Mastering Cyber Risk Management
Cyber risk reporting is still in its infancy for many organisations, meaning CISOs lack the necessary tools needed to make business exposure to risk and business value tangible when communicating to the board. The static reports that are the most common output of cyber risk assessments provide limited visibility into where cyber risks are and […]
Innovate Your Hybrid Workplace: Identity Management (Part 2 of JML Workshop)
The adoption of the hybrid workplace, accelerated by the global pandemic, has more than doubled in the past year resulting in a long-term shift in how people work and operate daily. Whilst digital transformation has enabled businesses to meet new requirements and improve internal processes, it has also brought with it new levels of cyber […]
Not all assets and data are created equal – the critical first step in risk management
Today’s accelerated digital world is exposed to expanding threat vectors however, protecting everything equally is not an option. A crucial question that must be answered at the start of planning any effective cyber security strategy is: ‘What exactly do we value and need to keep secure?’ Rising threat landscape vs organisational preparedness Data breaches big […]
Managing cyber security maturity and business risk within local government
As public councils embark on and continue their digital transformation journey, there is a growing need to counter the risk of a breach by taking the maturity of cyber security practices from a state of reactive, to proactive, and even to predictive. Healthy cyber security is key to the efficient and productive running of every […]
FORCEDENTRY ZERO-DAY VULNERABILITY
Priority: Critical Executive Summary: Citizen Lab has discovered a zero-day zero click exploit against Apple’s iMessage. The exploit tracked as ForcedEntry, CVE-2021-30860 was identified by Citizen Lab and immediately reported to Apple who released a fix to patch all OS, iOS and watchOS devices. Citizen Lab claims that a Saudi activist was infected with the […]
MICROSOFT MSHTML ZERO-DAY VULNERABILITY
Priority: Critical Executive Summary: Microsoft has reported a zero-day vulnerability in MSHTML affecting Microsoft Windows, targeting users to download a malicious Microsoft Office document. A proof-of-concept has been released to the public with Microsoft advising administrators to enforce a workaround until an official Microsoft patch is released. This is being tracked as CVE-2021-40444. The vulnerability […]
Four cyber security trends to watch
The COVID-19 pandemic has in many ways unleashed a new set of complexities and accelerated existing challenges for organisations globally. In this blog, I explore four cyber security trends leaders should bear in mind when managing cyber risk. Expanding cyber attack surfaces and the new security perimeter As we have all witnessed, the pandemic has […]
ITC Secure joins the Microsoft Partner Pledge
ITC Secure joins the Microsoft Partner Pledge to drive an inclusive and sustainable digital future ITC Secure (ITC) is proud to announce that it has signed the Microsoft Partner Pledge, a UK-wide initiative to help prepare for challenges of the future. The pledge demonstrates collective commitment by Microsoft partners to the values and priorities that […]
Leadership: Bridging the Gap
In this article Glenn Fitton, ITC’s Head of Cyber Advisory and CISO, explores the influence of leadership, why there is no “silver-bullet” for information security and the simple things organisations can do to better their security. Glenn has represented information security at a senior level for several organisations across numerous complex industries including construction, FMCG, […]
KASEYA REVIL RANSOMWARE EXPLOIT
Priority: Critical Executive Summary: The Kaseya VSA IT management and patching platform has been compromised and used by Russia-based “ransomware-as-a-service” group REvil (aka Sodinokibi and Sodin) to distribute a malicious powershell script to disable Microsoft Defender on the targeted host and execute the REvil encryption tool, rendering the host inoperable. A ransom, reportedly of up […]