In the past, organisations traditionally stored their data, applications, and resources in on-premises servers located in their building and typically managed by an in-house IT team. However, the modern work landscape has changed significantly, many businesses now prefer to migrate their IT infrastructure from on-premises to servers that are hosted and accessed through the internet, also known as ‘The Cloud’.

Having a well-defined approach to managing a wide range of cyber risks is crucial for organisations cyber resilience, regardless of their size. The objective of any cyber resilience strategy is to effectively prepare for, respond to, and swiftly recover from cyber risks, enabling businesses to maintain their operations with minimal disruption to workflow and processes.

On the 31st of May 2023 a public warning was issued by MOVEit, regarding a critical SQL injection vulnerability found in in their systems. This vulnerability allowed malicious actors to gain access to the database. The flaw, known as CVE-2023-34362, was identified on the 2nd of June, but it had already been exploited four days before the alert. By the end of May, approximately 2,500 instances of MOVEit file transfers were discovered to be exposed online, primarily in the United States.

A disaster recovery plan (DPR) is essentially a roadmap designed to manage the disruptions of an unforeseen incident (such as a data breach or ransomware attack). Many small businesses may not see the value in establishing a disaster recovery plan until it’s too late, leaving their data and their client’s data at severe risk. The likelihood of your business experiencing a cyber-attack is higher than you might think.

Experts from around the globe gathered at the RSA Conference 2023 in San Francisco, and shared what they are predicting to be the 5 most dangerous cyber security threats impacting organisations today. The panel consisted of four respected SANS analyst experts, invited to explore the latest Tactics, Techniques and Procedures (TTP’s) of modern adversaries, and empower organisations with the correct detection and defence advice.

The report informs government policy on cyber security whilst educating organisations on current threats, and how they can best protect themselves from attacks. This year’s report explores the policies, processes and approaches of modern cyber security, alongside the different cyber attacks and crimes that businesses, charities and educational institutions are facing.

Not long after impressing Microsoft 365 customers with the recent Microsoft 365 Copilot announcement, Microsoft have launched another AI-powered Copilot product. This time with a whole new set of possibilities – introducing Microsoft Security Copilot.

It seems that Chatbots are now embedded into every digital solution at our disposal, but despite the simplicity and ease this tool provides, cyber security concerns have been raised over the AI’s ability to spread misinformation, aid hackers in developing malware and even present sensitive data leak threats.

This month, the NCSC and its Cyber Essentials delivery partner IASME will update the technical requirements for the 2023 Cyber Essentials scheme. These changes come as part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats. Changes come into play on 24th April 2023, and as stated on their website, these modifications will cover a variety of key areas.

IBM have just released their coveted X-Force Threat Intelligence Index 2023 report, tracking new, existing and evolving threat insights, discovered over the last year. This in-depth, 58-page report explores threat actor’s exploitation of the after-effects of a global pandemic, and the turmoil caused by conflict between Russia and Ukraine, as IBM states “creating exactly the kind of chaos in which cybercriminals thrive. And thrive they did.”.