Over the past few years there’s been an explosion in demand for penetration testing services. What was once seen a service only needed by larger enterprises is now more affordable than ever and used by SMEs and startups. This increase in adoption is partly down to pen testing being an all-round useful cyber control, but it’s also driven by compliance.
Get a real-world test of your security maturity with a red team test Learn more about red teaming.
We asked a Bulletproof expert ‘Can you cheat Cyber Essentials?’ along with other hotly debated compliance questions, to see what he really thinks. Read what he has to say or watch the video. This is part of our Candid Chats series, where we ask the awkward questions.
Many businesses still think of cyber security as an IT function - it’s one of the most enduring myths we face in the industry. This is bad news. Cyber security is not just an IT problem: it is a business problem. Cyber security is risk, and risk is a business issue. Cyber is so much more than a collection of IT controls, yet it’s an uphill battle to get it seen as anything else.
Despite the GDPR routinely (and wrongly) being seen as an encumbrance, many of its requirements make sense for sound business and management reasons. For example, the requirement to maintain Records of Processing Activities (RoPA) under Article 30 can reduce time needed from business analysts when scoping projects. Data Protection Impact Assessments (DPIAs), reduce time misspent on projects which are not appropriate, legally viable, or necessary.
Ultimately, you’ll reduce the risk of data breaches over time when you implement and maintain an effective information security management system.
The business risk of a cyber attack is never going away, as cyber criminals continue to develop more innovative ways to access your data. At the same time, organisations have increasing compliance burdens placed on them, such as ISO 27001, Cyber Essentials, and ad hoc information security requirements. This means businesses are under more pressure than ever to set a strong security strategy and, crucially, stick to it.
This blog is based on insight from our 2023 State of Cyber Security report. This month sees GDPR celebrate its 5th birthday, and during that time it’s stayed more-or-less the same. With unchanging rules and half a decade of time to get data protection things in order, you might think that the need for GDPR consultancy is dwindling. However, as we showed in our 2023 State of Cyber Security report, that’s sadly not the case.
Cyber Essentials, often just called CE, has been around for nearly a whole decade, and it’s still as popular as ever. The trick to its endurance is the yearly changes that keep it relevant. IASME, the governing body who work with the National Cyber Security Centre (NCSC) to maintain the standard, typically update Cyber Essentials every April, give or take a month, and 2023 is no different.
Being untraceable, untouchable, and ungovernable is a key part of the myth and mystique of ‘hackers’. Sure enough, the ability to hide has always been a central part of the hackers’ MO in both the physical and digital world. At Bulletproof, we’re no strangers to the insidious nature of hackers.
