Managing cybersecurity threats in food production and distribution
The food industry has never been at the top of cyber-attacks, but as food production and distribution becomes global, ‘threat actors see the world’s dependence on a well-established food supply chain as an opportunity to use malware, such as ransomware, as leverage to achieve their nefarious aims.’
Beat the breach! How to tackle the hidden risk in your unstructured data in 2022
In a recent virtual panel discussion hosted by BSI technology partner Exonar, Stephen Bowes, Global Practice Director, Data Management & Security Technologies at BSI joined Gareth Tranter, Head of Customer Success at Exonar and other experts to discuss measures organizations will need to consider to avoid data breaches.
The future of healthcare includes a cybersecurity journey that every patient will take. This journey will be a journey of availability.
The digital revolution in healthcare can only happen with equipment online and security. The ability for a patient care facility to “go back” to traditional medicine will disappear as those systems are retired and replaced. Or, to put it another way, once this digital journey starts, there is no going back.
Closed-circuit TV, traditionally know as CCTV, is now part of day-to-day life. They are along your street, and in your offices and homes. They are a symbol of safety for many, however a wave of malware targeted at CCTV cameras has brought to light cybersecurity concerns.
In this blog post, Isabel Forkin, Global Practice Lead – Cyber Lab and Emerging Technology at BSI, addresses CCTV as a possible attack vector focusing on the two cybersecurity principles: Secure by Design, and Secure by Default.
How to prevent a ransomware attack? A people-centric approach
Traditional legacy mail gateways; web filters, and antivirus software should be updated and running on all networks. But they alone cannot counter the ransomware threat. One key requirement of a successful email-based attack are people. In this blog we discuss a people-centric approach that organizations can take to prevent ransomware attacks.
Email has historically been the undisputed champion of ransomware attacks. Today, it is still the number one delivery method for an attack. But as business shift to cloud environment, so do emails and, so do attackers. Discover more about the role of email in ransomware attacks and how to keep your organization protected.
Returning to the Workplace - Respecting Employees’ Right to Privacy
The past 18 months have seen the transformation of nearly every aspect of our world. All organizations will have managed different challenges during the pandemic and as governments ease lockdowns, many businesses are planning for employees to return to the workplace. Collecting employee data is now a new concern that brings with it new regulations and important factors that need to be considered. In this blog post Conor Hogan addresses the impact of new data collection and privacy in a post-covid era.
BSI work with many companies operating in the utility sector and have seen first-hand the compliance challenges that have to be balanced when it comes to PCI DSS. From addressing call recording retention, using core legacy systems for processing payments, right through to challenges with network segmentation.
Read our latest blog to discover why PCI DSS is significant for the utilities sector and how to achieve compliance.
In this article, we look at how PCI DSS applies to the retail sector, one that has seen a truly transformative shift since March 2020, and identify the typical risksand challenges faced, as well as how to manage cyber resilience and compliance.
Blog Post: Returning to the office - A new Covid test to consider
Now as the world’s reliance on the advances of science paints a picture of success with ever increasing confidence of vaccine deployments, the days of individual and continual COVID testing for significant swathes of the population could be coming to a halt. Concurrently many businesses in countries where the vaccine deployments are at an advanced stage are now planning to return to the office, but does this introduce the need for a new type of COVID testing regime?
A new international standard has just been published aimed at certification bodies wanting to add auditing and certification of privacy information management systems to their capabilities. This blog post outlines why the standard came about and what it covers.
Most organizations that think they won't be targeted by a cyber-attack have already faced a breach – they just don't know it yet. Getting a penetration tester to attempt to breach a network is the ultimate test of defences and provides a clear picture of where and how a hacker could potentially gain access to the system.
Email Security: Cloud, phishing attacks, and people awareness
“Email isn’t going away anytime soon and the types of attacks on email are constantly evolving”. In this blog piece, Harshad Ravichand invites Matt Cooke from Proofpoint to discuss different aspects of email security. Focusing on organizations’ shift to cloud platforms such as Office 365 or Google Workplace due to the COVID-19 pandemic, Harshad and Matt discuss the latest attacks, challenges and steps organizations can apply to ensure their emails, accounts and ultimately people are safe.
The reality is probably a lot worse. “You don’t know what you don’t know”. Both in the fact that some organizations don’t have the right systems and procedures in place to identify information security breaches, and, for a lot of bad actors, being successful means not being found out.
With the advent of GDPR, came a real need to take 27001 and provide greater assurance to the organization, to our customers, to our clients that we have got the necessary controls in place. Not just to manage information in general, but specifically to look at and to concentrate on personal identifiable information that we’re either going to have to process or control.
To facilitate this additional assurance that organizations felt that they needed, ISO/IEC 27701 was created. So, what is it?
PCI DSS v4.0 – What do we know and what can we say with certainty?
John Hetherton, Global Practice Lead - PCI DSS
With more information on the PCI DSS v4.0 update gradually coming to light, it appears that the long-awaited update is getting further away not closer. This means that organizations will have a generous timeframe during which transition can occur.
So down to the question:
What do we know, and what can we say for certain about PCI DSS Version 4?
Should we stay (remote) or should we go (back on-site)
With the phrases of the year “You’re on mute!” combined with “Can you still hear me?” still fresh in our headsets, organizational resilience has been tested as much as our own sense of humour in the face of adversity. The question moving onwards to 2021 & beyond may well be, should we stay with remote consultancy or return to face to face? Greig Ferguson, Consultant, Cyber Risk and Advisory demonstrate the pro and cons of both.