As COVID-19 continued to spread, Governments announced lockdowns in response, and companies had to allow employees to work from home. As there was a drastic increase in workforces joining company networks from home, attackers likely ramped up their efforts to take advantage of the inadequate or loose security posture of the WFH environment. The rush to move to work from home environment left security loopholes and made businesses vulnerable. Employees using home network and public internet services to access their official resources added another set of security challenge.

(more…)

Databases have become increasingly sophisticated over the last decades. The relational database is the most common. This technology allows data to be viewed in dynamic ways based on the user’s or administrator’s needs. The most common language used to communicate with databases is Structured Query Language (SQL). SQL allows users to pass queries to database servers in real time. This flexibility causes a major vulnerability when it isn’t securely implemented. Don’t confuse the language SQL with Microsoft’s database product SQL Server, though, like most databases, SQL Server uses Structured Query Language.

(more…)

It didn’t take long for cyber criminals to say ‘Happy New Year’ to 2019 as the first data breach announcement came on January 2 by Blur, a password management company, that had an unsecured server exposing a file containing 2.4 million user names, email addresses and other information.

While 2018 hit record-setting numbers as to the number of data breaches and consumer records exposed, 2019 was on pace as of mid-year to be the worst year ever, according to a report by Risk Based Security

(more…)

The scope of this Guide could be very large and unwieldy, so it has been refined to focus on key areas, thereby excluding some important cyber security topics (but certainly not all), such as:

• Cyber security incident response, which is covered in a separate CREST guide • In-depth analysis of fields in event logs, as these are well covered in the CPNI/Context report entitled Effective Cyber Security Log Management
• Deep technical analytical tools and techniques, typically used by commercial cyber security monitoring and logging experts
• Cyber security insurance.

(more…)

This guide has been produced to help small businesses protect themselves from the most common cyber attacks. If you’re a small or medium-sized enterprise (SME) then there’s around a 1 in 2 chance that you’ll experience a cyber security breach. For micro / small businesses, that could result in costs of around £900.

Following the advice in this guide will significantly increase your protection from the most common types of cybercrime. The 5 topics covered are easy to understand and cost little to implement.

(more…)