Security often feels like an uphill battle. Let’s say your organisation has done the basics – you’ve got Cyber Essentials certification, and also started regular penetration testing. Firstly, congratulations – you’re well on your way to stopping the majority of opportunistic attacks. But after the pen test comes the report, and for business who aren’t prepared, a whole new problem emerges: how do you tackle the remediations effectively?

Every business that collects personal data via a website, app, or even via the phone/post will find that they need the skills and expertise of a Data Protection Officer at some point to ensure safe and confidential data processing. But what is a DPO exactly? Do you really need one? And what if you don’t want to hire someone full time? Read on to find out more about the roles and responsibilities of the DPO and when to hire one to secure your data.

Information security is a major concern for many businesses for two reasons. Firstly is persistent threat of cyber attacks and data breaches. That’s why strong information security is a requirement to ensure the security of business and personal data. Secondly, it’s a key business enabler, with a push in recent times for all parts of a supply chain to become ISO 27001 certified.

In October 2022, ISO 27001 introduced new changes. The internationally recognised standard on how to manage your information security was first launched in 2005 and underwent its last update in 2013. Since then, new technologies have emerged to dominate the business landscape, such as cloud computing, which has brought new security challenges. It’s estimated that global cybercrime is expected to grow by 15% per year, totaling a staggering $10.5 trillion by 2025.

Recently, Bulletproof’s pen testers participated in the Hack the Box Business CTF 2022 competition. This was a global InfoSec contest that pitted cyber security teams against one another in a series of hacking challenges, based on real-world vulnerabilities. There were 8 categories which included challenges of varying skill levels for teams to apply their hacking expertise to ‘capture the flag’.

Articles 13 and 14 of the GDPR state that information must be provided where personal data has been obtained directly from a data subject, or where personal data has not been collected directly from the data subject, respectively.

On 15th July 2022, a team of Bulletproof penetration testers took part in the online Hack the Box Business CTF competition. The CTF (Capture the Flag) event consisted of almost 3000 participants, with each player putting their ethical hacking expertise to use in a number of challenges. There were also prizes up for grabs for the top three teams on the leaderboard. This was the first year Bulletproof entered the competition and we look forward to competing in next year’s event.

As the leading international standard on information security management, ISO 27001 is an important certification for businesses and is increasingly being demanded by customers as part of their supply chain management. With its standardised processes and reputational status, ISO 27001 shows interested third parties and prospective clients that you take the confidentiality, integrity and availability of their data seriously.

In 2018, the implementation of the GDPR signalled a seismic shift in how businesses target, collect and store personal data. As individuals entrust businesses with their personal data more than ever before, the GDPR has ensured that the right to privacy for individuals is protected through its regulation. Not since the result of Brexit, and the GDPR ceasing to protect the rights and freedoms of UK Citizens (since 1st Jan 2021), has there been significant changes to the GDPR.

Businesses that incorporate Internet of Things (IoT) into their daily operations have rarely, if ever, had access to so many resources to help improve your customer reach, collect more personal data and reduce your internal operational expenses due to IoT automation. IoT devices are ubiquitous, and as technology advances, so does the invention and use of connected devices within workplaces and our homes.