Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Cyber Security

Filter by category
Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

A breach at any time of the year is bad for business. But with the highest volume of sales – both retail and online – occurring between Black Friday..

Why get ISO27001 certification?

Why get ISO27001 certification?

We are sometimes asked the question, why get ISO27001 certification? The answer is that the ISO standard, and ISO 27001 compliance in particular, demonstrates that your organisation takes information..

Protecting your cyber soul

Protecting your cyber soul

By Tom Fairfax, Managing Director If you were asked to sell your soul to a stranger…. what price would you ask? The ancient Egyptians believed that a person’s soul had..

Why the prioritisation of breach identification and containment are crucial elements of every cyber defence strategy

Why the prioritisation of breach identification and containment are crucial elements of every cyber defence strategy

One of the most significant elements of the current cyber threat landscape is the amount of time it takes to actually detect and contain a breach. In a study..

Schools are being targeted by cyber criminals: 6 ways to shore up online defences

Schools are being targeted by cyber criminals: 6 ways to shore up online defences

In 2017 the Independent Schools’ Bursars Association (ISBA), which supports over 1,000 senior management staff in schools, stated that cyberattacks in schools can no longer be considered ‘isolated incidents’...

GDPR and data security in the gambling industry

GDPR and data security in the gambling industry

This article first appeared in the Q3 edition of Casino & Gaming International  (CGi ) and appears here with their kind permission. As the implications of the General Data..

Pen testing: seeing both the wood and the trees

Pen testing: seeing both the wood and the trees

If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..

Cyber insurance may be null and void without ‘due care’

Cyber insurance may be null and void without ‘due care’

There is a worrying trend in the world of cyber safety. Many companies believe that cyber insurance will protect against any damage associated with a breach. It is vital..

Retained Forensics & Incident Response Service: how planning for the worst can add value to your business

Retained Forensics & Incident Response Service: how planning for the worst can add value to your business

By Paul Brennecker, Principal Security Consultant and Lead QSA Paul Brennecker gave a presentation at PCI London on 5th July 2018 and this article first appeared in that event’s..

The Industrial Revolution v4.1: with increased opportunity comes increased vulnerability

The Industrial Revolution v4.1: with increased opportunity comes increased vulnerability

If history teaches us one thing it is that there is no going back. It started with the First Industrial Revolution which used water and steam power to mechanise..

How phishing scams are getting schools into deep water

How phishing scams are getting schools into deep water

While many schools are concerned about the advent of the General Data Protection Regulation (GDPR) and what it means for the collection and holding of data, permissions and consent,..

Incident Response & Forensic Expertise Webinar – Would your business survive a cyber-attack or security breach?

Incident Response & Forensic Expertise Webinar – Would your business survive a cyber-attack or security breach?

As organisations endeavour to be as proactive as possible to protect themselves from a cyber attack or security incident, do you have access to the correct Incident Response expertise..

Wondering where DPA and GDPR overlap? The Yahoo! ruling by ICO can provide some clarity

Wondering where DPA and GDPR overlap? The Yahoo! ruling by ICO can provide some clarity

A recent investigation by the Information Commissioner’s Office (ICO) highlights an interesting aspect of the current system. Although the ruling against Yahoo! was announced on 12th June 2018, three..

The GDPR compliance fallacy

The GDPR compliance fallacy

There is a curious irony that the enactment of the General Data Protection Regulation (GDPR), drawn up to protect the rights of individuals and their right to online privacy,..

The A to E of cyber maturity

The A to E of cyber maturity

In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..

eDisclosure: some real life examples of the benefits of a Managed Service

eDisclosure: some real life examples of the benefits of a Managed Service

eDisclosure (sometimes known as eDiscovery) is a complex process. With automated tools available some opt to manage these in-house but, unless highly skilled and experienced personnel are involved in..

The key to GDPR is common sense

The key to GDPR is common sense

by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..

How PCI compliance puts you on course for GDPR

How PCI compliance puts you on course for GDPR

For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..

Webinar Wednesday 30th May 3pm: Incident Response & Forensic Expertise – would your business survive a cyber attack or security breach?

Webinar Wednesday 30th May 3pm: Incident Response & Forensic Expertise – would your business survive a cyber attack or security breach?

Register for the free SRM Incident Response and Forensic Expertise webinar here. As organisations endeavour to be as proactive as possible to protect themselves from a cyber attack or..

Business Continuity – what we can all learn from the NHS response to WannaCry

Business Continuity – what we can all learn from the NHS response to WannaCry

To be truly resilient against potential attacks, it is not enough to simply look at patching the last one, but to anticipate the next. When commenting on the news..

Three stages to building a robust defence against external threats

Three stages to building a robust defence against external threats

The news has been full of concerns that foreign powers are using state-sponsored hacking as a means to undermine the infrastructure of foreign powers. While it is irresponsible to..

Cyber resilience: it’s a board level issue

Cyber resilience: it’s a board level issue

The problem with cyber resilience is in the name. When it comes to managing the risk posed by potential hackers and the requirement for robust testing and defence protocols,..

How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacks

How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacks

The recent April 2018 Trustwave Global Security Report reveals new global trends in the world of cyber hacking; most notably a move away from smaller high volume point-of-sale (POS)..

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..

eDisclosure webinar: seven reasons why your firm should consider a managed service

eDisclosure webinar: seven reasons why your firm should consider a managed service

SRM is hosting a free eDisclosure webinar on Wednesday 18th April at 3pm. We find ourselves in an ever changing eDisclosure landscape. Join us for our upcoming webinar during..

Penetration testing: man vs machine

Penetration testing: man vs machine

We already know that the concept of thinking like a potential hacker is the basis of penetration testing. But merely thinking like a hacker is not enough. We must..

GDPR: 10 key issues facing UK higher education

GDPR: 10 key issues facing UK higher education

The world of higher education is about to be turned on its head. This is due to the imminent enactment of the General Data Protection Regulation (GDPR) which will..

How does GDPR differ from the UK Data Protection Bill (DPB)?

How does GDPR differ from the UK Data Protection Bill (DPB)?

Discussions with clients in recent months have revealed that there is some confusion over the General Data Protection Regulation (GDPR) and the new UK Data Protection Bill (DPB) which..

GDPR: 10 key issues facing UK retailers

GDPR: 10 key issues facing UK retailers

The law regarding personal data will change on 25th May 2018 when the EU General Data Protection Regulation (GDPR) comes into effect. Replacing the UK Data Protection Act 1998,..

The NIS Directive: who does it apply to and what will it mean?

The NIS Directive: who does it apply to and what will it mean?

May 2018 is a big month for cyber security. Not only will the EU General Data Protection Regulation (GDPR) come into effect but a new UK Data Protection Act..

Free live webinar: GDPR – the roles of manual and automated penetration testing

Free live webinar: GDPR – the roles of manual and automated penetration testing

15:00 – 15:45 Thursday 8th March 2018 Have you tested to check your GDPR compliance? A key aspect of GDPR compliance is demonstrating that your systems are secure. Penetration..

Cyber Security Breaches Survey 2018 – shows that size matters and that numbers never lie

Cyber Security Breaches Survey 2018 – shows that size matters and that numbers never lie

As with any statistical report, the numbers in the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018 provide a dizzying variety of analytical options. However,..

Coinhive attacks and how to prepare for the (almost) inevitable

Coinhive attacks and how to prepare for the (almost) inevitable

This week’s report that more than 5,000 websites, including that of the Information Commissioner’s Office (ICO) have been hacked, shows that it really can happen to anyone. Other affected..

GDPR compliance: key issues facing law firms

GDPR compliance: key issues facing law firms

GDPR compliance: key issues facing law firms Only 25 per cent of law firms consider themselves to be compliant with the forthcoming EU General Data Protection Regulation (GDPR) which..

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing.  How a responsive Test and Exercise strategy..

GDPR: the world will not stand still on 25th May 2018

GDPR: the world will not stand still on 25th May 2018

The 25th May 2018 is not an end date. Far from it. It marks the beginning of a new era in data protection but one that will continue to..

Are you ready for GDPR?

Are you ready for GDPR?

It is one thing knowing that the General Data Protection Regulation (GDPR) is coming and that compliance is mandatory from 25th May 2018. It is quite another to know exactly..

GDPR: a question of confidence

GDPR: a question of confidence

In a recent interview with SC Media, Amazon Web Services (AWS) Chief Information Security Officer (CISO) Stephen Schmidt explains how his organisation is set up for full General Data..

Gibson & Co launches eDisclosure service

Gibson & Co launches eDisclosure service

(left to right: Mark Nordstrom (SRM), Jane Gibson, James Hopper (SRM), Toby Gibson, Tom Fairfax (SRM), Alan Batey (SRM) (Press release 11/01/18) Leading North East litigation practice Gibson &..

The global growth of the eDisclosure market

The global growth of the eDisclosure market

The global eDisclosure market is forecast to rise from $6,000 million in 2016 to $13,000 million by 2023. Law firms across the world are therefore increasingly looking to develop..

Shipping news: how to manage a ransomware attack

Shipping news: how to manage a ransomware attack

Disproving the idea that there is no such thing as bad publicity, the shipping company Clarksons is doing its level best to limit the PR damage caused by a..

What is the password?

What is the password?

By Gerard Thompson, Information Security Consultant With over 3,500 MPs, lords and staff, being a computer security administrator in the Houses of Parliament must be a stressful job. They..

Law practices are prime targets for criminals

Law practices are prime targets for criminals

PWC’s 25th Annual Law Firms Survey found that 73 per cent of respondents had suffered a security incident in 2016. These ranged from insider threats to the phishing of..

UK research highlights the lack of Chief Data Officers at C-suite level

UK research highlights the lack of Chief Data Officers at C-suite level

Research by the data science and marketing services company Profusion has revealed that UK businesses are falling behind their European counterparts. The report highlights the lack of Chief Data..

Women in IT

Women in IT

SRM’s GDPR specialist Melanie Taylor explains some of the challenges faced by women trying to get into the world of IT ‘I don’t understand why a woman with a..

After GDPR, what will happen to ICO notification fees?

After GDPR, what will happen to ICO notification fees?

When the General Data Protection Regulation (GDPR) comes into effect in May next year it will not require organisations to notify the ICO about what data they hold or..

eDisclosure: the issues facing law firms and solicitors

eDisclosure: the issues facing law firms and solicitors

by Alan Batey Information Security Consultant and Forensic Investigator In today’s world, evidence in legal cases is sourced from the vast quantities of Electronically Stored Information (ESI) that exists..

Can Decision Cycles help us maintain the initiative in cyberspace?

Can Decision Cycles help us maintain the initiative in cyberspace?

As our world gets increasingly complex we must choose the levers we use to influence it with care. One way to look at this is through the lens of..

PCI SSC Europe Community Meeting: free one to one meetings with PCI DSS industry thought leaders

PCI SSC Europe Community Meeting: free one to one meetings with PCI DSS industry thought leaders

Delegates at the PCI SSC Europe Community Meeting in Barcelona this week will have a lot on their minds. Changes to compliance, the security of customer payment card data,..

What is Red Team engagement?

What is Red Team engagement?

By Andrew Linn, Principal Consultant The news this year has been full of high profile hacks on large organisations. These have included viral and ransomware attacks which have brought..

eDiscovery and eDisclosure: why, what, how and who?

eDiscovery and eDisclosure: why, what, how and who?

For many years the terms eDiscovery and eDisclosure have been used interchangeably. The general rule was that eDiscovery was a US term while eDisclosure was more commonly used in..

Win a free day’s consultancy: October offer to celebrate National Cyber Security Awareness Month (NCSAM)

Win a free day’s consultancy: October offer to celebrate National Cyber Security Awareness Month (NCSAM)

Security Risk Management is offering a free day’s consultancy in support of National Cyber Security Awareness Month. October may, for many, be associated with the ghouls and ghosts of..

PCI – Europe Community Meeting Barcelona 24 – 26 October 2017

PCI – Europe Community Meeting Barcelona 24 – 26 October 2017

James Hopper and Paul Brennecker of SRM will be attending the Europe Community Meeting in Barcelona 24th – 26th October. Organised by the Payment Card Industry Security Standards Council..

Client files on home computers must be encrypted

Client files on home computers must be encrypted

Barrister fined by ICO for data protection breach A recent ruling by the Information Commissioner’s Office highlights the responsibility of professionals to safeguard client data held on their home..

It’s not a question of if, but when

It’s not a question of if, but when

Why board level commitment is a vital part of cyber defence It is difficult to defend against an attacker who only needs to succeed once. Security systems might defend..

Today: new UK Data Protection Bill published

Today: new UK Data Protection Bill published

The new UK Data Protection Bill, published today, will come into force next May. As part of the multi-million pound National Cyber Security Strategy, the new legislation will effectively..

The Equifax breach and how it impacts the UK

The Equifax breach and how it impacts the UK

Cyberattacks do not recognise national boundaries, as the latest breach concerning the US credit rating firm Equifax proves. So although the company has now reported the breach of 143..

University CISOs face tough challenges in the next academic year

University CISOs face tough challenges in the next academic year

University Chief Information Security Officers (CISOs) have had a tough time lately. According to information acquired under the Freedom of Information Act by The Times newspaper, some of the..

US statistics warn of new trends in cybercrime: how a retained PFI can mitigate the risks

US statistics warn of new trends in cybercrime: how a retained PFI can mitigate the risks

Statistics provide useful evidence of the trends developing within the world of information security. Figures compiled from reported attacks in the United States for July 2017 give us a..

Government 2017 cyber security health check reveals many FTSE 350 companies are not prepared

Government 2017 cyber security health check reveals many FTSE 350 companies are not prepared

Monday’s Government survey of Britain’s FTSE 350 companies has revealed some worrying statistics. The report analyses how the boards of the UK’s largest businesses deal with cyber security and..

How poor data-stripping can expose organisations to Spear Phishing attacks

How poor data-stripping can expose organisations to Spear Phishing attacks

A survey for the BBC has discovered that poor data-stripping on websites leaves information in place which provides valuable intelligence for Spear Phishing attackers. By not removing key metadata,..

How US internet giants are tackling the issue of GDPR compliance

How US internet giants are tackling the issue of GDPR compliance

It is rare that anyone ever feels much sympathy towards the behemoths of the internet, Facebook and Google. But spare a thought for these giants when it comes to..

GoT2: What the Game of Thrones HBO ransom reveals about White Hat Hackers

GoT2: What the Game of Thrones HBO ransom reveals about White Hat Hackers

As Game of Thrones fans watch the unfolding drama in Westeros on their TV screens, corporations around the world are equally riveted by the now public battle for HBO’s..

Security by Design.. a little thought can save a great deal of expense!

Security by Design.. a little thought can save a great deal of expense!

Security consultants talk about “Security by design” … and to be fair, most of us believe in it! The trouble is that to much of society, it is at..

Summer holidays: don’t take your eye of the PCI DSS ball

Summer holidays: don’t take your eye of the PCI DSS ball

The summer months are traditionally a time when hard-working people take a break. Those left in the office can end up feeling over-stretched or less-motivated than normal. But it..

Game of Thrones: data theft and pen testing

Game of Thrones: data theft and pen testing

‘Hi to all mankind’. Thus began the email sent to journalists by hackers who have reportedly stolen 1.5TB of files and videos from entertainment giant HBO. What has made..

Network intrusions are on the increase: time to engage a Retained Forensics specialist

Network intrusions are on the increase: time to engage a Retained Forensics specialist

This month Visa has reported an increase in the number of network intrusions involving service providers. It also reports increases in re-breaches of merchant payment environments and skimming incidents..

Time running out for GDPR compliance

Time running out for GDPR compliance

Time is running out for UK businesses. By 25th May 2018 every business, charity and organisation needs to be ready for the General Data Protection Regulation (GDPR). Because from..

What does GDPR mean to SMEs?

What does GDPR mean to SMEs?

by Melanie Taylor, Information Security Consultant “With less than a year to the deadline for compliance with the General Data Protection Regulation, all companies should have assessed what they..

Not all publicity is good, especially when it comes to data breaches

Not all publicity is good, especially when it comes to data breaches

While most businesses are pleased to receive free publicity, spare a thought for Berkshire-based Boomerang Videos. Not only did the firm’s website suffer a cyber attack in 2014, but..

The new Data Protection Bill and GDPR

The new Data Protection Bill and GDPR

It’s official. It was widely expected that the EU data protection rules contained within the General Data Protection Regulation (GDPR) would be implemented by the UK, regardless of the..

NotPetya – does society need to start thinking differently?

NotPetya – does society need to start thinking differently?

Talking to a well-respected and hitherto successful businessman at an event recently, he mentioned the NotPetya malware attack and then dismissed it as  “another one of these spotty teenagers..

Phishing and GDPR compliance

Phishing and GDPR compliance

By Paul Brennecker, Principal Consultant, CISM | PCI QSA | PCI PFI | PCIP There is a saying that a chain is only as strong as its weakest link. This,..

Emerging Trend: Persistent JavaScript Ecommerce Malware

Emerging Trend: Persistent JavaScript Ecommerce Malware

Our analysts report another trend that Administrators should be aware of.  This is a JavaScript-based eCommerce malware that enables the malware to re-infect websites automatically upon incomplete removal.  It has..

Ransomware – Could it be you?….

Ransomware – Could it be you?….

Complacency has always been the enemy of safety; in today’s world, we are all vulnerable! The digital (cyber) environment may sometimes be opaque and difficult to understand, but it..

No breach too small – the ICO takes action against charities

No breach too small – the ICO takes action against charities

In December 2016 the Information Commissioner’s Office (ICO) fined a historical society £400 after a laptop containing personal data was stolen while a member of staff was working away..

Data protection – the gap widens across the Atlantic

Data protection – the gap widens across the Atlantic

Data protection is a global issue. Yet it is being approached in very different ways on either side of the Atlantic. While Europe and Britain will embrace the more..

A data breach damages more than your reputation

A data breach damages more than your reputation

Being known as the source of the largest data breach in history is probably not how Yahoo would like to be remembered. The reputations of eBay, Linkedin, MySpace, Talk..

How to protect your business from account data compromise (ADC)

How to protect your business from account data compromise (ADC)

The fact is that all too often the first someone knows that their system has been breached is when they receive a call from their acquiring bank. Someone has..

Does Open Source Code make programs more vulnerable?

Does Open Source Code make programs more vulnerable?

By Paul Brennecker, Senior Information Security Consultant & Principal QSA There is something of the Tim Berners-Lee about open source software. Unlike proprietary software, where the code is a jealously..

Prevention and cure: working out an information security budget

Prevention and cure: working out an information security budget

The Chancellor recently announced a £425 million government investment in the NHS over the next three years. While pundits speculate on what this will actually mean for our vital..

Does outsourcing card processing make you PCI compliant?

Does outsourcing card processing make you PCI compliant?

By Paul Brennecker, Senior Information Security Consultant & Principal QSA The Payment Card Industry Data Security Standard (PCI DSS) lists a number of myths relating to PCI compliance. One of..

Who’d want to be a University CISO?

Who’d want to be a University CISO?

Spare a thought for the University CISO: ‘As a group, CISOs live on a knife’s edge and do not sleep very well. They know that a breach is inevitable.’..

The uncertainty of Brexit, the certainty of GDPR and the responsibilities of the CISO

The uncertainty of Brexit, the certainty of GDPR and the responsibilities of the CISO

As Britain navigates its way through the choppy waters of Brexit, there is a great deal of uncertainty about exactly what form our new relationship with Europe will take...

QSA: new face in cyber crime investigation

QSA: new face in cyber crime investigation

There is a new face at the forefront of investigating cybercrime in the UK. Newcastle-based Security Risk Management has achieved another success for its SRM Academy Programme. With over..

The technology gap which leaves organisations vulnerable to attack

The technology gap which leaves organisations vulnerable to attack

While all of us are aware of the need to protect our organisation’s technology from potential threats and security breaches, few are fully aware of the gaps that exist..

If Brexit means Brexit, what does GDPR mean?

If Brexit means Brexit, what does GDPR mean?

Politicians do tend to favour soundbites and Theresa May is no exception. So when she said that “Brexit means Brexit” some nodded their heads as if this simple statement..

Calling in the Red Team: going above and beyond the vulnerability scan and penetration test

Calling in the Red Team: going above and beyond the vulnerability scan and penetration test

By Kane Cutler In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters..

The flaw in the plan: business continuity management

The flaw in the plan: business continuity management

When is a plan not a plan? When it is an out-of-date plan. The latest research from the industry-respected Ponemon Institute, reveals that 26 per cent of IT and..

GDPR: the impatient tiger

GDPR: the impatient tiger

  General Data Protection Regulation (GDPR) is an impatient tiger. That is, it has many more teeth and much less patience than its predecessor, the comparative kitten that is..

Do not wait until it’s too late – engage a PFI company now!

Do not wait until it’s too late – engage a PFI company now!

‘Do not wait until it’s too late – engage a PFI company now!’ That is the advice given by Jeremy King, International Director, PCI Security Standards Council in his closing..

Changes to the Issuer Identification Number (IIN) standard

Changes to the Issuer Identification Number (IIN) standard

The numbers on payment cards are going to become longer. This is because of changes which are being made to the international standard (ISO/IEC 7812) under which Issuer Identification..

What is an Incident Response Plan?

What is an Incident Response Plan?

Information security breaches can and do happen, even to the best prepared organisations. Every year, companies that have demonstrated ongoing PCI DSS compliance will still fall victim to an..

Hot water and PCI compliance

Hot water and PCI compliance

There are a lot of online registers for reputable tradesmen. Many of these provide contact details for reliable plumbers in any given area, together with ratings and personal recommendations...

What is the difference between a penetration test and a vulnerability scan?

What is the difference between a penetration test and a vulnerability scan?

  Penetration testing and vulnerability scanning are sometimes confused. After all, they sound as if they might do a similar job. But there are important differences. Also known as..

A Cautionary Christmas Tale

A Cautionary Christmas Tale

  ‘Twas the night before Christmas, and all through the house, Not an iPad was stirring, nor PC or Mouse;   The shopping had been done on the internet..

Grey Monday and the importance of the penetration test

Grey Monday and the importance of the penetration test

How a correctly-scoped penetration test will future-proof your organisation from real world cyber attacks. In the aftermath of Black Friday comes Grey Monday. The day of reckoning. Because although..

The Internet of Things and how your doorbell might just be attacking Amazon

The Internet of Things and how your doorbell might just be attacking Amazon

We hear a lot about the Internet of Things (IoT) on the web nowadays and the TV is full of adverts for Central heating systems that you can control..

How a CISO can exert influence at board level

How a CISO can exert influence at board level

Mike Tyson once said, “Everyone has a plan until they get punched in the mouth.” As he is perhaps best remembered for his infamous ear-biting antics, he is unlikely..

The buck stops here: advice for the new CISO on campus

The buck stops here: advice for the new CISO on campus

As Universities return for the beginning of a new academic year, never has the role of Chief Information Security Officers (CISO) been more important. Some will be continuing an..

VirtualCISO: the philosophy of product development

VirtualCISO: the philosophy of product development

The Dalai Lama said: ‘When you talk, you are only repeating what you already know. But if you listen, you may learn something new’. It is, of course, doubtful..

Multi Factor Authentication – why is this something that is so commonly misunderstood?

Multi Factor Authentication – why is this something that is so commonly misunderstood?

“The single biggest problem in communication is the illusion that it has taken place.” said George Bernard Shaw. This can be true in so many aspects of life and unfortunately,..

Promoting and Protecting your Identity on social media

Promoting and Protecting your Identity on social media

How much control is too much when it comes to social media? Organisations spend millions on their marketing campaigns in the hope and expectation of raising brand awareness and..

If the UK votes to leave the EU, will we still have to comply with GDPR?

If the UK votes to leave the EU, will we still have to comply with GDPR?

The 23rd June referendum is fast approaching and it is getting increasingly difficult to get simple answers to simple questions. As we think about how we will vote, just..

The Unreliability of Technology

The Unreliability of Technology

“Technology is so unreliable” is a phrase you often hear following something going wrong at a critical moment. One of the greatest misconceptions is that our day to day..

Up to £1,500 available to Scottish SMEs to develop Cyber Resilience

Up to £1,500 available to Scottish SMEs to develop Cyber Resilience

Businesses in Scotland can receive up to £1,500 to help develop their cyber security as part of a Cyber Resilience Programme. The Digital Scotland Business Excellence Partnership (DSBEP) has..

Home grown talent makes SRM European leader in cyber security

Home grown talent makes SRM European leader in cyber security

Newcastle-based Security Risk management (SRM) Ltd is addressing the national shortage of top level qualified cyber security consultants by employing individuals with potential and then providing training in house...

EU Cyber Security Directive on Essential Services

EU Cyber Security Directive on Essential Services

Whatever the result of the EU Referendum, there are some aspects of our relationship with Europe that are unlikely to change, as long as we continue to engage in..

What are the common failure points of repeat info-security assessments?

What are the common failure points of repeat info-security assessments?

  Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so..

Cyber Security Accountability Does Pay

Cyber Security Accountability Does Pay

Cybercrime in 2015 was nothing short of epic. No one could have anticipated headline news stories such as Sony Pictures Entertainment hacked by a group allegedly sponsored by North..

The Digital Economy

The Digital Economy

Decentralized cryptocurrencies and Dark Web cartels challenge the effectiveness of legislation, jurisdiction and law enforcement. This poses the question, when the economy is becoming more and more dependent on..

PCI DSS Version 3.2 is released today – so what has made it through to the final cut?

PCI DSS Version 3.2 is released today – so what has made it through to the final cut?

The eagerly anticipated update to the global Payment Card Industry Data Security Standard (PCI DSS) has been released today, Thursday April 28th 2016. This update to the standard has..

The Emerging Market of Cyber-crime as a Service

The Emerging Market of Cyber-crime as a Service

One of the greatest misconceptions about cyber-crime is that you need to be a computer geek to be a cyber-criminal. The truth is the cyber-crime industry is starting to..

Navigating the minefield of info-security compliance

Navigating the minefield of info-security compliance

A company trying to navigate the minefield of info-security compliance may think of it as a daunting task. On one side is PCI DSS and Data Protection while on..

The reputational benefits of being a Cyber Essentials UK company

The reputational benefits of being a Cyber Essentials UK company

Gaining Cyber Essentials certification protects a business’ reputation as well as its cash flow. With over £50 billion in annual online retail sales in the UK, it is becoming..

The real risk of ransomware

The real risk of ransomware

“We do not negotiate with terrorists” is a patriotic statement used by many countries. Does this notion still hold when you risk losing your data? The short answer is..

PCI DSS, Vulnerability Scans and the Trouble with SSL

PCI DSS, Vulnerability Scans and the Trouble with SSL

With the PCI Council set to release version 3.2 of the PCI DSS imminently, the subject of migration away from weak session encryption protocols is becoming a hot topic...

The Dark Web

The Dark Web

Search Engines like Google and Safari only have access to about 4% of the information on the web. The other 96% is what is referred to as the Deep..

Does Bitcoin threaten economic and business security?

Does Bitcoin threaten economic and business security?

Bitcoin is arguably the biggest shift in digital enterprise since the beginning of E-commerce – and has proved to have the potential to make even bigger changes to our..

Who are the cyber criminals – hackers or attackers?

Who are the cyber criminals – hackers or attackers?

There was a time – back in the halcyon days of the 1990s – when cyber criminals and cyber security was so much simpler. At that time, anti-virus software..

PCI DSS is a useful tool in GDPR compliance

PCI DSS is a useful tool in GDPR compliance

By Paul Brennecker, Principal QSA, PCI PFI, PCIP The countdown to European-wide data protection is on. But while some businesses will be anxious about how to ensure compliance with..

The penetration test – a test of faith?

The penetration test – a test of faith?

By Kane Cutler, PCI QSA, Tiger QSTM, CEH Although statistics show that skydiving is a relatively safe pastime, things do sometimes go wrong. Since 2004 653 people have lost..

Learning to love the new EU cyber security regulations

Learning to love the new EU cyber security regulations

2015 ended on a bombshell of legislative changes creating an air of unwelcome uncertainty for businesses. Yet, they need not be a cause for concern. The announcement of the..

Children’s web usage increases

Children’s web usage increases

by Michelle Ali Time spent online exceeds time spent watching TV -2016 Statistics on Children’s use of the Web The year 2015 was described by the research agency Childwise..

PCI Breach Trend Report September 2015 – January 2016

PCI Breach Trend Report September 2015 – January 2016

The period September 2015 – January 2016 is covered in this issue of SRM’s breach trend report which looks at businesses that had a requirement for a PFI investigation...

PCI Breach Trend Report June – August 2015

PCI Breach Trend Report June – August 2015

The period June – August 2015 is covered in this issue of SRM’s breach trend report which looks at businesses that had a requirement for a PFI investigation. The..

PBX fraud costing millions

PBX fraud costing millions

In spite of awareness of the enormous financial implications of PBX fraud since 2013, cases continue to come to light.  Police force cyber crime teams have recently been dealing..

Landmark US legal case to make cybersecurity specialists accountable

Landmark US legal case to make cybersecurity specialists accountable

In a landmark case, Affinity Gaming is seeking $100,000 in damages from its cybersecurity provider Trustwave over how the company allegedly handled a data security breach which cost the casino..

Kane Cutler: youngest PFI in the world

Kane Cutler: youngest PFI in the world

Newcastle-based Kane Cutler becomes youngest cybercrime expert drafted into exclusive Payment Card Industry investigation team Newcastle-based Kane Cutler has been accepted by the Payment Card Industry Security Standards Council..

Ransomware

Ransomware

As with any black hat related activity, innovations are always emerging to circumvent security and exploit vulnerabilities. Older forms of ransomware was mostly kept by specific groups of hackers that..

Cyber Security health tips for the New Year

Cyber Security health tips for the New Year

As New Year resolutions go, enhancing personal cyber security may not be as high on people’s lists as that resolution to take out a new gym membership or embark..

LinkedIn phishing scams

LinkedIn phishing scams

By Chris Ince, Information Security Consultant, Security Risk Management Ltd LinkedIn recruiting scams are not a new threat to most. Many users of the professional network face this ever..

Understanding the role of Chief Information Security Officer (CISO)

Understanding the role of Chief Information Security Officer (CISO)

Making a case for the VirtualCISO Few company directors have a deep knowledge of corporate law, or a detailed understanding of investment planning or tax implications. They employ offsite..

GDPR and the strengthening of individual data protection rights

GDPR and the strengthening of individual data protection rights

By Chris Ince, Information Security Consultant “The processing of personal data should be designed to serve mankind.” (Council of the European Union, 2015) On 8th December the European Parliament, Council..

The Weatherspoons Breach – and why you should ensure historic personal data is secured

The Weatherspoons Breach – and why you should ensure historic personal data is secured

By Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd   Last week we saw another significant breach of over 650,000 records of customers’ data from..

Security Awareness

Security Awareness

WHAT DOES GOOGLE KNOW ABOUT YOU? “Knowledge is Power” – well Google have taken this phrase to a whole new level. Google is one of the biggest driving forces..

Extra Security for Black Friday and Cyber Monday

Extra Security for Black Friday and Cyber Monday

As major retailers across the country announce the recruitment of additional security staff to safeguard shoppers on Black Friday, it is also time for online businesses to ramp up..

Magento Exploits – a technical review

Magento Exploits – a technical review

By Mustafa El-Jarrah Information Security Consultant, Security Risk Management Ltd Exploits appear in trends with the magnitude and duration of these trends exacerbated by the community edition download zip not..

Zen and the Art of PCI Maintenance

Zen and the Art of PCI Maintenance

By Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd “Is it hard?’ Not if you have the right attitudes. It’s having the right attitudes..

The TalkTalk Breach – A Lesson for Us All

The TalkTalk Breach – A Lesson for Us All

By Tom Fairfax, Managing Director, SRM Whilst everyone has a responsibility to manage their Cyber Security to the best of their ability, no-one is completely safe and despite their..

Email fraud – how to protect yourself from cyber criminals

Email fraud – how to protect yourself from cyber criminals

There have been a number of news reports in recent days about people erroneously transferring large sums of money to fraudsters who have intercepted their email traffic. In one..

Improving the odds

Improving the odds

Data security in the gambling industry by Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd Complying with the mandatory security regulations within the gambling industry may appear..

The Impact of the Safe Harbour Ruling

The Impact of the Safe Harbour Ruling

This week the European Court of Justice ruled that the transatlantic Safe Harbour agreement, which lets American companies use a single standard for consumer privacy and data storage in..

Small businesses represent ‘low hanging fruit’ for cyber criminals: indicators that you may have been compromised

Small businesses represent ‘low hanging fruit’ for cyber criminals: indicators that you may have been compromised

Small businesses are targeted deliberately by cyber criminals because they frequently lack effective defences or even the ability to detect an attack. But those who do not have adequate..

How to protect your data in free public WiFi hotspots

How to protect your data in free public WiFi hotspots

In an ‘ethical experiment’ conducted earlier this year, a primary school child hacked into a free public WiFi hub in just over ten minutes. The young hacker, a seven-year-old..

Online Training to Support Local Businesses to Use Superfast Broadband

Online Training to Support Local Businesses to Use Superfast Broadband

Local MP praises e-safety contract for iNorthumberland project As superfast broadband is rolled out across the region the iNorthumberland Business Support service has appointed Northumberland-based firm Security Risk Management..

FFA 2015 Annual Review Reveals UK Card fraud worth £479 million

FFA 2015 Annual Review Reveals UK Card fraud worth £479 million

by Brian Fenwick, Operations Director Financial Fraud Action UK (FFA UK) has published its 2015 Annual Review. The organisation, which is ‘responsible for leading the collective fight against fraud..

Ashley Madison and Morrisons: lessons learned

Ashley Madison and Morrisons: lessons learned

When a group calling itself the Impact Team decided to release all customer records, including profiles of the 37 million users of the adultery-themed dating site Ashley Madison, they..

27001:2013 An outline

27001:2013 An outline

Ian Armstrong briefly outlines the facts about the new ISMS standard 27001:2013 What is it? 27001:2013 27001:2013 is the updated information security management system (ISMS) standard which was published on..

The advantages of P2PE V2

The advantages of P2PE V2

by Paul Brennecker Merchants can enhance data protection and simplify compliance efforts by adopting the PCI-approved point-to-point (P2PE) Standard v 2. Simpler to adhere to than the original version,..

PCI-DSS Penetration Test Requirements

PCI-DSS Penetration Test Requirements

By Paul Brenneker Those who have had involvement with PCI Data Security Standards (PCI-DSS) will know that Penetration Testing has been mandatory since the PCI standard was first issued...

PCI Breach Trend Report June 2015

PCI Breach Trend Report June 2015

In the last twelve months, Security Risk Management (SRM) ltd has been contacted by over 65 companies legally required to seek assistance in securing data breaches. The largest number..

SRM delivers Managing Cyber Threat lecture to City lawyers

SRM delivers Managing Cyber Threat lecture to City lawyers

Last month, Tom Fairfax, Managing Director of Security Risk Management Ltd joined forces with Robert Newcombe, Barrister with Dere Street Barristers, to deliver a talk on Managing Cyber Threat...

Information Security Breach Report – 02 June 2015

Information Security Breach Report – 02 June 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Angler Exploit Kit Loads..

Smart TV vulnerability

Smart TV vulnerability

The simple television is a thing of the past. The Smart TVs of today have much more in common with devices like smart phones and tablets than with the..

Information Security Breach Report – 28 May 2015

Information Security Breach Report – 28 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Banks’ Cyber Risks Compounded..

Information Security Breach Report – 21 May 2015

Information Security Breach Report – 21 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: New Router Attack Displays..

Snapchat data scandal

Snapchat data scandal

by Michelle Ali This blog first appeared within the VE-SO Portal in March, as one of the regular updates for school E-Safety Officers. It now appears here for general information. The impact..

Information Security Breach Report – 11 May 2015

Information Security Breach Report – 11 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Newfoundland patient data breach..

Information Security Breach Report – 07 May 2015

Information Security Breach Report – 07 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: FireKeepers Casino investigates possible..

Information Security Breach Report – 06 May 2015

Information Security Breach Report – 06 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: CozyDuke hackers targeting prominent..

Information Security Breach Report – 27 April 2015

Information Security Breach Report – 27 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Tesla’s website has been..

Information Security Breach Report – 21 April 2015

Information Security Breach Report – 21 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Operation Pawn Storm on..

What does PCI DSS Version 3.1 mean to you?

What does PCI DSS Version 3.1 mean to you?

By Paul Brennecker, Principal QSA at Security Risk Management Ltd On Wednesday 15th April 2015 the PCI SSC (Payment Card Industry Security Standard Council) published the PCI DSS Version..

North East Cyber Security Cluster

North East Cyber Security Cluster

By Mustafa El-Jarrah, Information Security Support Consultant at Security Risk Management Ltd The North East Cyber Security Cluster was launched on the 12th February 2015 at the Digital Skills..

Information Security Breach Report – 13 April 2015

Information Security Breach Report – 13 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Lufthansa customers were targeted..

Why community intelligence modelling is vital when dealing with the ‘digital native’

Why community intelligence modelling is vital when dealing with the ‘digital native’

When it comes to e-safety, schools are faced with a conundrum: the vast majority of today’s school-age children could be termed ‘digital natives’ but those who are tasked with..

Five steps for an effective school e-safety policy

Five steps for an effective school e-safety policy

The Internet has brought unprecedented access to a world of learning opportunities. Yet, recent reports show that the widespread use of technology in education comes at a price. A..

Information Security Breach Report – 01 April 2015

Information Security Breach Report – 01 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Energy companies infected by..

Information Security Breach Report – 27 March 2015

Information Security Breach Report – 27 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Cisco Fixes DoS Vulnerabilities..

Lessons in War Series – The Role of Computer Forensics

Lessons in War Series – The Role of Computer Forensics

By Tom Fairfax Traditionally, computer forensic investigations are seen as reacting to historic incidents and understanding what went wrong retrospectively. But in the cyber world, forensic investigation is a..

Information Security Breach Report – 25 March 2015

Information Security Breach Report – 25 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: A Large Number of..

Doctrine or Dogma – will the Government hold its nerve?

Doctrine or Dogma – will the Government hold its nerve?

Government hates a policy vacuum. So, while CESG, the UK government’s National Technical Authority for Information Assurance, has brought about changes to the management of Internet Security within government..

Information Security Breach Report – 23 March 2015

Information Security Breach Report – 23 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Decoder of secret information..

Information Security Breach Report – 20 March 2015

Information Security Breach Report – 20 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Latest Dridex Campaign Evades..

Information Security Breach Report – 19 March 2015

Information Security Breach Report – 19 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Feds warned Premera about..

The Importance of Sustaining PCI DSS Compliance

The Importance of Sustaining PCI DSS Compliance

In 2015, the good news is that businesses are getting better at achieving full PCI compliance. In fact, fully compliant organisations rose from 11.1% in 2013 to 20% by..

Information Security Breach Report – 18 March 2015

Information Security Breach Report – 18 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Premera has been the..

Information Security Breach Report – 16 March 2015

Information Security Breach Report – 16 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: MongoDB tool vulnerable to..

Information Security Breach Report – 13 March 2015

Information Security Breach Report – 13 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: A new Facebook Worm..

Information Security Breach Report – 11 March 2015

Information Security Breach Report – 11 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Timing: The State Department..

Information Security Breach Report – 10 March 2015

Information Security Breach Report – 10 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: “Rowhammer” Flaw in DRAM..

Information Security Breach Report – 09 March 2015

Information Security Breach Report – 09 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: A critical flaw affecting..

Phishing attacks come in from all angles – sometimes when you least expect them…

Phishing attacks come in from all angles – sometimes when you least expect them…

As a fairly seasoned security professional, I’ve seen a few ingenious ways of trying to separate unsuspecting members of the public from their personal data. Everything from shoulder surfing..

Information Security Breach Report – 06 March 2015

Information Security Breach Report – 06 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: University of Limerick Hit..

Information Security Breach Report – 05 March 2015

Information Security Breach Report – 05 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: ShareLaTeX Fixes Remote Command..

Information Security Breach Report – 04 March 2015

Information Security Breach Report – 04 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Phishers target victims of..

Information Security Breach Report – 03 March 2015

Information Security Breach Report – 03 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: The top software exploit..

Information Security Breach Report – 23 February 2015

Information Security Breach Report – 23 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world. Breaches, Incidents and Alerts: BIND Security Update Fixes Server..

Retailer Breaches – Summary Report

Retailer Breaches – Summary Report

Retailer breach stories: Level 2 Retailer data breach – Barclaycard – www.barclaycard.co.uk/business/files/Level2_retailer_data_breach.pdf Shoe retailer Office warned on data breach – http://www.bbc.co.uk/news/technology-30896805 and http://www.computerweekly.com/news/2240238420/Information-Commissioners-Office-issues-warning-to-Office-shoe-retailer-over-data-breach Target data breach: Why UK business..

Information Security Breach Report – 19 February 2015

Information Security Breach Report – 19 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Meet Babar, a New..

Information Security Breach Report – 17 February 2015

Information Security Breach Report – 17 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world. Breaches, Incidents and Alerts: 16 million mobile devices hit..

Information Security Breach Report – 18 February 2015

Information Security Breach Report – 18 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: New detail emerges on..

Information Security Breach Report – 10 February 2015

Information Security Breach Report – 10 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Anthem warns US customers..

Information Security Breach Report – 12 February 2015

Information Security Breach Report – 12 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Anthem warns US customers..

Information Security Breach Report – 09 February 2015

Information Security Breach Report – 09 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: DDoS malware for Linux..

The UK Cyber Security Strategy – Update

The UK Cyber Security Strategy – Update

The latest document published by the Cabinet Office in relation to the UK Cyber Security Strategy provides an update of progress throughout 2014, and the plans moving forward in..

Why is agility a critical part of e-safety?

Why is agility a critical part of e-safety?

Last month dozens of images of British children were discovered on a Russian website used by paedophiles. Until they were tipped off, the parents of the children involved had..

Virtual E-Safety Officer to Safeguard Schools

Virtual E-Safety Officer to Safeguard Schools

Internet safety specialist Security Risk Management Limited (SRM) is today unveiling its bespoke on-line Virtual E-Safety Officer (VE-SO) portal for schools. The portal will provide access to resources and..

Top Ten Tips on how schools can keep students safe online

Top Ten Tips on how schools can keep students safe online

by Michelle Ali 1) Have a defined protocol to report and resolve incidents that have occurred With more and more students being more active on the internet, naturally the number..

Information Security Breach Report – 06 February 2015

Information Security Breach Report – 06 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Anthem: A Mere 8..

Cost of crime to business

Cost of crime to business

by Michael Dick, Director The opinions expressed in this blog are Michael’s own and not those of SRM. I was addicted to the Sopranos, the story of US gangsters,..

Information Security Breach Report – 05 February 2015

Information Security Breach Report – 05 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Anthem, America’s second biggest..

Information Security Breach Report – 04 February 2015

Information Security Breach Report – 04 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Information Disclosure Vulnerability Found..

Information Security Breach Report – 02 February 2015

Information Security Breach Report – 02 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.   Breaches, Incidents and Alerts: Hackers tapped into Syrian..