Can you trust your penetration testing company with your results, or are they inadvertently performing the initial reconnaissance for cyber criminals, with you picking up the bill to boot? Whether from an insider threat or remote access trojan, penetration testing (pen test) companies are an ideal target for cyber criminals…

Back in September I received an email claiming to be from the courier firm DPD and that an attempt to deliver a parcel was unsuccessful. In order to get the item redelivered I would need to reschedule the delivery and confirm the address details are correct. Unfortunately as there had…

As part of the cyber security awareness training for many organisations, the IT department simulates phishing emails via a third party service to help educate their users and report on who is more likely to click on a phishing email. Some of these third party phishing services are even free…

For over 20 years we have been on a never-ending cycle of being told that the software we use has bugs or security issues and that it has been fixed in an update or patch. But those updates have had a tendency of breaking something else, and the whole cycle…

Everything we do online is based on trust, we trust our email providers, our cloud services, our search engines, software developers and online stores. We give them personal and financial information, ranging from our pet’s names and first school, to our credit cards and bank details. So, as a result…

Targeted email attacks are an increasingly difficult problem to stop through technology alone, requiring both processes and people (via education) to effectively combat. …

Cybersecurity training in many organisations is seen as chore, a tick box exercise that needs to be done when we get time, maybe next week. Or it is mandatory, regardless of the deadlines you face, but mostly irrelevant to your role or to risks the organisation faces. …