LRQA Nettitude Blog

Businesses of all sizes are vulnerable to cyber threats, from data breaches to cyber attacks. The consequences of a security breach can be devastating, resulting in the loss of sensitive data, reputational damage, and even legal implications. To minimise the risk of such incidents, organisations need to take a proactive approach to their cybersecurity strategy. One way to do this is through threat modelling.

Deception technology is a simple but effective method of active defence which builds upon the concept of honeypots, a sacrificial system intended to attract cyberattacks.

A data breach could take over 100 days to be spotted. An additional 60 days may be needed to recover from it. However, you can recover from a breach within 30 days with a recovery plan, saving you resources. Your recovery team’s swift reaction to any signs of a data breach will help you recover as soon as possible.

As the use of technology in the workplace continues to grow, so does the importance of cybersecurity. Large corporations are frequently targeted by hackers, but smaller enterprises may be even more appealing targets as they may not be able to devote as much attention to setting up cybersecurity protocols and are thus simpler to breach. Despite the increasing awareness of cybersecurity threats, many employees still do not take the necessary precautions to protect their data and devices.

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) was released at the end of March 2022. At the time of writing, we now have less than one year until the previous version, 3.2.1, is retired and can no longer be used for new assessments.

If you've ever taken a credit card as payment for anything, then you've probably heard of the Payment Card Industry Data Security Standard (PCI DSS). This defines a set of requirements for merchants and service providers to protect their customers' payment card data. The importance of PCI DSS lies in the fact that it helps to protect sensitive data which could have huge ramifications should it fall into the wrong hands. This includes information such as credit card numbers, names, addresses, and other personally identifiable information.

A social engineering attack refers to any type of attack where deception, manipulation or coercion is used to elicit information or access from a person for their own purposes. Social engineering refers to any technique used by a threat actor that focuses on people and process, rather than on technology. The most common form of social engineering attack is a phishing email that tricks victims into giving up personal information such as passwords and credit card details. Phishing often masquerades as an official corporate email from an organisation's CEO or another trusted person within the company.

The Security Excellence Awards 2023, hosted by Computing, are a prestigious event that recognises outstanding achievements in cybersecurity. These awards celebrate individuals and companies that have demonstrated excellence, including the Rising Star category, which highlights emerging talents in the industry. This category shines a spotlight on individuals who have shown exceptional skills, dedication, and innovation in their roles and have the potential to become future leaders in the cybersecurity field.

We are delighted that among the nominees for the Rising Star category are two Nettitude colleagues Matthew Saunders and Chloe Sharp. Learn more about Matthew and Chloe below.

When it comes to cybersecurity, one of the most important things you can do is test your system for vulnerabilities. Cybersecurity testing ensures you have all the necessary security measures in place and that they are functioning correctly. There are many ways to test the security of a system. Some are more thorough than others, and some take longer to complete. 

Despite the numerous messaging apps available, email remains the most used method of formal communication. This is because email is still associated with professionalism. However, as emails are preferred among businesses, this also makes them an ideal target for cybercriminals. 

Most data breaches occur for an economic reason—the attacker hopes to profit from the information they gain access to. Emails contain a lot of personal information already and can also be used to access other vital systems. This makes them an ideal entry point for hackers with varying motives.