Mind the MDR expectation gap

Outsourced SOCs and MDR services – Mind the MDR expectation gap

Mind the MDR expectation gap! The number of organisations that are heavily reliant on a security operations centre (SOC) or managed detection and response (MDR) provider is growing. But in an age of increasing cyber risk, who watches these watchers? And what are the warning signs that an ‘MDR expectation gap’ is turning into a chasm?

 

Our cyber experts explain how to get the most out of your relationship with your SOC/MDR provider, and maximise value and efficiency in this critical area.

April

April Cyber Summary

April Cyber Summary

Most banks, stock exchanges and other financial institutions have robust cyber security measures in place – but threat actors tend to treat that as a challenge rather than a deterrent.

The numerous third parties involved in the modern supply chain offer cyber criminals easier access to larger, more secure – and more lucrative – targets. In this month’s review, Stephen Green, Threat Intelligence Lead, looks at the third-party cyber attacks in April that left the Department of Insurance, Securities and Banking and the London Stock Exchange Group exposed.

Making a quantum leap: what quantum computing means for security and compliance 

Making a quantum leap: what quantum computing means for security and compliance 

The hype surrounding generative AI tools is understandable. However, there's another, potentially even more seismic technological shift taking shape: the rise of quantum computing.  

For many of us, quantum computing sounds like something from science fiction. In this week’s Cyber Series, Martin Nikel, Director of eDiscovery and Litigation Support, explains that what was once an impossible future is already here, and it’s time to start preparing for both the advantages quantum computing will bring and the risks it will pose to our digital security.

The secret cyber files

The secret cyber files

This week, we present some of the stories our cyber experts were willing and able to share about their experiences. And these stories have everything – from pre-dawn flights to undisclosed locations and a CTO who had the worst-ever first day back at work after a holiday. (Spoiler alert – he was arrested.) 

A day in the life of... a cyber governance, risk and compliance officer

A day in the life of... a cyber governance, risk and compliance officer

An early alarm, coffee, gardening, a good book, then more coffee and gardening. In between, our cyber governance, risk and compliance director also finds time to get a lot of work done. Follow him down the garden path for a closer look at his typical workday (and to see how the spring bulbs are doing). 

March cyber summary

March cyber summary

The big news in cyber security in March was all about China, as the UK took the extraordinary step of explicitly naming Chinese state-affiliated organisations and individuals that it alleges are responsible for malicious cyber campaigns against a group of its MPs.

In his review of the key cyber events of the last month, Stephen Green, Threat Intelligence Lead, explains why the UK is not alone in its concerns about Chinese interference and looks at what else kept cyber security experts busy.

March

The call is coming from inside the business: Dealing with insider threats

The call is coming from inside the business: Dealing with insider threats

Is one of your trusted colleagues a threat to your organisation? For that matter, are you?

There are many reasons why someone with legitimate access to an organisation’s networks and data could become a threat and trigger an ‘insider event’. Perhaps they unwittingly fall for the latest AI-powered phishing scam. Maybe they’re an opportunist looking for career advancement or financial gain. They may even simply make a mistake and deliver information into the wrong hands.

Alistair Purdy explores recent cases of inside actors – both malicious and well-intentioned – and how organisations can prepare for dealing with insider threats and events.