The building blocks to a career in cybersecurity
Forging a career in cybersecurity is like building a house. Starting with a solid foundation makes it easier to build the layers on top. Now that I am a client-facing consultant performing ISO 27001 gap analysis and internal audits, it’s clear to me how my previous role in application support gave me a grounding in […]
Here’s how to boost web security after Google HTTPS move
Security professionals will doubtless welcome Google’s decision to mark all HTTP pages as ‘not secure’ from next September onwards. Marketing executives who haven’t kept up to date with this web security issue might not feel so accommodating. But the announcement is a good opportunity for both groups to start a conversation. Otherwise, here’s what will […]
The answer’s in the question: risk assurance that’s ready-made for a regulator
Regulators and auditors expect us to have all kinds of controls in place to manage information security. Standards like ISO 27001 or frameworks like the CIS Controls are helpful guides for applying these controls, but they don’t ask questions in the same way a regulator or auditor would. Many organisations don’t catalogue the software and […]
Charities guide to better cybersecurity in 10 steps
Charities in Ireland face an increase in cybersecurity threats. Cybercrime incidents are increasing, and no-one is immune. Criminals have the means and the opportunity to target organisations for extortion, financial gain, or to steal valuable data. As the rate of attacks rises, so too are the costs to recover. As well as financial losses, a […]
Using ISO 27001 to guide your GDPR breach response plan
Among the many changes GDPR will usher in, one of the biggest for many organisations will be mandatory breach reporting. From May 25, all organisations holding personal data about European Union residents must disclose a breach if it is “likely to result in risk to personal data”. What’s more, organisations must report such breaches within […]
10 steps to better security awareness part 2: apply lessons learned
In the first part of this blog, we looked at how to develop an effective simulated phishing test. Now, we’re covering the five steps to ensure everyone in the organisation absorbs the right lessons from those exercises. As before, the advice is courtesy of David Prendergast, who has joined the BH Consulting team as a […]
Meeting the security skills gap (hint: don’t exclude half the potential workforce)
Getting skilled people into cybersecurity roles continues to be a challenge. In a Ponemon survey from earlier this year, security leaders said their biggest security concern for the coming year was a talent gap. Commenting at the time, Brian Honan wrote in the SANS newsletter that the best way to tackle a skills shortage is to […]
10 steps to better security awareness part 1: prep your phishing test
Last month, we blogged about how security awareness training can help to improve an organisation’s defences. Since then, there’s been more evidence showing just how lucrative phishing can be for attackers – and why it’s important to teach users to watch for it. In one recent simulation test, the security company Positive Technologies sent more […]
Ransomware reminders force focus on prevention and planning
Ransomware reared its ugly head again recently, with some stark reminders that it’s still a serious business risk. A household name suffered what seemed a major infection, while it emerged that many victims never get their data back. Last week, Boeing narrowly avoided a tailspin after a senior engineer alerted colleagues of a WannaCry infection. […]
Here’s how to get the most from a cybersecurity assessment
Would your organisation pass a cybersecurity assessment? Not one of 200 UK NHS trusts did, after the Department of Health checked them following the WannaCry ransomware outbreak. The NHS trusts’ complexity meant the assessments set a high bar. But for many SMEs, the assessments identify opportunities to improve, rather than obstacles to overcome. They show […]