News

Bridewell Strengthens Core Portfolio with Modern Workplace and Security Partnership

The advances in technology since then can now allow an attacker to achieve wide reaching consequences without having to be physically present at the target. The combination of cyber-attacks and physical attacks place even greater demand on security professionals to manage the risk.
When the September 11 attacks were carried out, terror groups had a minimal online presence. Changes in technology have allowed these groups to embrace the anonymity the internet can provide to further their activity.

Since GDPR came in there have been a few changes in the cyber landscape and one significant change is the rise of ransomware. It is simply everywhere. When you first look you may be forgiven for thinking that it is particularly prevalent in the USA. And yes, that is partly true, but the reason for that is that by US law, a company must declare when they have had a data breach. Since 2002, the US Data Breach Notification Laws state that a company has 10 days to notify the authorities of a data breach. That, from a mapping point of view, is what makes the US look like a hotspot.

The construction industry may not appear to be an obvious target for cybercrime. The industry has an image of being a physical world industry with no connections to the digital one. If only that was true. The construction industry is being sought out by threat actors as the next easy target. In 2020 the average cost of the data breach within the construction industry was $4.99 million US dollars.

Malware is an ever-present but constantly changing threat in the cyber security world.

Good news followed the weekend, as the European Commission approved plans to recognise the United Kingdom’s data protection regime as ‘adequate’.

Ransomware incidents continue to feature in the international as well as IT industry press, with recent high profile victims being JBS Foods, Fujifilm, Colonial Pipeline, Ireland’s Health Service Executive, and AXA Insurance. Less well publicised are the many smaller organisations that are held to cyber ransom.

“There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.”
This aphorism is generally accepted within the information security and wider risk management industries as being true.
If we accept that this is the case, then it is logical that we should prepare our companies for cyber-attacks, not only for the breach itself but also how they should respond.

In the early stages of an ongoing incident, after an organisation has identified an issue, a cyber security incident response team (CSIRT) will know very little about the task at hand and they will need to quickly establish the scope of an investigation.

When the pandemic struck in 2020 and the world was told to “Stay at Home, Protect the NHS & Save Lives”, everybody complied, and life was put on hold for 3 months. Little did we know!
Everyone was asked to “work from home, if at all possible” and this impacted most businesses with many sadly closing for the final time.

A zero-trust security model simply assumes one thing. You trust no-one and no device. Putting a little more context into this, we have three principles.

As we have now moved into Q2 we have already seen the continued trend in the media of companies that have become victim to Ransomware,

Featuring Martin Riley, Director of Managed Security Service, at Bridewell Consulting. Martin Riley explains why raising the drawbridge to a cyber-attack isn’t enough on its