Can you identify phishing when your psychology is being hacked?
Welcome to this week’s Security Spotlight, where we shine a light on:
New Q&A | Meet the Hacker: How Simulated Phishing Addresses Your Biggest Security Risk
The insider threat – like staff falling for phishing – remains organisations’ biggest security risk.
To quote penetration tester Hilmi Tin:
One thing I’ve come to realise is that everyone can identify a phishing email.
But people don’t truly understand that attackers are exploiting our psychology, taking advantage of the fact we’re curious, or making clever use of fear factors.
This is why real-world exercises like simulated phishing are so vital.
Hilmi gives us real-life phishing examples, explains how to recognise a phishing attack, and elaborates on the value of social engineering penetration tests.
Q&A | Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers
Penetration testers identify weaknesses in an organisation’s defences before a criminal hacker exploits them.
They use the same methods as malicious actors, but with the crucial difference of operating within the law and not misusing any information they uncover.
But how exactly does ethical hacking work? And what type of penetration test do you need?
Senior penetration tester Leon Teale explains.
Q&A | Boost Your Security Posture With Objective-Based Penetration Testing
To maximise value from your security investments, your measures must be effective.
Penetration testing offers a vital tool to show your measures are effective – and proves it to stakeholders like customers, partners and regulators.
This Q&A with our head of security testing, James Pickard, covers:
Q&A update | Cyber Essentials vs ISO 27001: Key Differences
With so many ‘best-practice’ frameworks available, how do you choose the right one for you?
Cyber security advisor Ashley Brett explains two popular options: Cyber Essentials and ISO 27001.
He covers:
New Q&A | GDPR: When and How to Use Legitimate Interests
Under the GDPR, lawful processing of personal data is only possible where you have a valid legal basis for the processing activity in question.
The Regulation outlines six lawful bases, with legitimate interest being the most flexible.
But what exactly is a ‘legitimate interest’? And when can you rely on it?
Data privacy lawyer Kirsten Craig explains.
Free green paper | Implementing an ISMS – The nine-step approach
Good information security is about addressing the risks specific to your organisation without compromising your business objectives.
So, take an approach that’s both strategic and operational.
An ISMS – preferably aligned with ISO 27001 – takes a systematic approach to managing confidential information so that it remains secure.
Learn our 9-step approach to implementation, which we’ve used to help 800+ organisations around the world achieve ISO 27001 compliance.
Free green paper | Penetration Testing and ISO 27001 – Securing your ISMS
As part of your ISO 27001 risk assessment, you must identify security risks within your ISMS scope.
This free green paper explains how you can do this through penetration testing.
Coming up
Free webinar | The Critical Role of a DPO: Why Outsourcing is the Smart Choice
Tuesday, 28 January 2025, 3:00 – 4:00 pm (GMT)
As data protection regulations become more stringent, the DPO role under the GDPR is more critical than ever.
This webinar, led by Dr Loredana Tassone and Natalie Whitney, will explore:
How we can help
Speak to an information security expert
With 20+ years’ experience in information security, we understand risk management.
Our experts have implemented information security programmes for hundreds of organisations across a multitude of industries in both the private and public sectors.
New to the world of information security and need advice on how to get started?
Or updating an existing information security programme?
Our experts are here to help.