Q4 2023 presented a complex security landscape with a mix of both positive and negative trends On the one hand, activity associated with larger ransomware-as-a-service (RaaS) operations, such as LOCKBIT and BLACKCAT, declined due to the success of major takedown operations. However, negative patterns also continued, like the ongoing focus of threat actors on the professional services industry.

AI chatbots such as OpenAI’s ChatGPT, Anthropic’s Claude, Meta AI and Google Gemini have already demonstrated their transformative potential for businesses, but they also present novel security threats that organisations can’t afford to ignore. In this blog post, we dig deep into ChatGPT security, outline how chatbots are being used to execute low sophistication attacks, phishing campaigns and other malicious activity, and share some key recommendations to help safeguard your business.

While the rise of ChatGPT and other AI chatbots has been hailed as a business game-changer, it is increasingly being seen as a critical security issue. Previously, we outlined the challenges created by ChatGPT and other forms of AI. In this blog post, we look at the growing threat from AI-associated cyber-attacks and discuss new guidance from the National Institute of Standards and Technology (NIST).

With so many cyber security priorities to balance, it isn’t always easy to know where to start. The mistake that many organisations make is to view threats originating from outside as their sole focus. However, with insider threats proving a persistent presence, this can often be a very costly oversight. This guide seeks to provide clarity on the different types of insider threats you need to be aware of and the controls and processes you can put in place to defend against them.

In this article, we outline likely threat landscape trends for 2024, based on what has been observed in 2023, and predict key areas of concern for the months ahead.

OWASP pen testing is the assessment of web applications to identify vulnerabilities outlined in the OWASP Top Ten. An OWASP pen test is designed to identify, safely exploit and help address these vulnerabilities so that risks can be mitigated before they are exploited by adversaries.

While it can serve as part of a security strategy, it also presents some challenges. In this blog post, we outline what automated pen testing is and compare its key benefits and risks with those of manual pen testing.

With NIST recently releasing an updated draft version of the framework, we outline the main proposed changes.

This plays a vital role in helping organisations mitigate cyber risk by shutting down vulnerabilities before they can be exploited maliciously. In this blog article, we outline what PTaaS is and how it can help you advance your cyber resilience.

Cyber security pen testing can vary widely, covering applications, wireless, network services and physical assets. These could include internal and external infrastructure testing, web or mobile application testing, API testing, cloud and network configuration reviews, social engineering and even physical security testing.